PKCS11: storing a secret fails with CKR_KEY_TYPE_INCONSISTENT
Bug #1704141 reported by
Jan Stodt
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Barbican |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Barbican currently uses the key type AES for HMAC signing, while
the pkcs11 standard v2.40 specifies GENERIC SECRET [1].
This causes key signing to fail.
TODO:
- Should both types still
- add functionality to barbican_manage.py
[1] http://
p.69
How to reporduce:
- generate HMAC using pkcs11_
- store a secret
- KEK loading fails with CKR_KEY_
Tested with:
openCrypoki v.3.4.1 with ICA token, Barbican master
See Patch: https:/ /review. openstack. org/#/c/ 483400/