Dne 1.8.2014 v 13:54 Simo Sorce napsal(a):
On Tue, 2014-07-29 at 11:49 +0200, Jan Cholasta wrote:
I don't think I'm authorized to edit bind-dyndb-ldap wiki, so I'm going
to comment the steps from the link above here:
I think anyone with a fedora login can change it, but thanks anyway, you
clarified quite some things.
I have a questions about algorithms agility though, are we tied to use
AES128 and RSA2048 ? Or do we have the means to specify and use
alternative algorithms should it be necessary ?
(Like EC instead of RSA ?)
The schema allows different key types and wrapping algorithms to be used
in the future.
Also would you know where I can find details on how
CKM_AES_KEY_WRAP[_PAD] is actually implemented ?
CKM_AES_KEY_WRAP uses the algorithm specified in RFC 3394,
CKM_AES_KEY_WRAP_PAD uses the algorithm described in RFC 5649. We don't
use CKM_AES_KEY_WRAP ATM.
Freeipa-devel mailing list