FW: [pkcs11-comment] Profile objects and C_FindObjects

[Dieter Bong <Dieter.Bong@utimaco.com>]

Forwarding Michael Jungâs request to our mailing list pkcs11@lists.oasis-open.org to make sure it comes to the attention of all TC members, and asking to be put on the agenda of our upcoming TC meeting on Wed Oct 12.

 

Best regards,

Dieter

 

From: pkcs11-comment@lists.oasis-open.org <pkcs11-comment@lists.oasis-open.org> On Behalf Of Michael Jung
Sent: Tuesday, October 4, 2022 3:04 PM
To: pkcs11-comment@lists.oasis-open.org
Subject: [pkcs11-comment] Profile objects and C_FindObjects

 

Hello everybody,

 

For Hardware Feature and Mechanism Object [PKCS11-Spec-v3.1] states in section 4.3.2 and section 4.12.2, respectively:

 

When searching for objects using C_FindObjectsInit and C_FindObjects, mechanism objects are not returned unless the CKA_CLASS attribute in the template has the value [CKO_HW_FEATURE | CKO_MECHANISM]. This protects applications written to previous versions of Cryptoki from finding objects that they do not understand.

 

I would have expected to find a similar paragraph for Profile Objects in section 4.13.2, but there is none.  Is this intentional?  I.e. are Profile Objects meant to be returned when C_FindObjectInit was called with an empty template (i.e. ulCount = 0)?

 

Thanks for your help,

Michael Jung

 

---

Utimaco IS GmbH
Germanusstr. 4, D.52080 Aachen, Germany, Tel: +49-241-1696-0, www.utimaco.com
Seat: Aachen â Registergericht Aachen HRB 18922
VAT ID No.: DE 815 496 496
Managementboard: Stefan Auerbach (Chairman) CEO, Malte Pollmann CSO, Martin Stamm CFO

This communication is confidential. If you are not the intended recipient, any use, interference with, disclosure or copying of this material is unauthorised and prohibited. Please inform us immediately and destroy the email.