[Opendnssec-develop] Make the keys extractable from HSM?

Rick van Rein rick at openfortress.nl
Wed Dec 2 14:32:54 UTC 2009


Hi,

> > If we do this, we should add CKA_ALWAYS_SENSITIVE to avoid that the newly
> > imported key can ever get CKA_SENSITIVE reset.
> 
> CKA_ALWAYS_SENSITIVE is not a safeguard (for future settings of
> CKA_SENSITIVE), but a signal (for past settings of CKA_SENSITIVE). If
> CKA_ALWAYS_SENSITIVE is set, you know that the CKA_SENSITIVE has never been
> false. I think you meant to say the same, apologies if you do.

I seem to have misinterpreted the part of the spec dealing with
CKA_ALWAYS_SENSITIVE as a writeable attribute.  But indeed, they
cannot be written upon object creation.  Thanks for pointing that out.

Unfortunately, then we could only tell if the key has never been
jeapourdised on its current path of transport; a sideline might have
been created on which the key is used insecurely.  I suppose that is
why C_UnwrapKey specifies:

| The new key will have the CKA_ALWAYS_SENSITIVE attribute set to CK_FALSE

In other words, the 2nd HSM will not be able to conclude that a key has
always been handled securely.  A pitty, but ah well...

Note that according to the C_WrapKey specification, setting CKA_EXTRACTABLE
on its own is insufficient for key wrapping; you also need to set CKA_WRAP
on the key.


Cheers,
 -Rick



More information about the Opendnssec-develop mailing list