[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: more guidance for CKA_COPYABLE and CKA_DESTROYABLE?
Hi all, To follow up with one of my questions from earlier at today's meeting, I am asking for perhaps some more clarification about how CKA_COPYABLE and CKA_DESTROYABLE interact with existing attributes, like CKA_EXTRACTABLE and CKA_SENSITIVE, and functions C_WrapKey and C_UnwrapKey. This is what the text says at the end of section 4.4: "The value of the CKA_COPYABLE attribute determines whether or not an object can be copied using C_CopyObject. This attribute can be used in conjunction with CKA_MODIFIABLE to prevent changes to the permitted usages of keys and other objects. The value of the CKA_DESTROYABLE attribute determines whether the object can be destroyed using C_DestroyObject." The specification as written currently doesn't describe what should happen if I try to C_WrapKey my sensitive, extractable token object, which has copyable set to false. I can wrap it, unwrap it, and now I have more or less a copy of what should be non-copyable. How, exactly, do CKA_COPYABLE and CKA_MODIFIABLE both set to false (presumably) "prevent changes to permitted usages" of these objects? Is that a true statement, as written? They may prevent changes to the *object*, but I'm not sure I see how they prevent changes to *permitted usages*. Similarly for destroyable and wrapping/unwrapping: I'm guessing that non-destroyability probably doesn't carry forward to a wrapped-and-later-unwrapped instance of the object. Does it? There seems to be no guidance offered about whether to create a non-destroyable session object. Probably should advise against doing so. Thoughts? D.
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]