Fedora Packages

pki-kra Subpackage of pki-core

PKI KRA Package

The Key Recovery Authority (KRA) is an optional PKI subsystem that can act as a key archival facility. When configured in conjunction with the Certificate Authority (CA), the KRA stores private encryption keys as part of the certificate enrollment process. The key archival mechanism is triggered when a user enrolls in the PKI and creates the certificate request. Using the Certificate Request Message Format (CRMF) request format, a request is generated for the user's private encryption key. This key is then stored in the KRA which is configured to store keys in an encrypted format that can only be decrypted by several agents requesting the key at one time, providing for protection of the public encryption keys for the users in the PKI deployment. Note that the KRA archives encryption keys; it does NOT archive signing keys, since such archival would undermine non-repudiation properties of signing keys.

Releases Overview

Release Stable Testing
Fedora 34 10.10.5-6.fc34 -
File a new bug report »
Package Info
  • Upstream: https://www.dogtagpki.org
  • License(s): GPLv2 and LGPLv2
  • Maintainers: abbra, dmoluguw, cfu, cdorney, kwright, edewata, ckelley, cipherboy, mharmsen, vakwetu, jmagne

Related Packages

You can contact the maintainers of this package via email at pki-core dash maintainers at fedoraproject dot org.



Sources on Pagure