FLAM® Issue Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0000699FL55. FKME/FKM5public2015-06-23 14:102016-06-07 19:48
ReporterMykhailo Moldavskyy 
Assigned ToFalk Reichbott 
PrioritynormalSeverityfeatureReproducibilityhave not tried
StatusresolvedResolutionwon't fix 
PlatformGeneralOSGeneralOS VersionGeneral
Product Version5.1.06 
Target Version5.2Fixed in Version5.1.13 
Summary0000699: SAF-KeyRing support
DescriptionAdd Racf-KeyRing support for example PGP (conversion/encryption)
see:
http://www-01.ibm.com/support/knowledgecenter/SSLTBW_2.1.0/com.ibm.zos.v2r1.ichd100/gplfrd.htm [^]

The r_datlib service can be used to read entries from the key ring.

The key ring can contain clear key pairs, PKCS#11 tokens, ICSF label for EP11 tokens or CCA keys.

The SAF key ring support must be implemented on top of the P11 and CCA support, and simplifies siply the access to the key/token label.

The FKME for asymetric key exchange and signing used for FLAM5 archive, OpenPGP files or other encryption cabebilities must be extent to determine the current active key of the declared user based on the assigned SAF key ring.

This solution must be combatible with RACF, ACF2, Top Secret and other security server.
TagsNo tags attached.
Attached Fileseml file icon WG RACF-KeyRing-Support and PGP.eml [^] (18,261 bytes) 2015-06-23 14:10

- Relationships
related to 0000075resolvedFalk Reichbott Add OpenPGP support to data conversions 

-  Notes
(0000905)
Falk Reichbott (administrator)
2015-10-29 10:15

This support makes key management very complex. It was mainly planed to get the keys managed with DKMS/EKMF. For DKMS/EKMF a direct support over DKMS/EKMF-API and UKDS7 is now planed. Based on that this support will only implemented on customer request.

Asspecial for OpenPGP a SUB-CA key in the PKDS is require as prerequisit to translate OpenPGP KeyFiles (Certificates) in X509 Certificates for SAF-KeyRings. This signature verification over the PGP key to generate then the signature over the X509 certificate, makes the whole process very complex.

It will be simpler and more secure, if the keys only managed by DKMS/EKMF and used by FLAM over ICSF/CCA, PKCS11 or some ohter supported HSM of DKMS/EKMF.
(0000994)
Falk Reichbott (administrator)
2016-06-07 19:48

Is not required anymore

- Issue History
Date Modified Username Field Change
2015-06-23 14:10 Mykhailo Moldavskyy New Issue
2015-06-23 14:10 Mykhailo Moldavskyy Status new => assigned
2015-06-23 14:10 Mykhailo Moldavskyy Assigned To => Falk Reichbott
2015-06-23 14:10 Mykhailo Moldavskyy File Added: WG RACF-KeyRing-Support and PGP.eml
2015-06-23 14:10 Mykhailo Moldavskyy Product Version => 5.1.06
2015-06-23 14:10 Mykhailo Moldavskyy Target Version => 5.1.08
2015-06-29 08:35 Falk Reichbott View Status private => public
2015-06-29 08:35 Falk Reichbott Summary RACF-KeyRing support => SAF-KeyRing support
2015-06-29 08:35 Falk Reichbott Description Updated View Revisions
2015-06-29 09:11 Falk Reichbott Target Version 5.1.08 => 5.1
2015-06-29 09:12 Falk Reichbott Relationship added related to 0000075
2015-07-09 18:48 Falk Reichbott Target Version 5.1 => 5.1.09
2015-08-13 18:47 Falk Reichbott Target Version 5.1.09 => 5.1.11
2015-10-29 10:15 Falk Reichbott Note Added: 0000905
2015-10-29 10:15 Falk Reichbott Target Version 5.1.11 => 5.2
2015-11-11 15:41 Falk Reichbott Category 5. FKME => 5. FKME/FKM5
2016-06-07 19:48 Falk Reichbott Note Added: 0000994
2016-06-07 19:48 Falk Reichbott Status assigned => resolved
2016-06-07 19:48 Falk Reichbott Fixed in Version => 5.1.13
2016-06-07 19:48 Falk Reichbott Resolution open => won't fix


Copyright © 2000 - 2020 MantisBT Team
Powered by Mantis Bugtracker