[Open Crypto Project] #44: Port PKCS11 library to RPC API
Open Crypto Project
trac at cryptech.is
Sun May 15 19:44:37 UTC 2016
#44: Port PKCS11 library to RPC API
-----------------------+---------------------------------------
Reporter: pselkirk | Owner: sra
Type: task | Status: accepted
Priority: critical | Milestone: Alpha board DNSSEC signer
Component: HAL | Version:
Resolution: | Keywords:
Blocked By: | Blocking:
-----------------------+---------------------------------------
Comment (by sra):
Sigh, failing hsmbully tests because hsmbully doesn't set `CKA_ID`.
Which, apparently, is legal, if strange. More generally, there does not
appear to be **any** PKCS !#11 attribute which we can really depend upon
being able to map to the libhal key name. Feh.
Perhaps the best approach would be to have libhal supply the "key name"
instead of having the user do so. In which case the key name would
probably start looking more like an X.509 Subject Key Identifier (ie, a
hash of the public key), perhaps with a few other bits thrown in if needed
to break ties allowed by PKCS !#11.
--
Ticket URL: <https://trac.cryptech.is/ticket/44#comment:4>
Open Crypto Project <https://wiki.cryptech.is/>
More information about the Ticket-BCC
mailing list