Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-7257

Add possibility to disable Crypto Token key generation for specific PKCS#11 drivers in GUI

    Details

    • Type: New Feature
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.15.0
    • Component/s: CA GUI
    • Labels:
      None
    • Sprint:
      EJBCA Sprint 18

      Description

      In AWS CloudHSM we are currently forced to only generate keys using clientToolBox, as it will not work when generating in the GUI.

      This is due to that on Cavium CKA_ID/CKA_LABEL can not be set after key generation, and since the GUI is long running we can not customize the attributes file for each key generation. The result is that keys generated will be possible to use within the session (because Sun P11 maps it on generation), but after restart it will all be gone becuase there is no mapping between the certificate and the private key.

      The quick solution for customers, to avoid them getting into some real trouble, is to disable the "generate key" button on crypto tokens in the GUI.

      If this button is enabled or disabled should be configured per driver, as drivers are configured in web.properties.

       

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                tomas Tomas Gustavsson
                Reporter:
                tomas Tomas Gustavsson
                Verified by:
                Mike Agrenius Kushner
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 3 hours
                  3h
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 3 hours
                  3h