Am 25.02.2017 um 21:40 schrieb Jan Schermer:
Yes and no - it all depends on your workflows. The default workflow generates a private key as PEM encoded block, encrypted with the password supplied by the user (which can be either a "real" user password or a random string generated by the server). This data is then wrapped with the datasafe token to prevent brute force against data leaked form the database.The datasafe token is used to encrypt data written to the "datapool" table - its the classic "sandwich" with asymmetric encryption, we generate a symmetric key to encrypt the payload and encrypt the key with the asymetric token.So datapool contains raw private keys if I generate them on the CA? I found finished downloads (PKCS12 etc.) in workflow_context table (presumably encrypted with the user-supplied password and ready to download), but I wondered where the keys initially were stored. Looks like prime candidate to not have accessible on the RA. I guess this comes to policy of where/who/what should be able to do, so I'll have to think about this some more.
You must make this data available and decryptable on the RA in order to allow a user to download it or provide the keys to the user out of band from the CA. The download workflows you have in the system should not contain any sensitive data - just some pointers to the key material which is unwrapped and send to the browser in the moment the user requests it.
Oliver -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
