pki-kra-10.5.12-1.fc27.noarch.rpm


Advertisement

Description

pki-kra - Certificate System - Key Recovery Authority

Property Value
Distribution Fedora 27
Repository Fedora Updates i386
Package name pki-kra
Package version 10.5.12
Package release 1.fc27
Package architecture noarch
Package type rpm
Installed size 544.46 KB
Download size 278.86 KB
Official Mirror download-ib01.fedoraproject.org
The Key Recovery Authority (KRA) is an optional PKI subsystem that can act
as a key archival facility.  When configured in conjunction with the
Certificate Authority (CA), the KRA stores private encryption keys as part of
the certificate enrollment process.  The key archival mechanism is triggered
when a user enrolls in the PKI and creates the certificate request.  Using the
Certificate Request Message Format (CRMF) request format, a request is
generated for the user's private encryption key.  This key is then stored in
the KRA which is configured to store keys in an encrypted format that can only
be decrypted by several agents requesting the key at one time, providing for
protection of the public encryption keys for the users in the PKI deployment.
Note that the KRA archives encryption keys; it does NOT archive signing keys,
since such archival would undermine non-repudiation properties of signing keys.
This package is one of the top-level java-based Tomcat PKI subsystems
provided by the PKI Core used by the Certificate System.
==================================
||  ABOUT "CERTIFICATE SYSTEM"  ||
==================================
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.
PKI Core contains ALL top-level java-based Tomcat PKI components:
* pki-symkey
* pki-base
* pki-base-python2 (alias for pki-base)
* pki-base-python3
* pki-base-java
* pki-tools
* pki-server
* pki-ca
* pki-kra
* pki-ocsp
* pki-tks
* pki-tps
* pki-javadoc
which comprise the following corresponding PKI subsystems:
* Certificate Authority (CA)
* Key Recovery Authority (KRA)
* Online Certificate Status Protocol (OCSP) Manager
* Token Key Service (TKS)
* Token Processing Service (TPS)
Python clients need only install the pki-base package.  This
package contains the python REST client packages and the client
upgrade framework.
Java clients should install the pki-base-java package.  This package
contains the legacy and REST Java client packages.  These clients
should also consider installing the pki-tools package, which contain
native and Java-based PKI tools and utilities.
Certificate Server instances require the fundamental classes and
modules in pki-base and pki-base-java, as well as the utilities in
pki-tools.  The main server classes are in pki-server, with subsystem
specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc.
Finally, if Certificate System is being deployed as an individual or
set of standalone rather than embedded server(s)/service(s), it is
strongly recommended (though not explicitly required) to include at
least one PKI Theme package:
* dogtag-pki-theme (Dogtag Certificate System deployments)
* dogtag-pki-server-theme
* redhat-pki-server-theme (Red Hat Certificate System deployments)
* redhat-pki-server-theme
* customized pki theme (Customized Certificate System deployments)
* <customized>-pki-server-theme
NOTE:  As a convenience for standalone deployments, top-level meta
packages may be provided which bind a particular theme to
these certificate server packages.

Alternatives

Package Version Architecture Repository
pki-kra-10.5.12-1.fc27.noarch.rpm 10.5.12 noarch Fedora Updates
pki-kra-10.4.8-5.fc27.noarch.rpm 10.4.8 noarch Fedora
pki-kra-10.4.8-5.fc27.noarch.rpm 10.4.8 noarch Fedora
pki-kra - - -

Requires

Name Value
java-1.8.0-openjdk-headless -
pki-server = 10.5.12-1.fc27
systemd-units -

Provides

Name Value
pki-kra = 10.5.12-1.fc27

Download

Type URL
Binary Package pki-kra-10.5.12-1.fc27.noarch.rpm
Source Package pki-core-10.5.12-1.fc27.src.rpm

Install Howto

Install pki-kra rpm package:

