[Open Crypto Project] #44: Port PKCS11 library to RPC API

Open Crypto Project trac at cryptech.is
Sun May 15 19:44:37 UTC 2016

#44: Port PKCS11 library to RPC API
  Reporter:  pselkirk  |      Owner:  sra
      Type:  task      |     Status:  accepted
  Priority:  critical  |  Milestone:  Alpha board DNSSEC signer
 Component:  HAL       |    Version:
Resolution:            |   Keywords:
Blocked By:            |   Blocking:

Comment (by sra):

 Sigh, failing hsmbully tests because hsmbully doesn't set `CKA_ID`.
 Which, apparently, is legal, if strange.  More generally, there does not
 appear to be **any** PKCS !#11 attribute which we can really depend upon
 being able to map to the libhal key name.  Feh.

 Perhaps the best approach would be to have libhal supply the "key name"
 instead of having the user do so.  In which case the key name would
 probably start looking more like an X.509 Subject Key Identifier (ie, a
 hash of the public key), perhaps with a few other bits thrown in if needed
 to break ties allowed by PKCS !#11.

Ticket URL: <https://trac.cryptech.is/ticket/44#comment:4>
Open Crypto Project <https://wiki.cryptech.is/>

More information about the Ticket-BCC mailing list