[23.10 FEAT] [SEC1922] openCryptoki: concurrent MK rotation for ep11 token
Bug #2025917 reported by
bugproxy
This bug affects 2 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Ubuntu on IBM z Systems |
Fix Released
|
Medium
|
Skipper Bug Screeners | ||
opencryptoki (Ubuntu) |
Fix Released
|
High
|
Unassigned |
Bug Description
Support MK rotation for EP11 secure keys while openCryptoki is running.
The ep11 token must listen to a master key change event and upon that event prepare all session and token keys to use secure keys based on the new master key and (possibly based on another event replace secure keys wrapped by the (previous) current MK with secure keys wrapped by the new (current) MK.
tags: | added: architecture-s39064 bugnameltc-202902 severity-high targetmilestone-inin2310 |
Changed in ubuntu: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
affects: | ubuntu → linux (Ubuntu) |
affects: | linux (Ubuntu) → opencryptoki (Ubuntu) |
Changed in ubuntu-z-systems: | |
assignee: | nobody → Skipper Bug Screeners (skipper-screen-team) |
Changed in opencryptoki (Ubuntu): | |
assignee: | Skipper Bug Screeners (skipper-screen-team) → nobody |
importance: | Undecided → High |
Changed in ubuntu-z-systems: | |
importance: | Undecided → Medium |
information type: | Private → Public |
Changed in ubuntu-z-systems: | |
status: | New → Fix Released |
To post a comment you must log in.
------- Comment From <email address hidden> 2023-07-04 18:39 EDT------- /github. com/opencryptok i/opencryptoki/ releases/ tag/v3. 21.0
This feature is included in the latest openCryptoki version 3.21.0 as available from:
https:/