From c97a93a579a55ed4b3e5d1ed03b8620a8a1d90e0 Mon Sep 17 00:00:00 2001
From: gbolo <george.bolo@gmail.com>
Date: Thu, 20 Jul 2017 15:00:31 -0400
Subject: [PATCH] [FAB-5407] Fix issue with pubkey pkcs11 CKA_PRIVATE

According to PKCS11 standard:
CKA_PRIVATE - CK_BBOOL - TRUE if object is a private
object (vs. public object) (default FALSE)

Changing this to FALSE for public key pkcs11 attribute struct
fixed an issue we were having with our Thalas HSM: CKR_TEMPLATE_INCONSISTENT

Commenting out this line also works
(since there is no reason for it to be in the pubkey struct).
Please also vendor in this change to other projects using it,
such as Fabric-CA.

Change-Id: I87d363a89e34c39f438492123166ed59eb515c44
Signed-off-by: gbolo <george.bolo@gmail.com>
---
 bccsp/pkcs11/pkcs11.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bccsp/pkcs11/pkcs11.go b/bccsp/pkcs11/pkcs11.go
index 83c77bdb41b..05de1e42ec9 100644
--- a/bccsp/pkcs11/pkcs11.go
+++ b/bccsp/pkcs11/pkcs11.go
@@ -239,7 +239,7 @@ func (csp *impl) generateECKey(curve asn1.ObjectIdentifier, ephemeral bool) (ski
 		pkcs11.NewAttribute(pkcs11.CKA_TOKEN, !ephemeral),
 		pkcs11.NewAttribute(pkcs11.CKA_VERIFY, true),
 		pkcs11.NewAttribute(pkcs11.CKA_EC_PARAMS, marshaledOID),
-		pkcs11.NewAttribute(pkcs11.CKA_PRIVATE, true),
+		pkcs11.NewAttribute(pkcs11.CKA_PRIVATE, false),
 
 		pkcs11.NewAttribute(pkcs11.CKA_ID, publabel),
 		pkcs11.NewAttribute(pkcs11.CKA_LABEL, publabel),