[Softhsm-develop] CKA_SENSITIVE and CKA_EXTRACTABLE handling
pspacek at redhat.com
Fri Jul 18 19:00:59 CEST 2014
On 18.7.2014 10:18, Roland van Rijswijk - Deij wrote:
> Petr Spacek wrote:
>> I think that SoftHSM should allow key wrapping in case where
>> CKA_EXTRACTABLE=TRUE and CKA_SENSITIVE=TRUE. In that case
>> C_GetAttributeValue with CKA_VALUE should fail but C_WrapKey should work.
>> IMHO this is allowed behavior, see  page 83:
>> Do you agree? Would you accept patch which will modify attribute
>> handling to follow logic explained above?
> Yes, I agree, that is a correct interpretation of the PKCS #11
> specification, I'm a bit surprised that we didn't implement it that way.
> We will certainly accept a patch that fixes this, thanks!
Here it is:
I have extended test suite a little bit to make sure that CKA_SENSITIVE works
as described above.
Petr Spacek @ Red Hat
More information about the Softhsm-develop