Douglas Mendizábal 0d4101fa5d Configure mechanism for wrapping pKEKs ...

The PKCS#11 backend key-wraps (encrypts) the project-specific Key
Encryption Keys (pKEKs) using the master encryption key (MKEK).

The mechanism for wrapping/unwrapping the keys was hard-coded to use
CKM_AES_CBC_PAD.  This patch refactors the pkcs11 module to make this
mechanism configurable.

This is necessary to fix Bug #2036506 because some PKCS#11 devices and
software implementations no longer allow CKM_AES_CBC_PAD to be used for
key wrapping.

Supported key wrap mechanisms now include:

* CKM_AES_CBC_PAD
* CKM_AES_KEY_WRAP_PAD
* CKM_AES_KEY_WRAP_KWP

Closes-Bug: #2036506
Change-Id: Ic2009a2a55622bb707e884d6a960c044b2248f52

2024-11-13 15:42:30 -05:00

..

barbican-backend.rst

Configure mechanism for wrapping pKEKs

2024-11-13 15:42:30 -05:00

common_configure.rst

Set db_auto_create default to False

2020-09-25 14:34:07 +00:00

common_prerequisites.rst

Remove -u root as mysql is executed with root user

2018-08-14 12:52:03 +00:00

get_started.rst

docs: Fix typo: barican

2019-10-11 12:27:59 -07:00

index.rst

Replace http with https for doc links

2017-08-27 20:14:36 -07:00

install-obs.rst

move documentation into the new standard layout

2017-06-30 20:12:52 +02:00

install-rdo.rst

move documentation into the new standard layout

2017-06-30 20:12:52 +02:00

install-ubuntu.rst

Change restart the services command

2018-03-20 17:56:33 +08:00

install.rst

move documentation into the new standard layout

2017-06-30 20:12:52 +02:00

next-steps.rst

Update two Barbican services to Docs

2018-07-04 06:09:30 +07:00

verify.rst

Remove unnecessary unicode prefixes

2022-05-09 19:49:40 +00:00