# dnf install pki-kra

Files

Path
/usr/share/doc/pki-kra/LICENSE
/usr/share/java/pki/pki-kra.jar
/usr/share/pki/kra/
/usr/share/pki/kra/conf/CS.cfg
/usr/share/pki/kra/conf/acl.ldif
/usr/share/pki/kra/conf/acl.properties
/usr/share/pki/kra/conf/auth-method.properties
/usr/share/pki/kra/conf/db.ldif
/usr/share/pki/kra/conf/index.ldif
/usr/share/pki/kra/conf/indextasks.ldif
/usr/share/pki/kra/conf/jk2.manifest
/usr/share/pki/kra/conf/jk2.properties
/usr/share/pki/kra/conf/jkconf.ant.xml
/usr/share/pki/kra/conf/jkconfig.manifest
/usr/share/pki/kra/conf/server-minimal.xml
/usr/share/pki/kra/conf/shm.manifest
/usr/share/pki/kra/conf/tomcat-jk2.manifest
/usr/share/pki/kra/conf/tomcat-users.xml
/usr/share/pki/kra/conf/uriworkermap.properties
/usr/share/pki/kra/conf/vlv.ldif
/usr/share/pki/kra/conf/vlvtasks.ldif
/usr/share/pki/kra/conf/web.xml
/usr/share/pki/kra/conf/workers.properties
/usr/share/pki/kra/conf/workers.properties.minimal
/usr/share/pki/kra/conf/workers2.properties
/usr/share/pki/kra/conf/workers2.properties.minimal
/usr/share/pki/kra/conf/Catalina/
/usr/share/pki/kra/conf/Catalina/localhost/kra.xml
/usr/share/pki/kra/setup/registry_instance
/usr/share/pki/kra/webapps/
/usr/share/pki/kra/webapps/ROOT/index.jsp
/usr/share/pki/kra/webapps/ROOT/WEB-INF/web.xml
/usr/share/pki/kra/webapps/kra/404.html
/usr/share/pki/kra/webapps/kra/500.html
/usr/share/pki/kra/webapps/kra/GenUnexpectedError.template
/usr/share/pki/kra/webapps/kra/index.jsp
/usr/share/pki/kra/webapps/kra/services.template
/usr/share/pki/kra/webapps/kra/WEB-INF/velocity.properties
/usr/share/pki/kra/webapps/kra/WEB-INF/web.xml
/usr/share/pki/kra/webapps/kra/WEB-INF/lib/pki-certsrv.jar
/usr/share/pki/kra/webapps/kra/WEB-INF/lib/pki-cms.jar
/usr/share/pki/kra/webapps/kra/WEB-INF/lib/pki-cmsbundle.jar
/usr/share/pki/kra/webapps/kra/WEB-INF/lib/pki-cmscore.jar
/usr/share/pki/kra/webapps/kra/WEB-INF/lib/pki-cmsutil.jar
/usr/share/pki/kra/webapps/kra/WEB-INF/lib/pki-kra.jar
/usr/share/pki/kra/webapps/kra/WEB-INF/lib/pki-nsutil.jar
/usr/share/pki/kra/webapps/kra/admin/console
/usr/share/pki/kra/webapps/kra/agent/GenError.template
/usr/share/pki/kra/webapps/kra/agent/GenPending.template
/usr/share/pki/kra/webapps/kra/agent/GenRejected.template
/usr/share/pki/kra/webapps/kra/agent/GenSuccess.template
/usr/share/pki/kra/webapps/kra/agent/GenSvcPending.template
/usr/share/pki/kra/webapps/kra/agent/GenUnauthorized.template
/usr/share/pki/kra/webapps/kra/agent/GenUnexpectedError.template
/usr/share/pki/kra/webapps/kra/agent/cms-funcs.js
