Skip to content

Commit

Permalink
[FAB-5407] Fix issue with pubkey pkcs11 CKA_PRIVATE
Browse files Browse the repository at this point in the history 
According to PKCS11 standard:
CKA_PRIVATE - CK_BBOOL - TRUE if object is a private
object (vs. public object) (default FALSE)

Changing this to FALSE for public key pkcs11 attribute struct
fixed an issue we were having with our Thalas HSM: CKR_TEMPLATE_INCONSISTENT

Commenting out this line also works
(since there is no reason for it to be in the pubkey struct).
Please also vendor in this change to other projects using it,
such as Fabric-CA.

Change-Id: I87d363a89e34c39f438492123166ed59eb515c44
Signed-off-by: gbolo <george.bolo@gmail.com>
  • Loading branch information
@gbolo
gbolo committed Jul 20, 2017
1 parent a3f2a02 commit c97a93a
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion bccsp/pkcs11/pkcs11.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -239,7 +239,7 @@ func (csp *impl) generateECKey(curve asn1.ObjectIdentifier, ephemeral bool) (ski
pkcs11.NewAttribute(pkcs11.CKA_TOKEN, !ephemeral),
pkcs11.NewAttribute(pkcs11.CKA_VERIFY, true),
pkcs11.NewAttribute(pkcs11.CKA_EC_PARAMS, marshaledOID),
pkcs11.NewAttribute(pkcs11.CKA_PRIVATE, true),
pkcs11.NewAttribute(pkcs11.CKA_PRIVATE, false),

pkcs11.NewAttribute(pkcs11.CKA_ID, publabel),
pkcs11.NewAttribute(pkcs11.CKA_LABEL, publabel),
Expand Down

0 comments on commit c97a93a

Please sign in to comment.