Andreas Jellinghaus wrote: > Hi everyone, > > here is a bug report with a patch for pkcs11-tool. > > I'm no expert on this subject, so feedback is very welcome. > it looks good in general, except maybe more return codes/ > error checking etc., and a different code path if > pkcs11-tool is compiled without openssl. > > the author asks about two attributes where he isn't > sure what to do best. I don't know either, so if anyone > can take care of the bug&patch, that would be great.
Just looking at the code with no way to test it, do you want the pubkey private? FILL_ATTR(pubkey_templ[3], CKA_PRIVATE, &_true, sizeof(_true)); > > Thanks, Andreas > > ---------- Weitergeleitete Nachricht ---------- > > Betreff: patch for pkcs11-tool - write pubkey objects > Datum: Montag 15 März 2010 > Von: Jaroslav Benkovský <jaroslav.benkov...@nic.cz> > An: b...@opensc-project.org > > Hello, > the attached patch allows pkcs11-tool to write RSA public keys to a > device. I am not sure why it was left out at all, but I need it to get > opendnssec working with externally generated keys and SCA6000 and this > patch allows me to do that. > > I am not sure with CKA_WRAP=FALSE & CKA_ENCRYPT=FALSE, but I set it to > be the same as device generated keys I have there. CKA_WRAP, CKA_VERIFY, CKA_VERIFY_RECOVER, CKA_WRAP are token specific, and/or maybe should match any attributes of a certificate that may contain the same public key? Should these be options, as well as CKA_PRIVATE? > > If you have any comments, questions, etc, write me. > > Regards, > Jarda Benkovsky > > ------------------------------------------------------------- > > > ------------------------------------------------------------------------ > > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
