pkcs11-tool: Set CKA_PRIVATE=false for new public keys
Keygen should write public keys with explicit CKA_PRIVATE=false by default (possibility to modify by --private switch)
Related to 4df35b92
discussing writing separate objects years ago.
This commit is contained in:
parent
1ca09b8f10
commit
c496af17d4
|
@ -1721,6 +1721,7 @@ static int gen_keypair(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
|
|||
CK_ULONG modulusBits = 1024;
|
||||
CK_BYTE publicExponent[] = { 0x01, 0x00, 0x01 }; /* 65537 in bytes */
|
||||
CK_BBOOL _true = TRUE;
|
||||
CK_BBOOL _false = FALSE;
|
||||
CK_OBJECT_CLASS pubkey_class = CKO_PUBLIC_KEY;
|
||||
CK_OBJECT_CLASS privkey_class = CKO_PRIVATE_KEY;
|
||||
CK_ATTRIBUTE publicKeyTemplate[20] = {
|
||||
|
@ -1849,6 +1850,17 @@ static int gen_keypair(CK_SLOT_ID slot, CK_SESSION_HANDLE session,
|
|||
n_privkey_attr++;
|
||||
}
|
||||
|
||||
if (opt_is_private != 0) {
|
||||
FILL_ATTR(publicKeyTemplate[n_pubkey_attr], CKA_PRIVATE,
|
||||
&_true, sizeof(_true));
|
||||
n_pubkey_attr++;
|
||||
}
|
||||
else {
|
||||
FILL_ATTR(publicKeyTemplate[n_pubkey_attr], CKA_PRIVATE,
|
||||
&_false, sizeof(_false));
|
||||
n_pubkey_attr++;
|
||||
}
|
||||
|
||||
rv = p11->C_GenerateKeyPair(session, &mechanism,
|
||||
publicKeyTemplate, n_pubkey_attr,
|
||||
privateKeyTemplate, n_privkey_attr,
|
||||
|
|
Loading…
Reference in New Issue