External Registration Recovery only works for 1024 sized keys out of the box
Steps to Reproduce:
1. Generate a crmf request using caDualCert profile (the profile has information to generate an encryption cert) using the cli pki cert-request-submit. The keysize should be 2048 2. Approve the request 3. An encryption cert is generated and key is archived 4. Recover the above cert/key using a smartcard token with external Registration enabled
Actual results:
Token enrollment fails
Expected results:
Token enrollment should be successful and cert/keys should be recovered
Additional info:
IRC conversation in associated bug Created attachment 1067090 in associated bug TPS debug log
jmagne responded:
The following workaround will work for the user, if they know that all the certs they will recover are of the same size:
op.enroll.externalRegAddToToken.keyGen.encryption.keySize=2048
Restart the server and all 2048 sized recoveries should function on the supported tokens.
Per decision made on 08/31/2015 - 10.3.
fixed along with https://fedorahosted.org/pki/ticket/1375#comment:8 commit 9a6a3d1cbf6e347b2cf0737afca4f793a6a0d0ba
Metadata Update from @rpattath: - Issue assigned to cfu - Issue set to the milestone: 10.3.0
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2146
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.