FLAM Issue Tracker - FL5
View Issue Details
0000925FL51.1 FLCLpublic2018-07-30 13:442019-02-17 17:53
Mykhailo Moldavskyy 
Falk Reichbott 
0000925: Add or replace recipient or re-keying an existing encrypted PGP file
Add or replace recipient or re-keying an existing encrypted PGP file.

1. Allow additional recipients access to the existing data
2. Change sessionkey encryption from older key to a newer one.
3. Change sessionkey encryption from one HSM to an other one.
No tags attached.
Issue History
2018-07-30 13:44Mykhailo MoldavskyyNew Issue
2018-07-30 13:44Mykhailo MoldavskyyStatusnew => assigned
2018-07-30 13:44Mykhailo MoldavskyyAssigned To => Mykhailo Moldavskyy
2018-07-30 15:25Falk ReichbottNote Added: 0001159
2018-11-02 12:46Falk ReichbottTarget Version5.1.20 => 5.1.21
2018-11-02 12:50Falk ReichbottAssigned ToMykhailo Moldavskyy => Falk Reichbott
2019-02-17 17:53Falk ReichbottNote Added: 0001211
2019-02-17 17:53Falk ReichbottStatusassigned => resolved
2019-02-17 17:53Falk ReichbottFixed in Version => 5.1.20
2019-02-17 17:53Falk ReichbottResolutionopen => fixed

Falk Reichbott   
2018-07-30 15:25   
There are tow behaviors required.

One for key translate inside of a HSM and one with the clear key value for an FKM5 to another FKM5 processing.

To solve this issue, we must implement an new commando (REKEY or XLAT) for FLCL/FLUCUP.
Falk Reichbott   
2019-02-17 17:53   
At read the re-encryption of PGP files are now implemented. This can be used in 2 modes. The re-encrypted session key (under passphrase or public key) are add to (default) or replace (set) the existing session key packets.

The feature works on armor'ed files and can also produce armor'ed files.

This is mainly useful and was implemented to support different views of flucFS to the same PGP encrypted files. These files are encrypted under an repository key and for each view a re-encryption to another public key can be defined. This make encrypted PGP files manageable for an enterprise after encrypted write.