Fedora 13 Update: pki-kra-1.3.1-2.fc13

updates at fedoraproject.org updates at fedoraproject.org
Mon Mar 1 01:39:56 UTC 2010


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2010-3186
2010-03-01 01:37:16
--------------------------------------------------------------------------------

Name        : pki-kra
Product     : Fedora 13
Version     : 1.3.1
Release     : 2.fc13
URL         : http://pki.fedoraproject.org/
Summary     : Dogtag Certificate System - Data Recovery Manager
Description :
Dogtag Certificate System is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

The Dogtag Data Recovery Manager is an optional PKI subsystem that can act
as a Key Recovery Authority (KRA).  When configured in conjunction with the
Dogtag Certificate Authority, the Dogtag Data Recovery Manager stores
private encryption keys as part of the certificate enrollment process.  The
key archival mechanism is triggered when a user enrolls in the PKI and creates
the certificate request.  Using the Certificate Request Message Format (CRMF)
request format, a request is generated for the user's private encryption key.
This key is then stored in the Dogtag Data Recovery Manager which is
configured to store keys in an encrypted format that can only be decrypted by
several agents requesting the key at one time, providing for protection of the
public encryption keys for the users in the PKI deployment.

Note that the Dogtag Data Recovery Manager archives encryption keys; it does
not archive signing keys, since such archival would undermine nonrepudiation
properties of signing keys.

--------------------------------------------------------------------------------
Update Information:

Add 'pki-console' as a runtime dependency
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #566059 - Add 'pki-console' as a runtime dependency for CA, KRA, OCSP, and TKS . . .
        https://bugzilla.redhat.com/show_bug.cgi?id=566059
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update pki-kra' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list