PKCS#11 bugs
Rickard Bellgrim
rickard at opendnssec.org
Thu Jun 16 12:32:21 CEST 2011
On Wed, Jun 15, 2011 at 9:33 PM, Nikos Mavrogiannopoulos
<nmav at gnutls.org> wrote:
>> 4.
>> The p11tool has an option to mark a certificate as trusted when
>> importing it. The problem is that only the Security Officer can set it
>> to true. I do not have a patch for it. But the program have to login
>> as a SO and change the attribute of this object. Remember that the SO
>> can only see public objects. You do not set the CKA_PRIVATE and the
>> default value is "token-specific". SoftHSM sets the CKA_PRIVATE to
>> true and thus not visible for the SO since it then is a private
>> object.
>
> I think I've addressed it in the repository.
The first three items now work. But the CKA_TRUSTED is still set by
the user and not the SO.
// Rickard
Output from pkcs11-spy:
9: C_OpenSession
[in] slotID = 0x2
[in] flags = 0x6
pApplication=(nil)
Notify=(nil)
[out] *phSession = 0x1
Returned: 0 CKR_OK
PIN required for token 'token2' with URL
'pkcs11:model=SoftHSM;manufacturer=SoftHSM;serial=1;token=token2'
Enter PIN:
10: C_Login
[in] hSession = 0x1
[in] userType = CKU_USER
[in] pPin[ulPinLen] [size : 0x4 (4)]
31323334
Returned: 0 CKR_OK
11: C_CreateObject
[in] hSession = 0x1
[in] pTemplate[8]:
CKA_CLASS CKO_CERTIFICATE
CKA_ID [size : 0x14 (20)]
0D388EB8 8076B822 9EFCCBCB 207EF27B 870854CA
CKA_VALUE [size : 0x2A1 (673)]
3082029D 30820206 020900ED B2014041 B7ACCB30 0D06092A 864886F7 0D010105
05003081 92310B30 09060355 04061302 53453112 30100603 55040813 0953746F
636B686F 6C6D3112 30100603 55040713 0953746F 636B686F 6C6D310C 300A0603
55040A13 032E5345 310C300A 06035504 0B130346 6F553119 30170603 55040313
10526963 6B617264 2042656C 6C677269 6D312430 2206092A 864886F7 0D010901
16157269 636B6172 64624063 65727465 7A7A612E 6E657430 1E170D31 31303631
36313032 3233315A 170D3132 30363135 31303232 33315A30 8192310B 30090603
55040613 02534531 12301006 03550408 13095374 6F636B68 6F6C6D31 12301006
03550407 13095374 6F636B68 6F6C6D31 0C300A06 0355040A 13032E53 45310C30
0A060355 040B1303 466F5531 19301706 03550403 13105269 636B6172 64204265
6C6C6772 696D3124 30220609 2A864886 F70D0109 01161572 69636B61 72646240
63657274 657A7A61 2E6E6574 30819F30 0D06092A 864886F7 0D010101 05000381
8D003081 89028181 00B3664B DE864766 54105F12 2791E5E6 5E9368B5 3FAFAA21
9D0BFA7D E141CCA5 90BCE2A0 C8B3E836 6A070D8A E77FEA98 5964BC59 3FA75177
E6879E14 D591BDA9 4ECD0B2E 7AE34A78 A115B838 60200E72 19FE0312 1D419250
D4FECBCD 0EF7BEFB 1C0E6293 C4891955 6236E432 1C70D5FE 5DD00E83 748D2FE6
7CF19B21 34313C5B 01020301 0001300D 06092A86 4886F70D 01010505 00038181
0005C642 9D21D50B FD3C5957 EF8F0E16 C08CC216 FC9141DC 67AA452D A147EBE7
BF95B508 5E43A9EA D61B8CDF 9BC839A3 AF991540 7F552A28 90C4D756 FC33416C
B2B3C83C 973851BC 61FA0F0D 6C3B2CC1 0F0AC266 E15F07CD B79010D8 BA2984C3
0708ECFF 49255890 BE84202C F3205AD5 85F19E87 9391F059 DEF749D0 F7FEF2B0
39
CKA_TOKEN True
CKA_CERTIFICATE_TYPE CKC_X_509
CKA_SUBJECT [size : 0x95 (149)]
30819231 0B300906 03550406 13025345 31123010 06035504 08130953 746F636B
686F6C6D 31123010 06035504 07130953 746F636B 686F6C6D 310C300A 06035504
0A13032E 5345310C 300A0603 55040B13 03466F55 31193017 06035504 03131052
69636B61 72642042 656C6C67 72696D31 24302206 092A8648 86F70D01 09011615
7269636B 61726462 40636572 74657A7A 612E6E65 74
DN: C=SE, ST=Stockholm, L=Stockholm, O=.SE, OU=FoU, CN=Rickard
Bellgrim/emailAddress=rickardb at certezza.net
CKA_LABEL [size : 0x6 (6)]
4D794365 7274
M y C e r t
CKA_TRUSTED [size : 0x1 (1)]
01
Returned: 16 CKR_ATTRIBUTE_READ_ONLY
12: C_CloseSession
[in] hSession = 0x1
Returned: 0 CKR_OK
Error in pkcs11_write:574: PKCS #11 error in attribute
More information about the Gnutls-devel
mailing list