barbican/doc/source
Douglas Mendizábal 0d4101fa5d Configure mechanism for wrapping pKEKs
The PKCS#11 backend key-wraps (encrypts) the project-specific Key
Encryption Keys (pKEKs) using the master encryption key (MKEK).

The mechanism for wrapping/unwrapping the keys was hard-coded to use
CKM_AES_CBC_PAD.  This patch refactors the pkcs11 module to make this
mechanism configurable.

This is necessary to fix Bug #2036506 because some PKCS#11 devices and
software implementations no longer allow CKM_AES_CBC_PAD to be used for
key wrapping.

Supported key wrap mechanisms now include:

* CKM_AES_CBC_PAD
* CKM_AES_KEY_WRAP_PAD
* CKM_AES_KEY_WRAP_KWP

Closes-Bug: #2036506
Change-Id: Ic2009a2a55622bb707e884d6a960c044b2248f52
2024-11-13 15:42:30 -05:00
..
_extra allow redirects in .htaccess files on the static web servers 2017-08-03 14:41:32 +05:30
_static Ensure doc/source/_static to fix docs gate 2019-09-06 10:07:26 +09:00
admin Allow secret delete by users with "creator" role 2022-01-31 14:21:58 -06:00
api Prohibit certificate order resource 2024-02-22 13:16:49 +09:00
cli Add barbican-status upgrade check command framework 2019-01-15 06:16:53 +00:00
configuration Fix expired links 2023-09-06 17:15:59 +08:00
contributor Merge "Add tempest to devstack how-to" 2023-10-14 20:52:15 +00:00
images Fixes index.rst titles and add mascot 2020-06-08 16:14:18 -03:00
install Configure mechanism for wrapping pKEKs 2024-11-13 15:42:30 -05:00
conf.py Microversions documentation 2022-12-09 10:26:35 +01:00
index.rst Fixes index.rst titles and add mascot 2020-06-08 16:14:18 -03:00
sample_config.rst Fix PDF build 2020-06-23 16:37:17 +02:00
sample_policy.rst Add sample config and policy to documentation 2018-02-09 08:16:03 +00:00