Fedora 16 Update: pki-kra-9.0.13-1.fc16

updates at fedoraproject.org updates at fedoraproject.org
Thu Nov 15 02:31:42 UTC 2012 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-17489
2012-11-02 03:00:18
--------------------------------------------------------------------------------

Name        : pki-kra
Product     : Fedora 16
Version     : 9.0.13
Release     : 1.fc16
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - Data Recovery Manager
Description :
Certificate System (CS) is an enterprise software system designed
to manage enterprise Public Key Infrastructure (PKI) deployments.

The Data Recovery Manager (DRM) is an optional PKI subsystem that can act
as a Key Recovery Authority (KRA).  When configured in conjunction with the
Certificate Authority (CA), the DRM stores private encryption keys as part of
the certificate enrollment process.  The key archival mechanism is triggered
when a user enrolls in the PKI and creates the certificate request.  Using the
Certificate Request Message Format (CRMF) request format, a request is
generated for the user's private encryption key.  This key is then stored in
the DRM which is configured to store keys in an encrypted format that can only
be decrypted by several agents requesting the key at one time, providing for
protection of the public encryption keys for the users in the PKI deployment.

Note that the DRM archives encryption keys; it does NOT archive signing keys,
since such archival would undermine non-repudiation properties of signing keys.

For deployment purposes, a DRM requires the following components from the PKI
Core package:

  * pki-setup
  * pki-native-tools
  * pki-util
  * pki-java-tools
  * pki-common
  * pki-selinux

and can also make use of the following optional components from the PKI Core
package:

  * pki-util-javadoc
  * pki-java-tools-javadoc
  * pki-common-javadoc
  * pki-silent

Additionally, Certificate System requires ONE AND ONLY ONE of the following
"Mutually-Exclusive" PKI Theme packages:

  * dogtag-pki-theme (Dogtag Certificate System deployments)
  * redhat-pki-theme (Red Hat Certificate System deployments)

--------------------------------------------------------------------------------
Update Information:

Ticket #373
Ticket #310 - Dogtag 9: Rebuild official PKI packages as necessary
--------------------------------------------------------------------------------
ChangeLog:

* Tue Oct 30 2012 Andrew Wnuk <awnuk at redhat.com> 9.0.13-1
- New official build
- TMS - ECC Key Recovery - ticket #252 (cfu)
- TMS secure recovery part of - bug #737122 (cfu)
* Tue Apr 10 2012 Christina Fu <cfu at redhat.com> 9.0.12-1
- Bugzilla Bug #745278 - [RFE] ECC encryption keys cannot be archived
* Fri Mar 16 2012 Ade Lee <alee at redhat.com> 9.0.11-1
- BZ 802396 - Change location of TOMCAT_LOG to match tomcat6 changes
* Fri Mar  9 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.10-1
- Bugzilla Bug #796006 - Get DOGTAG_9_BRANCH GIT repository in-sync
  with DOGTAG_9_BRANCH SVN repository . . .
- Bugzilla Bug #787806 - RSA should be default selection for transport
  key till "ECC phase 4" is implemented
* Wed Feb 22 2012 Matthew Harmsen <mharmsen at redhat.com> 9.0.9-2
- Add '-DSYSTEMD_LIB_INSTALL_DIR' override flag to 'cmake' to address changes
  in fundamental path structure in Fedora 17
* Fri Oct 28 2011 Matthew Harmsen <mharmsen at redhat.com> 9.0.9-1
- Bugzilla Bug #737122 - DRM: during archiving and recovering,
  wrapping unwrapping keys should be done in the token (cfu)
- Bugzilla Bug #744797 - KRA key recovery (retrieve pkcs#12) fails after
  the in-place upgrade( CS 8.0->8.1) (cfu)
- Bugzilla Bug #749945 - Installation error reported during CA, DRM,
  OCSP, and TKS package installation . . . (mharmsen)
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update pki-kra' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list