FLAM Issue Tracker - FL5
View Issue Details
0000747FL52.2 Subprogram FLUC (CONV)public2015-10-29 09:532016-07-26 15:37
Falk Reichbott 
Mykhailo Moldavskyy 
resolvedno change required 
0000747: Implement DKMS/EKMF support for OpenPGP
A FKM5DKMS must be provide to support OpenPGP with DKMS/EKMF. The IBM crypto competance centre (CCC) plans to support PGP key files/rings with DKMS. If this support available the management of the PGP PKA keys can be done with DKMS instead of the FLCL KEY command. In this case a new FKM5 for DKMS must be written, wich use the DKMS-API to get the key lable for session key encryption / decryption or signature generation / verification. DKMS will store the PGP key attributes (KeyId, key version, creation date, valid days, prefered stuff) in the UKDS7 database. The FKM5 provides the KeyId or the UserId to get the key in the PKDS.This solution are indepentant of CCA key label conventions at all and the key management part are done with DKMS.

The FKM5 for DKMS will not support the FLCL KEY key management function. This FKM5 will only support the operational functions against CCA/ICSF (and if available with DKMS/EKMF against PKCS#11 or other crypto devices).
No tags attached.
Issue History
2015-10-29 09:53Falk ReichbottNew Issue
2015-10-29 09:53Falk ReichbottStatusnew => assigned
2015-10-29 09:53Falk ReichbottAssigned To => Mykhailo Moldavskyy
2015-10-29 10:04Falk ReichbottTarget Version5.1.11 => 5.1.13
2016-07-26 15:37Falk ReichbottNote Added: 0001014
2016-07-26 15:37Falk ReichbottStatusassigned => resolved
2016-07-26 15:37Falk ReichbottFixed in Version => 5.1.13
2016-07-26 15:37Falk ReichbottResolutionopen => no change required

Falk Reichbott   
2016-07-26 15:37   
The DKMS/EKMS support is given with based on the PGP key ring support of FLAMv5.1.13. This support a RFC4880 PGP trust store together with a CCA/ICSF PKDS. DKMS/EKMF must simply add support for managing PGP trust stores. This support can be ordered by DKMS/EKMF customers and will be implemented on request. FLAM don't need a special DKMS/EKMF integration for PGP.