-
Type:
Improvement
-
Status: QA Backlog
-
Priority:
Critical
-
Resolution: Unresolved
-
Affects Version/s: 6.5.2
-
Fix Version/s: 6.5.3
-
Component/s: replication, security
-
Labels:None
-
Story Points:0.5
Some HSMs (e.g. NitroKey) do not support key wrapping and unwrapping, which is used for protecting symmetric keys distributed over replication. To improve interoperability it would be better if we used encrypt/decrypt modes instead of wrap/unwrap.
IIRC, I think Neil Madden has already made a similar change in commons secrets.
- is a backport of
-
OPENDJ-6930 Increase interoperability with HSMs when protecting and distributing symmetric keys
-
- Done
-