Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-5175

Support for delegated key pair generation

    XMLWordPrintable

    Details

    • Type: Epic
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None
    • Epic Name:
      Support for delegated key pair generation
    • Issue discovered during:
      Another issue
    • Sprint:
      6.9.0 Sprint 3

      Description

      Delegated key pair generation

      • offloads the CA service provider
      • allows peer RA machines to keep escrowed keys "in house" while connected to an external CA service provider

      The goal would be to allow a key pair generation (and optional escrow) to take place where this is authorized.

      The RA in this case should not blindly trust the CA, so the CA could fool the RA into sending private keys upstream unless this is desired.

        Attachments

        1. delegated_key_get_v000.dia
          4 kB
        2. delegated_key_get_v000.png
          delegated_key_get_v000.png
          77 kB
        3. IMG_20170403_125724.jpg
          IMG_20170403_125724.jpg
          103 kB
        4. IMG_8956.JPG
          IMG_8956.JPG
          1.67 MB
        5. IMG_0879.JPG
          IMG_0879.JPG
          1.46 MB
        6. IMG_3271.JPG
          IMG_3271.JPG
          1.83 MB
        7. IMG_20170425_140106.jpg
          IMG_20170425_140106.jpg
          2.44 MB
        8. IMG_5600.JPG
          IMG_5600.JPG
          1.66 MB
        9. flowchart
          3 kB
        10. flowchart.png
          flowchart.png
          82 kB
        11. Flowchart for Key Revovery
          3 kB
        12. Flowchart for Key Revovery.png
          Flowchart for Key Revovery.png
          76 kB

          Issue Links

          is blocked by

          New Feature - A new feature of the product, which has yet to be developed. ECA-5286 Make CA based Key recovery possible on RA

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. ECA-5817 RaMasterApi with outgoing upstream connection from RA

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. ECA-5987 Make it possible to mark certificate for recovery using local key generation

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. ECA-5954 Add system config option for local key generation

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. ECA-5956 Encrypt keypair for key recovery using a selectable crypto token, for local key generation

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. ECA-5957 Ability to request key recovery from RA Web

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. ECA-5983 Document delegated key recovery

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

          Improvement - An improvement or enhancement to an existing feature or task. ECA-6028 System test for delegated key generation

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          is related to

          Bug - A problem which impairs or prevents the functions of the product. ECA-5978 RA enrollment with requestid doesn't authenticate password with reusecert = true

          • Major - Major loss of function.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. ECA-6012 Key recovery flag not reset on rejected approval using local key generation

          • Major - Major loss of function.
          • Closed

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. ECA-4895 RA users will be able to request server side generated keystores

          • Major - Major loss of function.
          • Closed

          New Feature - A new feature of the product, which has yet to be developed. ECA-6019 Add EjbcaWS support for key recovery with local key pair generation

          • Major - Major loss of function.
          • Closed
          relates

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. ECA-5171 EE self service: Public RA user must be able to request renewal of its certificate

          • Major - Major loss of function.
          • Open

          New Feature - A new feature of the product, which has yet to be developed. ECA-4213 Option to explicitly set keystore password during enrollment

          • Major - Major loss of function.
          • Closed

          Story - Created by Jira Software - do not edit or delete. Issue type for a user story. ECA-5170 Public RA user must be able to finalize legacy enrollment with username and enrollment code

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              johan Johan Eklund
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:

                  Draw.io Diagrams

                  – Flowchart for Key Revovery
                  Edit
                  – flowchart
                  Edit