OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: more guidance for CKA_COPYABLE and CKA_DESTROYABLE?

Hi all,

To follow up with one of my questions from earlier at
today's meeting,  I am asking for perhaps some more
clarification about how CKA_COPYABLE and CKA_DESTROYABLE
interact with existing attributes, like CKA_EXTRACTABLE
and CKA_SENSITIVE, and functions C_WrapKey and C_UnwrapKey.

This is what the text says at the end of section 4.4:

"The value of the CKA_COPYABLE attribute determines whether
or not an object can be copied using C_CopyObject.  This
attribute can be used in conjunction with CKA_MODIFIABLE
to prevent changes to the permitted usages of keys and
other objects.

The value of the CKA_DESTROYABLE attribute determines
whether the object can be destroyed using C_DestroyObject."

The specification as written currently doesn't describe
what should happen if I try to C_WrapKey my sensitive,
extractable token object, which has copyable set to false.
I can wrap it, unwrap it, and now I have more or less a
copy of what should be non-copyable.

How, exactly, do CKA_COPYABLE and CKA_MODIFIABLE both set
to false (presumably) "prevent changes to permitted usages"
of these objects?  Is that a true statement, as written?
They may prevent changes to the *object*, but I'm not
sure I see how they prevent changes to *permitted usages*.

Similarly for destroyable and wrapping/unwrapping:  I'm
guessing that non-destroyability probably doesn't carry
forward to a wrapped-and-later-unwrapped instance of the
object.  Does it?

There seems to be no guidance offered about whether to
create a non-destroyable session object.  Probably should
advise against doing so.



[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]