[Softhsm-develop] CKA_SENSITIVE and CKA_EXTRACTABLE handling
Petr Spacek
pspacek at redhat.com
Fri Jul 18 17:00:59 UTC 2014
On 18.7.2014 10:18, Roland van Rijswijk - Deij wrote:
> Petr Spacek wrote:
>> I think that SoftHSM should allow key wrapping in case where
>> CKA_EXTRACTABLE=TRUE and CKA_SENSITIVE=TRUE. In that case
>> C_GetAttributeValue with CKA_VALUE should fail but C_WrapKey should work.
>>
>> IMHO this is allowed behavior, see [1] page 83:
>> Do you agree? Would you accept patch which will modify attribute
>> handling to follow logic explained above?
>
> Yes, I agree, that is a correct interpretation of the PKCS #11
> specification, I'm a bit surprised that we didn't implement it that way.
> We will certainly accept a patch that fixes this, thanks!
Here it is:
https://github.com/opendnssec/SoftHSMv2/pull/84
I have extended test suite a little bit to make sure that CKA_SENSITIVE works
as described above.
Enjoy.
--
Petr Spacek @ Red Hat
More information about the Softhsm-develop
mailing list