/usr/share/pki/kra/webapps/kra/agent/funcs.js
/usr/share/pki/kra/webapps/kra/agent/header.template
/usr/share/pki/kra/webapps/kra/agent/helpfun.js
/usr/share/pki/kra/webapps/kra/agent/index.jsp
/usr/share/pki/kra/webapps/kra/agent/index.template
/usr/share/pki/kra/webapps/kra/agent/kra/GrantRecovery.html
/usr/share/pki/kra/webapps/kra/agent/kra/ListRequests.html
/usr/share/pki/kra/webapps/kra/agent/kra/SrchKey.html
/usr/share/pki/kra/webapps/kra/agent/kra/SrchRecoverKey.html
/usr/share/pki/kra/webapps/kra/agent/kra/confirmRecover.html
/usr/share/pki/kra/webapps/kra/agent/kra/confirmRecoverBySerial.template
/usr/share/pki/kra/webapps/kra/agent/kra/displayBySerial.template
/usr/share/pki/kra/webapps/kra/agent/kra/displayBySerial2.template
/usr/share/pki/kra/webapps/kra/agent/kra/displayBySerialForRecovery.template
/usr/share/pki/kra/webapps/kra/agent/kra/examineRecovery.template
/usr/share/pki/kra/webapps/kra/agent/kra/finishAsyncRecovery.template
/usr/share/pki/kra/webapps/kra/agent/kra/finishRecovery.template
/usr/share/pki/kra/webapps/kra/agent/kra/frameGrant.html
/usr/share/pki/kra/webapps/kra/agent/kra/frameRecover.html
/usr/share/pki/kra/webapps/kra/agent/kra/frameRequest.html
/usr/share/pki/kra/webapps/kra/agent/kra/frameSearch.html
/usr/share/pki/kra/webapps/kra/agent/kra/frameStats.html
/usr/share/pki/kra/webapps/kra/agent/kra/getApprovalStatus.template
/usr/share/pki/kra/webapps/kra/agent/kra/getStats.template
/usr/share/pki/kra/webapps/kra/agent/kra/grantAsyncRecovery.template
/usr/share/pki/kra/webapps/kra/agent/kra/grantRecovery.template
/usr/share/pki/kra/webapps/kra/agent/kra/index.jsp
/usr/share/pki/kra/webapps/kra/agent/kra/menuCheck.html
/usr/share/pki/kra/webapps/kra/agent/kra/menuGrant.html
/usr/share/pki/kra/webapps/kra/agent/kra/menuRecover.html
/usr/share/pki/kra/webapps/kra/agent/kra/menuRequest.html
/usr/share/pki/kra/webapps/kra/agent/kra/menuSearch.html
/usr/share/pki/kra/webapps/kra/agent/kra/menuStats.html
/usr/share/pki/kra/webapps/kra/agent/kra/monitor.template
/usr/share/pki/kra/webapps/kra/agent/kra/processReq.template
/usr/share/pki/kra/webapps/kra/agent/kra/queryKey.template
/usr/share/pki/kra/webapps/kra/agent/kra/queryKeyForRecovery.template
/usr/share/pki/kra/webapps/kra/agent/kra/queryReq.template
/usr/share/pki/kra/webapps/kra/agent/kra/recoverBySerial.template
/usr/share/pki/kra/webapps/kra/agent/kra/srchKey.template
/usr/share/pki/kra/webapps/kra/agent/kra/srchKeyForRecovery.template
/usr/share/pki/kra/webapps/kra/agent/kra/top.html

