ximon18
commented
2 years ago FYI crpytoki 0.4.0 has just been released which adds a Pkcs11::is_fn_supported() function call which we can use to implement this feature.
Open ximon18 opened 2 years ago
ximon18
commented
2 years ago FYI crpytoki 0.4.0 has just been released which adds a Pkcs11::is_fn_supported() function call which we can use to implement this feature.
The KMIP signer tests the supported capabilities of the KMIP provider to see if it supports the minimum required set of operations. The PKCS#11 signer doesn't do this because it wasn't possible with the old
pkcs11crate nor with the newcryptokicrate. However, the soon to be released new version ofcryptokimakes this possible.Note: If implementing this we should also implement a 'force' flag as exists for the KMIP signer, in case a provider doesn't claim support for a particular operation but does actually support it.
See: https://github.com/parallaxsecond/rust-cryptoki/issues/78, https://github.com/parallaxsecond/rust-cryptoki/pull/84#issuecomment-1223824810