DRM - during key recovery, verifyKeyPair() only works for RSA keys when they are bytes in memory

[pki-bot]

This issue was migrated from Pagure Issue #242. Originally filed by nkinder (@nkinder) on 2012-07-20 00:11:58:

• Assigned to cfu (@cfu)
• Associated bugzillas
  • https://bugzilla.redhat.com/show_bug.cgi?id=786683

---

The function verifyKeyPair() RecoveryService.java is called once a private key has been recovered. It is used to verify if the private key retrieved actually matches the public key or not. The function takes both public key and private key byte arrays, which was when before we changed to doing unwrapping and wrapping on the token (no handling clear text byte array in memory).

We need to have a corresponding functionality to handle the verification now that we don't directly handle byte arrays. Also the existing verifyKeyPair() only handles RSA key verification. So it needs to handle ECC as well as we move onto ECC key archival and recovery.

[pki-bot]

Comment from nkinder (@nkinder) at 2017-02-27 14:03:55

Metadata Update from @nkinder:

• Issue assigned to cfu
• Issue set to the milestone: UNTRIAGED