pkcs11-tool: allow setting CKA_EXTRACTABLE during keypair generation
Section 4.9 of the PKCS#11 v2.40 specification [1], mentions CKA_EXTRACTABLE as a valid attribute for Private Key objects. However, when calling "pkcs11-tool" with the "--exportable" option, the attribute is not set as part of the private key template. [1]: http://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/errata01/os/pkcs11-base-v2.40-errata01-os-complete.html
This commit is contained in:
parent
aebebac432
commit
2f94a6b155
@ -2745,6 +2745,12 @@ static int gen_keypair(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
|
|||||||
n_privkey_attr++;
|
n_privkey_attr++;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (opt_is_extractable != 0) {
|
||||||
|
FILL_ATTR(privateKeyTemplate[n_privkey_attr], CKA_EXTRACTABLE,
|
||||||
|
&_true, sizeof(_true));
|
||||||
|
n_privkey_attr++;
|
||||||
|
}
|
||||||
|
|
||||||
if (opt_allowed_mechanisms_len > 0) {
|
if (opt_allowed_mechanisms_len > 0) {
|
||||||
FILL_ATTR(privateKeyTemplate[n_privkey_attr],
|
FILL_ATTR(privateKeyTemplate[n_privkey_attr],
|
||||||
CKA_ALLOWED_MECHANISMS, opt_allowed_mechanisms,
|
CKA_ALLOWED_MECHANISMS, opt_allowed_mechanisms,
|
||||||
|
Loading…
Reference in New Issue
Block a user