Barbican

Restructure PKCS11 Plugin

Registered by Paul Kehrer

 The current PKCS11 plugin assumes that it has sufficient storage to create a KEK per project/tenant. This assumption is untrue for many HSMs so we propose to introduce a master KEK stored in the HSM that wraps per project KEKs to resolve the problem.

Blueprint information

Status:
Complete
Approver:
Douglas Mendizábal
Priority:
High
Drafter:
Paul Kehrer
Direction:
Approved
Assignee:
Paul Kehrer
Definition:
Approved
Series goal:
Accepted for juno
Implementation:
Implemented
Milestone target:
milestone icon 2014.2
Started by
Douglas Mendizábal
Completed by
Douglas Mendizábal

Related branches

Sprints

Whiteboard

Gerrit topic: https://review.openstack.org/#q,topic:bp/restructure-pkcs11-plugin,n,z

Addressed by: https://review.openstack.org/120498
    PKCS11 refactor to use a master KEK and per project KEK

(?)

Work Items

Nearby

This blueprint contains Public information 
Everyone can see this information.
Edit subscription

Subscribers

No subscribers.