You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is a generalization of a remaining unsolved issue within #1805, tested with OpenSC-0.21.0.
I requested some attribute infos about keys of object types CKO_PUBLIC_KEY (card has RSA keys only), CKO_PRIVATE_KEY, CKO_SECRET_KEY (card has AES, 3DES/192 key(s) only), no session objects.
The respective "query" template array has entries for:
No result for my DES3/192 key. It seems to be not registered for the PKCS#11 layer. No problem, I'll leave it as it is.
CKA_MODIFIABLE attribute reported erroneously (false) for RSA key pair(s), okay for AES. All my keys are declared as modifiable in PuKDF, PrKDF, SKDF.
CKA_EXTRACTABLE attribute reported erroneously (false) for public RSA key(s), (true) for AES. All my public RSA key(s) are declared as extractable in PuKDF, secret keys as not-extractable in SKDF.
All the other attributes get retrieved with correct values.
Note, that pkcs15-tool has no problem to report correct results (i.e. entries in EF.PrKDF, EF.PuKDF and EF.SKDF are okay):
Problem Description
This is a generalization of a remaining unsolved issue within #1805, tested with OpenSC-0.21.0.
I requested some attribute infos about keys of object types
CKO_PUBLIC_KEY
(card has RSA keys only),CKO_PRIVATE_KEY
,CKO_SECRET_KEY
(card has AES, 3DES/192 key(s) only), no session objects.The respective "query" template array has entries for:
Wrong results:
All the other attributes get retrieved with correct values.
Note, that pkcs15-tool has no problem to report correct results (i.e. entries in EF.PrKDF, EF.PuKDF and EF.SKDF are okay):
Proposed Resolution
I have a working impl. for a fix PR, soon to come.
Steps to reproduce
(The Rust code that revealed the wrong results is in https://github.com/carblue/acos5/tree/master/project_pkcs11_example_apps, main.rs, may need slight adaption (see READ.ME) for others to use: in fn main(), the module path and login pin).
The text was updated successfully, but these errors were encountered: