[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [pkcs11] Re: Updates to CKA_GLOBAL, CKM_CERTIFY_KEY and CKM_SEAL_KEY
I have some concerns with the concept of CKM_SEAL_KEY. This seems like very token specific behavior, and also, it violates CKA_NEVER_EXTRACTABLE without informing one that it’s been done. I’d want to get some guidance on if and how supporting this might affect FIPS 140 evaluations. In terms of CKM_SEAL_KEY, which algo does it use? If I were implementing this, I’d want something that does enc + auth for example.