giomba
/
opensc
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

pkcs11-tool: allow setting CKA_EXTRACTABLE during keypair generation 

Section 4.9 of the PKCS#11 v2.40 specification [1], mentions
CKA_EXTRACTABLE as a valid attribute for Private Key objects. However,
when calling "pkcs11-tool" with the "--exportable" option, the
attribute is not set as part of the private key template.

[1]: http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/pkcs11-base-v2.40-errata01-os-complete.html
This commit is contained in:
Alessio Di Mauro 2021-06-23 15:29:29 +02:00
parent aebebac432
commit 2f94a6b155
No known key found for this signature in database
GPG Key ID: 90CB045BD3994701
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/tools/pkcs11-tool.c
View File

@ -2745,6 +2745,12 @@ static int gen_keypair(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
n_privkey_attr++;
}
if (opt_is_extractable != 0) {
FILL_ATTR(privateKeyTemplate[n_privkey_attr], CKA_EXTRACTABLE,
&_true, sizeof(_true));
n_privkey_attr++;
}
if (opt_allowed_mechanisms_len > 0) {
FILL_ATTR(privateKeyTemplate[n_privkey_attr],
CKA_ALLOWED_MECHANISMS, opt_allowed_mechanisms,