PKCS11: storing a secret fails with CKR_KEY_TYPE_INCONSISTENT
Bug #1704141 reported by
Jan Stodt
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Barbican |
Won't Fix
|
Undecided
|
Unassigned | ||
Bug Description
Barbican currently uses the key type AES for HMAC signing, while
the pkcs11 standard v2.40 specifies GENERIC SECRET [1].
This causes key signing to fail.
TODO:
- Should both types still
- add functionality to barbican_manage.py
[1] http://
p.69
How to reporduce:
- generate HMAC using pkcs11_
- store a secret
- KEK loading fails with CKR_KEY_
Tested with:
openCrypoki v.3.4.1 with ICA token, Barbican master
| description: | updated |
Revision history for this message
| Andreas Scheuring (andreas-scheuring) wrote | #1 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote Change abandoned on barbican (master) | #2 |
Revision history for this message
| OpenStack Infra (hudson-openstack) wrote | #3 |
Revision history for this message
| Grzegorz Grasza (xek) wrote | #4 |
| Changed in barbican: | |
| status: | New → Won't Fix |
To post a comment you must log in.
See Patch: https:/