Name : pki-kra
| |
Version : 10.4.1
| Vendor : CentOS
|
Release : 17.el7_4
| Date : 2017-12-01 20:52:44
|
Group : System Environment/Daemons
| Source RPM : pki-core-10.4.1-17.el7_4.src.rpm
|
Size : 0.54 MB
| |
Packager : CentOS BuildSystem < http://bugs_centos_org>
| |
Summary : Certificate System - Key Recovery Authority
|
Description :
The Key Recovery Authority (KRA) is an optional PKI subsystem that can act as a key archival facility. When configured in conjunction with the Certificate Authority (CA), the KRA stores private encryption keys as part of the certificate enrollment process. The key archival mechanism is triggered when a user enrolls in the PKI and creates the certificate request. Using the Certificate Request Message Format (CRMF) request format, a request is generated for the user\'s private encryption key. This key is then stored in the KRA which is configured to store keys in an encrypted format that can only be decrypted by several agents requesting the key at one time, providing for protection of the public encryption keys for the users in the PKI deployment.
Note that the KRA archives encryption keys; it does NOT archive signing keys, since such archival would undermine non-repudiation properties of signing keys.
This package is one of the top-level java-based Tomcat PKI subsystems provided by the PKI Core used by the Certificate System.
================================== || ABOUT \"CERTIFICATE SYSTEM\" || ==================================
Certificate System (CS) is an enterprise software system designed to manage enterprise Public Key Infrastructure (PKI) deployments.
PKI Core contains ALL top-level java-based Tomcat PKI components:
* pki-symkey * pki-base * pki-base-python2 (alias for pki-base) * pki-base-python3 * pki-base-java * pki-tools * pki-server * pki-ca * pki-kra * pki-ocsp * pki-tks * pki-tps * pki-javadoc
which comprise the following corresponding PKI subsystems:
* Certificate Authority (CA) * Key Recovery Authority (KRA) * Online Certificate Status Protocol (OCSP) Manager * Token Key Service (TKS) * Token Processing Service (TPS)
Python clients need only install the pki-base package. This package contains the python REST client packages and the client upgrade framework.
Java clients should install the pki-base-java package. This package contains the legacy and REST Java client packages. These clients should also consider installing the pki-tools package, which contain native and Java-based PKI tools and utilities.
Certificate Server instances require the fundamental classes and modules in pki-base and pki-base-java, as well as the utilities in pki-tools. The main server classes are in pki-server, with subsystem specific Java classes and resources in pki-ca, pki-kra, pki-ocsp etc.
Finally, if Certificate System is being deployed as an individual or set of standalone rather than embedded server(s)/service(s), it is strongly recommended (though not explicitly required) to include at least one PKI Theme package:
* dogtag-pki-theme (Dogtag Certificate System deployments) * dogtag-pki-server-theme * redhat-pki-server-theme (Red Hat Certificate System deployments) * redhat-pki-server-theme * customized pki theme (Customized Certificate System deployments) * < customized>-pki-server-theme
NOTE: As a convenience for standalone deployments, top-level meta packages may be provided which bind a particular theme to these certificate server packages.
|
RPM found in directory: /vol/rzm7/linux-centos-vault/7.4.1708/updates/x86_64/Packages |