Ticket #198 (closed defect: fixed)
NB! Read about ReportingBugs before filing a ticket!
a stored key will have "local" flag
| Reported by: | martin | Owned by: | opensc-devel@… |
|---|---|---|---|
| Priority: | normal | Milestone: | 0.12.0 |
| Component: | opensc | Version: | trunk |
| Severity: | normal | Keywords: | |
| Cc: | Blocked By: | ||
| Blocking: |
Description (last modified by martin) (diff)
When storing a private key on epass3000 with
pkcs15-init --store-private-key key.pem -a 1 --key-usage sign,decrypt -vvvvvv
will be reported with "local" flag:
Private RSA Key [Private Key] Com. Flags : 3 Usage : [0x22E], decrypt, sign, signRecover, unwrap, nonRepudiation Access Flags: [0x1D], sensitive, alwaysSensitive, neverExtract, local ModLength : 2048 Key ref : 1 Native : yes Path : 3f005015 Auth ID : 01 ID : 371628f99ccaa5592df702810d8b15f340f9334f
According to PKCS#11 (which is referenced from PKCS#15):
CK_TRUE only if key was either generated locally (i.e., on the token) with a C_GenerateKey or C_GenerateKeyPair call or created with a C_CopyObject call as a copy of a key which had its CKA_LOCAL attribute set to CK_TRUE
The same applies to the rest of the flags:
sensitive, alwaysSensitive, neverExtract, local
Tested with entersafe, other cards not tested.
Attachments
-
access_flags.patch
(2.9 KB) -
added by martin 2 years ago.
- Correctly set access flags for stored and generated keys
Change History
comment:1 Changed 2 years ago by martin
- Description modified (diff)
- Summary changed from entersafe: a stored key will have "local" flag to a stored key will have "local" flag
Changed 2 years ago by martin
-
attachment
access_flags.patch
added
Correctly set access flags for stored and generated keys
Note: See
TracTickets for help on using
tickets.
