Skip to content

Commit

Permalink
Remove CKA_PRIVATE from pubkeyT to broaden compatibility with HSMs
Browse files Browse the repository at this point in the history 
Some HSM does not support CKA_PRIVATE defined as 'false' for the pubkey
template. Removing this definition of the template eliminates the issue,
as the HSM assumes a default value for the created object.

There is another attribute that defines if a key object is the public or
private member of a pair, and this is the CKA_CLASS attr, that may have the
values of CKO_PUBLIC_KEY, CKO_PRIVATE_KEY or CKO_SECRET_KEY.

JIRA: https://jira.hyperledger.org/browse/FAB-17280

Tested with SoftHSMv2 and Dinamo Networks HSM.

Signed-off-by: Carlos Eduardo Matos Ellery <carlos.ellery@serpro.gov.br>
  • Loading branch information
@mastersingh24
Carlos Eduardo Matos Ellery authored and mastersingh24 committed Dec 18, 2019
1 parent 0b5923b commit 9495e67
Showing 1 changed file with 0 additions and 1 deletion.
1 change: 0 additions & 1 deletion bccsp/pkcs11/pkcs11.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -214,7 +214,6 @@ func (csp *impl) generateECKey(curve asn1.ObjectIdentifier, ephemeral bool) (ski
pkcs11.NewAttribute(pkcs11.CKA_TOKEN, !ephemeral),
pkcs11.NewAttribute(pkcs11.CKA_VERIFY, true),
pkcs11.NewAttribute(pkcs11.CKA_EC_PARAMS, marshaledOID),
pkcs11.NewAttribute(pkcs11.CKA_PRIVATE, false),

pkcs11.NewAttribute(pkcs11.CKA_ID, publabel),
pkcs11.NewAttribute(pkcs11.CKA_LABEL, publabel),
Expand Down

0 comments on commit 9495e67

Please sign in to comment.