Hi Dave, the third search result for "ck7" will show where it is enforced.
https://github.com/opendnssec/SoftHSMv2/search?q=ck7
// Rickard
On Mon, Oct 23, 2017 at 5:13 PM, Dave Fine wrote:
> Thank you for the information. I still don't see where in the code that
> any of these `ck` checks are
Thank you for the information. I still don't see where in the code that any
of these `ck` checks are enforced though. For example, who enforces `ck7`
on a P11ECPrivateKeyObj, so that a sensitive key cannot be revealed?
Thank you,
-Dave
On Thu, Oct 12, 2017 at 11:09 AM Rickard Bellgrim
wrote:
>
Hi Dave
The checks comes from PKCS#11 [1] and is enforced according to it. You can
cross-reference all the attributes with PKCS#11.
ck1 is set for CKA_CLASS [2], but CKA_TOKEN is an optional attribute that
will default to CK_FALSE and is not required when creating an object.
CKA_CERTIFICATE_TYPE
Hello,
I have a question regarding P11Attributes.h the SoftHSMv2 code base. In
this file, there is an enum that defines a number of `ck` checks. As an
example, ck1 seems to be reserved for when an attribute is required while
creating an object. Therefore, I would expect ck1 to be set on P11Attribu
