Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-7257

Add possibility to disable Crypto Token key generation for specific PKCS#11 drivers in GUI

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.15.0
    • Component/s: CA GUI
    • Labels:
      None
    • Sprint:
      EJBCA Sprint 18

      Description

      In AWS CloudHSM we are currently forced to only generate keys using clientToolBox, as it will not work when generating in the GUI.

      This is due to that on Cavium CKA_ID/CKA_LABEL can not be set after key generation, and since the GUI is long running we can not customize the attributes file for each key generation. The result is that keys generated will be possible to use within the session (because Sun P11 maps it on generation), but after restart it will all be gone becuase there is no mapping between the certificate and the private key.

      The quick solution for customers, to avoid them getting into some real trouble, is to disable the "generate key" button on crypto tokens in the GUI.

      If this button is enabled or disabled should be configured per driver, as drivers are configured in web.properties.

       

        Attachments

          Activity

            People

            • Assignee:
              tomas Tomas Gustavsson
              Reporter:
              tomas Tomas Gustavsson
              Verified by:
              Mike Agrenius Kushner
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 3 hours
                3h
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 3 hours
                3h