Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-4337

EJBCA client toolbox PKCS11HSMKeyTool generate command should not overwrite existing keys

    Details

      Description

      The current behaviour (in EJBCA 6.3.2 and lower) for the EJBCA client toolbox command PKCS11HSMKeyTool generate, which creates a new key in HSM, is to overwrite the existing key (if it exists under the same provided name) without any warning, notice, or prompting.

      This can have rather undesired effect if the generate command for database protection key is accidentally re-run after the key ceremony (in case where the command is still in history).

      It would be much safer to have the command fail if the key with the same name already exists. If it is necessary to allow forcing the key overwrite, a new option should be added (let's say --force), and this option should also print out a warning in case the key just got overwritten.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                ulf_undmark Ulf Undmark
                Reporter:
                chris Chris Job
                Verified by:
                Henrik Sunmark
              • Votes:
                1 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 2 hours
                  2h
                  Remaining:
                  Time Spent - 15 minutes Remaining Estimate - 1 hour, 45 minutes
                  1h 45m
                  Logged:
                  Time Spent - 15 minutes Remaining Estimate - 1 hour, 45 minutes
                  15m