Menu
▾
▴
[Opensc-commits] [OpenSC/OpenSC] ec7565: pkcs11-tool: consistent handling of secret key att...
|
From: Ludvig M. <no...@gi...> - 2022-02-08 12:25:58
|
Branch: refs/heads/master Home: https://github.com/OpenSC/OpenSC Commit: ec75651a2deebf8b67458231af10010d4d2ac6ad https://github.com/OpenSC/OpenSC/commit/ec75651a2deebf8b67458231af10010d4d2ac6ad Author: Ludvig Michaelsson <lud...@yu...> Date: 2022-02-08 (Tue, 08 Feb 2022) Changed paths: M doc/tools/pkcs11-tool.1.xml M src/tools/pkcs11-tool.c Log Message: ----------- pkcs11-tool: consistent handling of secret key attributes When support for unwrapping secret keys was added in 9136878 (as part of #2268), the `--usage-decrypt` and `--usage-wrap` options were used to toggle the `CKA_{ENCRYPT,DECRYPT}` and `CKA_{WRAP,UNWRAP}` attributes in the object template passed to the module. In contrast, when a secret key object is generated (`--keygen`) or created (`--write-object`), the same attributes are unconditionally set to true or omitted respectively, regardless of any specified `--usage-*` option. To make this handling consistent, use the approach introduced by the unwrap command and let the user specify the attributes, defaulting to only setting `CKA_{ENCRYPT,DECRYPT}` if no usage was specified. The documentation was amended to reflect the behavior of `--usage-decrypt`. |
