Jump to letter: [ 3ABCDEFGHIJKLMNOPQRSTUVWXYZ ]

pki-kra - Certificate System - Data Recovery Manager

Description:

The Data Recovery Manager (DRM) is an optional PKI subsystem that can act
as a Key Recovery Authority (KRA).  When configured in conjunction with the
Certificate Authority (CA), the DRM stores private encryption keys as part of
the certificate enrollment process.  The key archival mechanism is triggered
when a user enrolls in the PKI and creates the certificate request.  Using the
Certificate Request Message Format (CRMF) request format, a request is
generated for the user's private encryption key.  This key is then stored in
the DRM which is configured to store keys in an encrypted format that can only
be decrypted by several agents requesting the key at one time, providing for
protection of the public encryption keys for the users in the PKI deployment.

Note that the DRM archives encryption keys; it does NOT archive signing keys,
since such archival would undermine non-repudiation properties of signing keys.

This package is one of the top-level java-based Tomcat PKI subsystems
provided by the PKI Core used by the Certificate System.


==================================
||  ABOUT "CERTIFICATE SYSTEM"  ||
==================================

Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

PKI Core contains ALL top-level java-based Tomcat PKI components:

  * pki-symkey
  * pki-base
  * pki-tools
  * pki-server
  * pki-ca
  * pki-kra
  * pki-ocsp
  * pki-tks
  * pki-tps
  * pki-javadoc

which comprise the following corresponding PKI subsystems:

  * Certificate Authority (CA)
  * Data Recovery Manager (DRM)
  * Online Certificate Status Protocol (OCSP) Manager
  * Token Key Service (TKS)
  * Token Processing Service (TPS)

For deployment purposes, PKI Core contains fundamental packages
required by BOTH native-based Apache AND java-based Tomcat
Certificate System instances consisting of the following components:

  * pki-tools

Additionally, PKI Core contains the following fundamental packages
required ONLY by ALL java-based Tomcat Certificate System instances:

  * pki-symkey
  * pki-base
  * pki-tools
  * pki-server

PKI Core also includes the following components:

  * pki-javadoc

Finally, if Certificate System is being deployed as an individual or
set of standalone rather than embedded server(s)/service(s), it is
strongly recommended (though not explicitly required) to include at
least one PKI Theme package:

  * dogtag-pki-theme (Dogtag Certificate System deployments)
    * dogtag-pki-server-theme
  * redhat-pki-server-theme (Red Hat Certificate System deployments)
    * redhat-pki-server-theme
  * customized pki theme (Customized Certificate System deployments)
    * <customized>-pki-server-theme

  NOTE:  As a convenience for standalone deployments, top-level meta
         packages may be provided which bind a particular theme to
         these certificate server packages.

Packages

- PKI TRAC Ticket #1546 - Setpin utility doesn't set the pin for users - minor
  tweak [jmagne]
- PKI TRAC Ticket #1566 - non-CA subystem installations failing while trying
  to join security domain [cfu]
- PKI TRAC Ticket #1575 - Internet Explorer 11: caUserCert request submission
  fails using the EE page [jmagne]

Listing created by Repoview-0.6.6-7.fc23