pkcs11 icon indicating copy to clipboard operation
pkcs11 copied to clipboard
verified publisher icon miekg

Adding WrapKey to p11/session

Open dkiser opened this issue 6 years ago • 3 comments

Initial stab at https://github.com/miekg/pkcs11/issues/94

dkiser avatar Jan 27 '19 17:01 dkiser

This is a drive-by, so feel free to disregard.

Wouldn't this be a nicer API if implemented in terms of p11.PrivateKey and p11.PublicKey? I.e.,

func (priv PrivateKey) Wrap(mechanism pkcs11.Mechanism, wrapper PublicKey) {
	s := priv.session
	s.Lock()
	defer s.Unlock()
	return s.ctx.WrapKey(s.handle,
		[]*pkcs11.Mechanism{&mechanism},
		wrapper.objectHandle,
		priv.objectHandle)
}

Admittedly, this only addresses the use-case of wrapping a private key using a public key. I was going to open a separate PR to add a SecretKey type to complement to existing PrivateKey and PublicKey in p11 (i.e., an object with class pkcs11.CKA_SECRET_KEY). That SecretKey could have its own implementation of ~WrapKey~ Wrap(), but also accepting a PublicKey as the arg.

That idea also only addresses the use-case of wrapping with a PublicKey, which may be too limited, but I personally would prefer a more 'narrow' API in the p11 package than handling raw pkcs11.ObjectHandles (or p11.Objects), which could be easily mis-used.

What do you think?

emmanuel avatar Feb 15 '19 17:02 emmanuel

I agree with @emmanuel

miekg avatar Feb 21 '19 07:02 miekg

Sounds good!

dkiser avatar Feb 21 '19 15:02 dkiser