Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-6940

Backport OPENDJ-6930: Increase interoperability with HSMs when protecting and distributing symmetric keys

    Details

    • Type: Improvement
    • Status: QA Backlog
    • Priority: Critical
    • Resolution: Unresolved
    • Affects Version/s: 6.5.2
    • Fix Version/s: 6.5.3
    • Component/s: replication, security
    • Labels:
      None
    • Story Points:
      0.5

      Description

      Some HSMs (e.g. NitroKey) do not support key wrapping and unwrapping, which is used for protecting symmetric keys distributed over replication. To improve interoperability it would be better if we used encrypt/decrypt modes instead of wrap/unwrap.

      IIRC, I think Neil Madden has already made a similar change in commons secrets.

        Attachments

          Issue Links

          is a backport of

          Improvement - An improvement or enhancement to an existing feature or task. OPENDJ-6930 Increase interoperability with HSMs when protecting and distributing symmetric keys

          • Critical - Crashes, loss of data, severe memory leak.
          • Done

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                cjr Chris Ridd
                Dev Assignee:
                Fabio Pistolesi
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated: