-
Type:
Support
-
Status: Resolved
-
Priority:
Minor
-
Resolution: Won't Fix
-
Affects Version/s: SoftHSM 2.0.0b1
-
Fix Version/s: None
-
Component/s: PKCS#11 Interface
-
Labels:None
Description of problem:
When generating a private and public key pair using C_GenerateKeyPair() one can specify the CKA_TOKEN flag to the public key attributes to make the public key persistent. That mostly allows the public keys to be viewable, even though the private keys are hidden. However, softhsm does not honour that flag and never creates a CKO_PUBLIC_KEY object.
How reproducible:
1. PKCS11SPY=/usr/lib64/pkcs11/libsofthsm2.so pkcs11-tool -k --key-type rsa:1024 --module /usr/lib64/pkcs11/pkcs11-spy.so --login
2. pkcs11-tool --module /usr/lib64/pkcs11/libsofthsm2.so -O
Actual results:
Nothing.
Expected results:
The generated public key should have been listed.
Additional info:
The template used in C_GenerateKeyPair is shown below:
2015-08-03 14:20:46.096
[in] hSession = 0x1
pMechanism->type=CKM_RSA_PKCS_KEY_PAIR_GEN
[in] pPublicKeyTemplate[7]:
CKA_CLASS CKO_PUBLIC_KEY
CKA_TOKEN True
CKA_MODULUS_BITS 00007ffd28e62570 / 8
00000000 00 04 00 00 00 00 00 00 ........
CKA_PUBLIC_EXPONENT 00007ffd28e62560 / 3
00000000 01 00 01 ...
CKA_VERIFY True
CKA_ENCRYPT True
CKA_WRAP True
[...]
Returned: 0 CKR_OK