IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-12 17:21:55 -06:00
Code Issues Packages Projects Releases Wiki Activity
b144bf527d
freeipa/ipapython/secrets
History
Fraser Tweedale 4660bb7ff0 Add custodia store for lightweight CA key replication 
Due to limitations in Dogtag's use of NSSDB, importing private keys
must be done by the Dogtag Java process itself.  This requires a
PKIArchiveOptions format (signing key wrapped with host CA key) -
PKCS #12 cannot be used because that would require decrypting the
key in Dogtag's memory, albeit temporarily.

Add a new custodia store that executes a 'pki' command to acquire
the wrapped key.

Part of: https://fedorahosted.org/freeipa/ticket/4559

Reviewed-By: Jan Cholasta <jcholast@redhat.com>
2016-06-09 09:04:27 +02:00
..
__init__.py Add ipa-custodia service 2015-10-15 14:24:33 +02:00
client.py Allow CustodiaClient to be used by arbitrary principals 2016-06-08 10:16:28 +02:00
common.py Add ipa-custodia service 2015-10-15 14:24:33 +02:00
kem.py Optionally add service name to Custodia key DNs 2016-06-09 09:04:27 +02:00
store.py Add custodia store for lightweight CA key replication 2016-06-09 09:04:27 +02:00