CMC: provide Proof of Possession for encryption cert requests

[pki-bot]

This issue was migrated from Pagure Issue #2615. Originally filed by mharmsen (@mharmsen) on 2017-03-20 12:04:42:

• Closed at 2017-03-28 12:22:13 as fixed
• Assigned to cfu (@cfu)
• Associated bugzillas
  • https://bugzilla.redhat.com/show_bug.cgi?id=1419742

---

Dogtag currently does not provide any Proof of Possession mechanism for
encryption cert requests.

This task will require use of the id-cmc-encryptedPOP and id-cmc-decryptedPOP
to complete.

This task will depend on the availability of completed work for underlying JSS
ASN.1 code from https://bugzilla.mozilla.org/show_bug.cgi?id=1337092.

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-03-20 12:04:43

Metadata Update from @mharmsen:

• Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1419742

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-03-20 12:04:43

Metadata Update from @mharmsen:

• Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1419742

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-03-20 12:21:32

Metadata Update from @mharmsen:

• Custom field component adjusted to General
• Custom field feature adjusted to ''
• Custom field origin adjusted to Community
• Custom field proposedmilestone adjusted to ''
• Custom field proposedpriority adjusted to ''
• Custom field reviewer adjusted to ''
• Custom field type adjusted to defect
• Custom field version adjusted to ''
• Issue priority set to: 2

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-03-20 12:26:14

Metadata Update from @mharmsen:

• Custom field component adjusted to CMC (was: General)
• Custom field origin adjusted to RHCust (was: Community)
• Custom field type adjusted to enhancement (was: defect)

[pki-bot]

Comment from cfu (@cfu) at 2017-03-28 12:14:29

commit 58b0563
Author: Christina Fu cfu@redhat.com
Date: Fri Mar 10 19:50:13 2017 -0800

Bug 1419742: CMC RFE: provide Proof of Possession for encryption cert requests CMC encryptedPOP and decrypedPOP (Phase 1) also disable lraPOPwitness This patch implements the Proof of Possession for encryption only keys. This is a preliminary implementation with limitations. It does not support more than one request. ECC keys are untested. This version only uses default algorithms at some internal places. Not all limitations are listed here.

[pki-bot]

Comment from cfu (@cfu) at 2017-03-28 12:15:44

commit 358064e
Author: Christina Fu cfu@redhat.com
Date: Sun Mar 26 17:34:51 2017 -0400

Bug 2615 CMC: cleanup code for Encrypted Decrypted POP This patch adds more error checking and debugging

[pki-bot]

Comment from cfu (@cfu) at 2017-03-28 12:22:18

Metadata Update from @cfu:

• Issue assigned to cfu
• Issue close_status updated to: fixed
• Issue status updated to: Closed (was: Open)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-03-28 12:23:56

Metadata Update from @mharmsen:

• Issue set to the milestone: 10.4.1 (was: 10.4)

[pki-bot]

Comment from mharmsen (@mharmsen) at 2017-03-31 17:30:35

Metadata Update from @mharmsen:

• Custom field fixedinversion adjusted to pki-core-10.4.1-1.fc27