Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-8587

Persist selected KAK for CP5 Crypto Tokens

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 7.3.0
    • Component/s: None
    • Labels:
      None
    • Provenance:
      Internal Delivery
    • Epic Link:
    • Sprint:
      EJBCA Team Alice - 2019 w40

      Description

      Preferably we'd like to keep HSM key information stateless for EJBCA and only read attributes from the HSM. Unfortunately the CP5 specific attributes cannot be retrieved via PKCS#11 which makes it impossible to keep the authorization state, associated KAK etc. stateless.

      In order to facilitate management of CP5 keys from EJBCA, we should at least keep which KAK was latest used as authorization key for each HSM key.

      This could of course go out of sync if authorization data is changed using external tools or if some key is deleted externally. Make it as dynamic as possible, i.e. allow for updating of KAK information and clean up if a key is removed etc.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              hsunmark Henrik Sunmark
              Reporter:
              hsunmark Henrik Sunmark
              Verified by:
              Amin Khorsandi
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: