[ol8_appstream] pki-kra-10.10.5-2.0.1.module+el8.4.0+20154+9830f79e.noarch

The Key Recovery Authority (KRA) is an optional PKI subsystem that can act
as a key archival facility.  When configured in conjunction with the
Certificate Authority (CA), the KRA stores private encryption keys as part of
the certificate enrollment process.  The key archival mechanism is triggered
when a user enrolls in the PKI and creates the certificate request.  Using the
Certificate Request Message Format (CRMF) request format, a request is
generated for the user's private encryption key.  This key is then stored in
the KRA which is configured to store keys in an encrypted format that can only
be decrypted by several agents requesting the key at one time, providing for
protection of the public encryption keys for the users in the PKI deployment.

Note that the KRA archives encryption keys; it does NOT archive signing keys,
since such archival would undermine non-repudiation properties of signing keys.

Changelog (Show File list) (Show related packages)

• Wed May 19 2021 EL Errata <el-errata_ww@oracle.com> - 10.10.5-2.0.1

  - Remove upstream reference.

• Tue Mar 23 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.10.5-2

  - Bug 1914396 - CVE-2021-20179 pki-core:10.6/pki-core: Unprivileged users can renew any certificate

• Tue Feb 23 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.10.5-1

  - Rebase to PKI 10.10.5
  - Bug 1929067 - PKI instance creation failed with new 389-ds-base build

• Mon Feb 08 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.10.4-1

  - Rebase to PKI 10.10.4
  - Bug 1664435 - Error instantiating class for challenge_password with SCEP request
  - Bug 1912418 - OCSP and TKS cloning failed due to duplicate replica ID
  - Bug 1916686 - Memory leak during ACME performance test
  - Bug 1919282 - ACME cert enrollment failed with HTTP 500

• Thu Jan 14 2021 Red Hat PKI Team <rhcs-maint@redhat.com> 10.10.3-1

  - Rebase to PKI 10.10.3
  - Bug 1584550 - CRMFPopClient: unexpected behavior with -y option when values are specified
  - Bug 1590942 - CMCResponse treats -d as optional
  - Bug 1890639 - Two-step installation with external certificates fails on HSM configured system
  - Bug 1912493 - pkispawn reports incorrect FIPS mode

• Tue Dec 08 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.10.2-1

  - Rebase to PKI 10.10.2
  - Bug 1392616 - KRA key recovery cli kra-key-retrieve generates an invalid p12 file
  - Bug 1897120 - pki-server cert-fix command failing
  - Bug 1694664 - ipa: ERROR: Certificate operation cannot be completed: Unable to communicate with CMS (503)

• Tue Nov 17 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.10.1-1

  - Rebase to PKI 10.10.1
  - Bug 1843416 - kra-audit-mod fail with Invalid event configuration
  - Bug 1889691 - ACME failed when run with more than 1 thread/connection
  - Bug 1891577 - Sub-ordinate installation is failing with NullPointerException

• Wed Oct 28 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.10.0-1

  - Rebase to PKI 10.10.0
  - Add workaround for missing capture_output in Python 3.6
  - Fix JSS initialization in pki-server <subsystem>-user-cert-add
  - Fix NPE in UGSubsystem.findUsersByKeyword()
  - Bug 1787115 - Need Method to copy SKI from CSR to Certificate signed
  - Bug 1875563 - Add KRA Transport and Storage Certificates profiles, audit for IPA
  - Bug 1883996 - Inconsistent folders in pki-tools

• Tue Oct 20 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.10.0-0.2.beta1

  - Rebase to PKI 10.10.0-beta1
  - Bug 1868233 - Disabling AIA and cert policy extensions in ACME examples

• Fri Sep 11 2020 Red Hat PKI Team <rhcs-maint@redhat.com> 10.9.4-1

  - Rebase to PKI 10.9.4
  - Bug 1873235 - Fix SSL_ERROR_INAPPROPRIATE_FALLBACK_ALERT in pki ca-user-cert-add