powerauth-server icon indicating copy to clipboard operation
powerauth-server copied to clipboard

Published 20 hours ago verified publisher icon wultra

Add support for MASTER_KEY_PAIR lifecycle

Open petrdvorak opened this issue 8 years ago • 1 comments

Currently, there is a collection of MASTER_KEY_PAIRs associated with every application. For the purpose of activation, the one that is the newest (ordered by timestamp_created) is used. We should add a better support for the lifecycle to the PA2.0 SW stack, namely:

  • Add a method to generate a new "replacement key pair" for an application in SOAP interface.
  • Add a method to make the replacement key pair active (disable the old key, enable the new one) in SOAP interface.
  • Add UI update to the PowerAuth 2.0 Admin in order to display the new replacement key pair's public key.

petrdvorak avatar May 16 '16 11:05 petrdvorak

OK, this actually has very simple solution that we can implement in PAS:

  • alter the pa_application_version table to contain keypair columns
  • migrate the associated keypair from pa_master_keypair table
  • use the value from pa_application_version

This approach will even improve a performance a bit, and will not affect our users in any way.

petrdvorak avatar May 09 '22 21:05 petrdvorak