You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Automatic recovery of encryption cert is not working when a token is physically
damaged and a temporary token is issued
Steps to Reproduce:
TPS CS.cfg has the following
op.enroll.userKey.keyGen.encryption.recovery.destroyed.holdRevocationUntilLastC
redential=false
op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert=false
op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeCert.reason=0
op.enroll.userKey.keyGen.encryption.recovery.destroyed.revokeExpiredCerts=false
op.enroll.userKey.keyGen.encryption.recovery.destroyed.scheme=RecoverLast
2. Mark an enrolled token physically damaged, the signing cert is revoked and
encryption cert is active
3. Enroll a token for the same user
Actual results:
New encryption and signing certificates are issued for the new token
Expected results:
Encryption cert should be recovered from the old token
Additional info:
Attachment has the debug log during enrollment of the new token
Created attachment 1205264
TPS debug log during enrollment of new token
The text was updated successfully, but these errors were encountered:
Cert/Key recovery is successful when the cert serial number and key id on the ldap user mismatches
Fixes this bug 1381375.
The portion this patch fixes involves URL encoding glitch we encountered when recovering keys using
the "by cert" method.
Also this bug addresses:
Bug 1379379 - Unable to read an encrypted email using renewed tokens
The URL encoding problem was affecting the proper verification of this bug.
and
Bug 1379749 - Automatic recovery of encryption cert is not working when a token is physically damaged and a temporary token is issued
The URI encoding was also making this bug appear to fail more than it should have.
There is also a minor fix to the feature that makes sure it works.
This small fix is in TPSEngine.java where the constant for GenerateNewAndRecoverLast scheme is declared.
This issue was migrated from Pagure Issue #2486. Originally filed by rpattath (@rpattath) on 2016-09-28 00:51:25:
Automatic recovery of encryption cert is not working when a token is physically
damaged and a temporary token is issued
Steps to Reproduce:
Actual results:
Expected results:
Additional info:
The text was updated successfully, but these errors were encountered: