Hi,
I use opensc 0.11.13 [gcc 4.4.5] with an Aladdin eToken PRO 64k on
Debian/Sid AMD_64.
For me it seems that the PKCS#11 module does not support the
CKA_DECRYPT, CKA_SIGN attributes when you create an object. That
is why each private key, which is created by opensc pkcs#11, has
the same usage, regardless of the template values: [0x4] = sign.
[..]
CK_ATTRIBUTE privkey_template[] = {
{CKA_DECRYPT, &_true, sizeof (_true)}
};
Whenever I used the pkcs#15 code directly, it works as expected.
I could not find any ticket or reports about the issue in the list
archive but in my opinion the correction of the problem would be simple:
--- framework-pkcs15.c.orig 2011-05-24 20:35:54.000000000 +0200
+++ framework-pkcs15.c 2011-05-24 20:35:47.000000000 +0200
@@ -1181,7 +1181,14 @@
case CKA_PRIME_1:
bn = &rsa->p; break;
case CKA_PRIME_2:
- bn = &rsa->q; break;
+ bn = &rsa->q; break;
+ case CKA_SIGN:
+ args.usage = SC_PKCS15_PRKEY_USAGE_SIGN;
+ break;
+ case CKA_DECRYPT:
+ args.usage = SC_PKCS15_PRKEY_USAGE_DECRYPT;
+ break;
+
default:
/* ignore unknown attrs, or flag error? */
continue;
If I missed a point and there is reason for this behavior, I would
be glad if somebody could shed some light on it.
Timo
--
"The more I think about language, the more it amazes me that people
ever understand each other at all." -Kurt Gödel
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
