Hi again. In my testing with the v2.4 branch from git, it appears the library now claims to support v2.20 of the PKCS#11 spec, as obtained via C_GetInfo(). The version I was using previously claimed to support v2.12.
When cryptokiVersion is < 2.20, my code refrains from passing newer key attributes (such as CKA_WRAP_WITH_TRUSTED) to functions such as C_GenerateKeyPair(), lest I get CKR_ATTRIBUTE_TYPE_INVALID. These attributes (CKA_WRAP_WITH_TRUSTED in particular) still don't seem to be supported (per running grep against the source tree), but the value of cryptokiVersion implies they are, breaking my compatibility check and causing my key generation routines to fail. This can be worked by checking libraryDescription and libraryVersion in addition to cryptokiVersion, but that'll be incorrect in the future if support for these attributes is added to the 2.4 branch between now and its final release. Are there plans to support the full v2.20 spec? Does it make sense to permit the attributes introduced in v2.20 even if they don't actually do anything, or will that have unintended consequences? Or should the library revert to reporting cryptokiVersion == 2.12 until full support for 2.20 is added? If either of the latter two options is preferable, I'd be happy to submit a patch. -- Dave Pifke, [email protected] ------------------------------------------------------------------------------ What Every C/C++ and Fortran developer Should Know! Read this article and learn how Intel has extended the reach of its next-generation tools to help Windows* and Linux* C/C++ and Fortran developers boost performance applications - including clusters. http://p.sf.net/sfu/intel-dev2devmay _______________________________________________ Opencryptoki-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/opencryptoki-tech
