Dne 1.8.2014 v 13:54 Simo Sorce napsal(a):
On Tue, 2014-07-29 at 11:49 +0200, Jan Cholasta wrote:

I don't think I'm authorized to edit bind-dyndb-ldap wiki, so I'm going
to comment the steps from the link above here:

I think anyone with a fedora login can change it, but thanks anyway, you
clarified quite some things.

I have a questions about algorithms agility though, are we tied to use
AES128 and RSA2048 ? Or do we have the means to specify and use
alternative algorithms should it be necessary ?
(Like EC instead of RSA ?)

The schema allows different key types and wrapping algorithms to be used in the future.

Also would you know where I can find details on how
CKM_AES_KEY_WRAP[_PAD] is actually implemented ?

CKM_AES_KEY_WRAP uses the algorithm specified in RFC 3394, CKM_AES_KEY_WRAP_PAD uses the algorithm described in RFC 5649. We don't use CKM_AES_KEY_WRAP ATM.


Jan Cholasta

Freeipa-devel mailing list

Reply via email to