Package pki-kra: Information

    Binary package: pki-kra
    Version: 10.10.6-alt1.c9f2.1
    Architecture: aarch64
    Build time:  Apr 28, 2022, 12:48 AM
    Source package: pki-core
    Category: System/Servers
    Report package bug
    License: GPLv2
    Summary: Dogtag PKI KRA Package
    Description: 
    The Key Recovery Authority (KRA) is an optional PKI subsystem that can act
    as a key archival facility.  When configured in conjunction with the
    Certificate Authority (CA), the KRA stores private encryption keys as part of
    the certificate enrollment process.  The key archival mechanism is triggered
    when a user enrolls in the PKI and creates the certificate request.  Using the
    Certificate Request Message Format (CRMF) request format, a request is
    generated for the user's private encryption key.  This key is then stored in
    the KRA which is configured to store keys in an encrypted format that can only
    be decrypted by several agents requesting the key at one time, providing for
    protection of the public encryption keys for the users in the PKI deployment.
    
    Note that the KRA archives encryption keys; it does NOT archive signing keys,
    since such archival would undermine non-repudiation properties of signing keys.

    Maintainer: Stanislav Levin


    Last changed


    Sept. 15, 2021 Stanislav Levin 10.10.6-alt1.c9f2.1
    - Backported to c9f2.
    June 23, 2021 Stanislav Levin 10.10.6-alt2
    - Made python-nss really optional.
    June 18, 2021 Stanislav Levin 10.10.6-alt1
    - 10.10.5 -> 10.10.6 (fixes: CVE-2021-3551).