Ingo Franzki

Possibly related to https://github.com/opencryptoki/opencryptoki/issues/174

Since we do not know when the last opencryptoki process terminates, we don't know when to remove those lock files. Possibly, pkcssslotd could do this when terminating?

A locked USER pin can be recovered using `pkcsconf -p` by the SO, as long as the SO still knows its pin, and the SO pin is not locked. A...

Might be related to https://github.com/opencryptoki/opencryptoki/issues/189

Can we detect that there is something left over from the last time? Otherwise it is difficult to clean something up :-)

Maybe support a label filter value like "Wrap_Key\\\0" (note the double backslash to escape the backslash). p11sak would then need to parse for the 2 characters "\0" and produce a...

The /etc/opencryptoki.conf contains the slot/token configuration, so the question is what to do with still running processes that still know the previous slot configuration, which might no longer be valid...

I started to debug these failures: Regarding: aes_tests failure is a RSA Key Wrap/Unwrap Failure: ``` * TESTCASE do_WrapUnwrapRSA BEGIN AES_CBC_PAD wrap/unwrap of RSA key for key length=16. * TESTCASE...

The 2nd RSA failkure is somehow similar: ``` * TESTCASE do_WrapUnwrapRSA BEGIN RSA PKCS Wrap Unwrap with test vector 2, * TESTCASE do_WrapUnwrapRSA ERROR (testcases/crypto/rsa_func.c:1166)) C_GenerateKeyPair() rc = CKR_TEMPLATE_INCONSISTENT ```...

Patch to skip unsupported public exponents for the TPM token. I would not apply the patch now, since then it segfaults at a later time due to above described error....