Ingo Franzki
Ingo Franzki
Looks like @jschmidb has not spotted all my typos I usually do back then :-)
e.g. add a token callback in SC_GetTokeInfo The CCA token could provide the firmware version and serial number of the used CCA crypto card.
An EC private key only contains CKA_EC_PARAMS (curve) and CKA_VALUE (private value d), but not CKA_EC_POINT (DER encoded public ECPoint value Q). To supply the SubjectPublicKeyInfo in CKA_PBLIC_KEY_INFO on an...
The use of transactional memory is broken in openCryptoki anyway. Also, many code paces use locks, even with `--disable-locks`. `--enable-locks` is the default anyway. This would also allow us to...
The label filter for the list-key command has some unexpected effects, when it filters key objects where the objects label is padded with one zero byte, e.g. `Wrap_Key\0` and ulValueLen...
The OpenSSL-based code of the soft token might already support RSA key sizes > 4096 bits (up to OPENSSL_RSA_MAX_MODULUS_BITS) - Update the max key size in the mechanism list for...
As of today, function ckm_ecdh_pkcs_derive() in mech_ec.c extracts the private key (CKA_VALUE) from the base key, and passes it to the token specific token_specific_ecdh_pkcs_derive() function. This works fine for clear...
Currently the ICA token uses the `ica_aes_gcm_xxx()` API for AES-GCM. Adapt the code to use the new `ica_aes_gcm_kma_xxx()` API, if running with a libica version that supports it.
The pkcs11-provider from https://github.com/latchset/pkcs11-provider supports PEM files containing the PKCS#11 URI instead of the key or certificate material. Enhance p11sak to allow to export such URI-PEM files, optionally including the...
List ideas for additional p11sak commands/function in this issue. **list-all** List all objects, regardless of its class or type. The short listing will list `-` for those boolean attributes that...