Changelog

2018-08-13 - Dogtag Team <pki-devel@redhat.com> 10.5.12-1
- dogtagpki Pagure Issue #2481 - ECC keys not supported for signing
audit logs (cfu)
- dogtagpki Pagure Issue #3041 -Enable all config audit events (cfu)
- dogtagpki Pagure Issue #3043 - consumer initialization failed.
Error (0) Total update succeeded (abokovoy)
- Fixed pki console configurations that involves ldap passwords leave the
plain text password in signed audit logs (cfu)
- Fixed Certificate generation happens with partial attributes in CMCRequest
file (cfu)
- Fixed Better understanding of NSS_USE_DECODED_CKA_EC_POINT for ECC (cfu)
- Fixed CMC Revocations throws exception with same reqIssuer & certissuer (cfu)
2018-08-09 - Dogtag Team <pki-devel@redhat.com> 10.5.11-2
- freeipa Pagure Issue #7627 - ipa-replica-install --setup-kra broken
on DL0 with latest version (abokovoy)
2018-07-31 - Dogtag Team <pki-devel@redhat.com> 10.5.11-1
- dogtagpki Pagure Issue #2915 - keyGen fails when only Identity
certificate exists (jmagne)
2018-07-02 - Dogtag Team <pki-devel@redhat.com> 10.5.10-1
- Updated "jss" build and runtime requirements (mharmsen)
- Updated "tomcatjss" build and runtime requirements (mharmsen)
- dogtagpki Pagure Issue #2865 X500Name.directoryStringEncodingOrder
overridden by CSR encoding (cfu)
- dogtagpki Pagure Issue #2920 Part2 of SharedToken Audit (cfu)
- dogtagpki Pagure Issue #2922 IPAddressName: fix construction from
String (ftweedal)
- dogtagpki Pagure Issue #2959 Address pkispawn ECC profile overrides (cfu)
- dogtagpki Pagure Issue #2992 CMC Simple request profiles and CMCResponse
to support simple response (cfu)
- dogtagpki Pagure Issue #3003 AuditVerify failure due to line breaks (cfu)
- dogtagpki Pagure Issue #3037 CMC SharedToken SubjectDN default (cfu)
2018-06-08 - Dogtag Team <pki-devel@redhat.com> 10.5.9-1
- dogtagpki Pagure Issue #2922 - Name Constraints: Using a Netmask
produces an odd entry in a certifcate (ftweedal)
- dogtagpki Pagure Issue #2941 - ExternalCA: Installation failed during
csr generation with ecc (rrelyea, gkapoor)
- dogtagpki Pagure Issue #2999 - Cert validation for installation with
external CA cert (edewata)
- dogtagpki Pagure Issue #3028 - CMC CRMF request results in
InvalidKeyFormatException when signing algorithm is ECC (cfu)
- dogtagpki Pagure Issue #3033 - CRMFPopClient tool - should allow
option to do no key archival (cfu)
2018-05-23 - Dogtag Team <pki-devel@redhat.com> 10.5.8-1
- Updated "jss" build and runtime requirements (mharmsen)
- dogtagpki Pagure Issue #1576 - subsystem -> subsystem SSL handshake
issue with TLS_ECDHE_RSA_* on Thales HSM (cfu)
- dogtagpki Pagure Issue #1741 - ECDSA Certificates Generated by
Certificate System fail NIST validation test with parameter field. (cfu)
- dogtagpki Pagure Issue #2940 - [MAN] Missing Man pages for tools
CMCRequest, CMCResponse, CMCSharedToken (cfu)
- dogtagpki Pagure Issue #2992 - servlet profileSubmitCMCSimple throws
NPE (cfu)
- dogtagpki Pagure Issue #2995 - SAN in internal SSL server certificate in
pkispawn configuration step (cfu)
- dogtagpki Pagure Issue #2996 - ECC installation for non CA subsystems
needs improvement (jmagne)
- dogtagpki Pagure Issue #2997 - Token name normalization problem in
pki-server subsystem-cert-validate (edewata)
- dogtagpki Pagure Issue #3018 - CMC profiles: Some CMC profiles have
wrong input class_id (cfu)
2018-04-10 - Dogtag Team <pki-devel@redhat.com> 10.5.7-2
- dogtagpki Pagure Issue #2940 -[MAN] Missing Man pages for tools
CMCRequest, CMCResponse, CMCSharedToken (cfu)
- dogtagpki Pagure Issue #2946 - libtps does not directly depend on libz
(build failure with nss-3.35) (ftweedal, cfu)
- dogtagpki Pagure Issue #2950 - Need ECC-specific Enrollment Profiles
for standard conformance (cfu)

See Also

Package Description
pki-ocsp-10.5.12-1.fc27.noarch.rpm Certificate System - Online Certificate Status Protocol Manager
pki-server-10.5.12-1.fc27.noarch.rpm Certificate System - PKI Server Framework
pki-symkey-10.5.12-1.fc27.i686.rpm Symmetric Key JNI Package
pki-tks-10.5.12-1.fc27.noarch.rpm Certificate System - Token Key Service
pki-tools-10.5.12-1.fc27.i686.rpm Certificate System - PKI Tools
pki-tps-10.5.12-1.fc27.i686.rpm Certificate System - Token Processing Service
pl-7.4.2-4.fc27.i686.rpm SWI-Prolog - Edinburgh compatible Prolog compiler
pl-compat-yap-devel-7.4.2-4.fc27.i686.rpm Development files building YAP application against SWI Prolog
pl-devel-7.4.2-4.fc27.i686.rpm Development files for SWI Prolog
pl-doc-7.4.2-4.fc27.i686.rpm Documentation for SWI Prolog
pl-jpl-7.4.2-4.fc27.i686.rpm A bidirectional Prolog/Java interface for SWI Prolog
pl-odbc-7.4.2-4.fc27.i686.rpm SWI-Prolog ODBC interface
pl-static-7.4.2-4.fc27.i686.rpm Static library for SWI Prolog
pl-xpce-7.4.2-4.fc27.i686.rpm A toolkit for developing graphical applications in Prolog
plasma-breeze-5.12.7-1.fc27.i686.rpm Artwork, styles and assets for the Breeze visual style for the Plasma Desktop
Advertisement
Advertisement