Skip to content

Review scan result of apkam public keys #1965

Open
Open
Review scan result of apkam public keys#1965
Labels
arch callFlagging for architecture call discussion
@murali-shris

Description

@murali-shris
murali-shris
opened on May 22, 2024

Describe the bug

  • pkam public keys before apkam feature are not displayed in scan
  • pkam public keys that are created from apkam enrollments on server are displayed in scan
    Review and document the correct behavior.

Steps to reproduce

I created two enrollment buzz and atmos

1) Unauth scan:
@scan
data:["atmos.pixel.pkam.__pkams.__public_keys@alice🛠","buzz.pixel.pkam.__pkams.__public_keys@alice🛠","publickey@alice🛠","signing_publickey@alice🛠"]

2) Auth scan from first onboarded client which has privilege to approve/deny enrollments
@alice🛠@scan
data:["89f91337-b7f6-41e2-96ba-094698cd22e6.default_enc_private_key.__manage@alice🛠","89f91337-b7f6-41e2-96ba-094698cd22e6.default_self_enc_key.__manage@alice🛠","89f91337-b7f6-41e2-96ba-094698cd22e6.new.enrollments.__manage@alice🛠","8de1f61e-d869-4a83-b0b2-29438d73753a.default_enc_private_key.__manage@alice🛠","8de1f61e-d869-4a83-b0b2-29438d73753a.default_self_enc_key.__manage@alice🛠","8de1f61e-d869-4a83-b0b2-29438d73753a.new.enrollments.__manage@alice🛠","@alice🛠:signing_privatekey@alice🛠","d79390b6-ab24-4fdd-b65f-ee58983474c6.default_enc_private_key.__manage@alice🛠","d79390b6-ab24-4fdd-b65f-ee58983474c6.default_self_enc_key.__manage@alice🛠","d79390b6-ab24-4fdd-b65f-ee58983474c6.new.enrollments.__manage@alice🛠","fbd357ae-0a00-48ee-a776-8e9ac4e297bd.new.enrollments.__manage@alice🛠","public:atmos.pixel.pkam.__pkams.__public_keys@alice🛠","public:buzz.pixel.pkam.__pkams.__public_keys@alice🛠","public:publickey@alice🛠","public:signing_publickey@alice🛠"]

3) Auth scan from enrollment -atmos
@alice🛠@scan
data:["public:atmos.pixel.pkam.__pkams.__public_keys@alice🛠","public:buzz.pixel.pkam.__pkams.__public_keys@alice🛠","public:publickey@alice🛠","public:signing_publickey

Expected behavior

Review the below points

  1. whether apkam public keys should be part of unauth scan
  2. auth scan from privileged client will display pkam public keys from all enrollments
    3)auth scan from enrolled client should display only pkam public key of that specific enrollment

Screenshots

No response

Smartphones

No response

Were you using an atApplication when the bug was found?

No response

Additional context

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    arch callFlagging for architecture call discussion

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions