Package pki-kra: Information
Binary package: pki-kra
Version: 10.10.6-alt1.c9f2.1
Architecture: aarch64
Build time: Apr 28, 2022, 12:48 AM
Source package: pki-core
Category: System/Servers
Report package bugDownload: pki-kra-10.10.6-alt1.c9f2.1.aarch64.rpm
Home page: http://www.dogtagpki.org
License: GPLv2
Summary: Dogtag PKI KRA Package
Description:
The Key Recovery Authority (KRA) is an optional PKI subsystem that can act as a key archival facility. When configured in conjunction with the Certificate Authority (CA), the KRA stores private encryption keys as part of the certificate enrollment process. The key archival mechanism is triggered when a user enrolls in the PKI and creates the certificate request. Using the Certificate Request Message Format (CRMF) request format, a request is generated for the user's private encryption key. This key is then stored in the KRA which is configured to store keys in an encrypted format that can only be decrypted by several agents requesting the key at one time, providing for protection of the public encryption keys for the users in the PKI deployment. Note that the KRA archives encryption keys; it does NOT archive signing keys, since such archival would undermine non-repudiation properties of signing keys.
Maintainer: Stanislav Levin
Last changed
Sept. 15, 2021 Stanislav Levin 10.10.6-alt1.c9f2.1
- Backported to c9f2.
June 23, 2021 Stanislav Levin 10.10.6-alt2
- Made python-nss really optional.
June 18, 2021 Stanislav Levin 10.10.6-alt1
- 10.10.5 -> 10.10.6 (fixes: CVE-2021-3551).