pkcs11-tool command for creating keys in softhsm specifies aes but an RSA key was created instead in SoftHSM

Open kchan7230 opened this issue 1 year ago • 0 comments

Security issue notifications

If you discover a potential security issue in aws-kms-xks-proxy we ask that you notify AWS Security via our vulnerability reporting page. Please do not create a public github issue.

Problem:

The pkcs11-tool in the Dockerfile doesn't work, it specifies that we're creating an aes key, but the keys that end up getting created in the SoftHSM are RSA type: RUN softhsm2-util --init-token --slot 0 --label "xks-proxy" --so-pin 1234 --pin 1234 RUN pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so \ --token-label xks-proxy --login --login-type user \ --keygen --id F0 --label foo --key-type aes:32 \ --pin 1234

I found this problem while trying to create KMS customer managed keys in AWS after connecting to the XKS proxy

Solution:

Not sure sorry.

Oct 25 '24 18:10 kchan7230