Closed Jakuje closed 6 months ago
For PIN objects, we should we either:
(or both)
Right now, it is possible to find the PIN objects through searching for the SECRET keys:
5489: C_FindObjectsInit P:2440186; T:0x140007141424576 2024-03-25 15:09:17.251 [in] hSession = 0x11 [in] pTemplate[1]: CKA_CLASS CKO_SECRET_KEY Returned: 0 CKR_OK 5490: C_FindObjects P:2440186; T:0x140007141424576 2024-03-25 15:09:17.251 [in] hSession = 0x11 [in] ulMaxObjectCount = 0x1 [out] ulObjectCount = 0x1 Object 0x9 matches Returned: 0 CKR_OK 314: C_GetAttributeValue P:2440186; T:0x140007141424576 2024-03-25 15:09:15.882 [in] hSession = 0x11 [in] hObject = 0xc [in] pTemplate[1]: CKA_LABEL 000000000073c010 / 8 [out] pTemplate[1]: CKA_LABEL 000000000073c010 / 8 55736572 2050494E U s e r . P I N Returned: 0 CKR_OK
The objects do not have CKA_ID so most of the application will likely to ignore them but we should not depend on that and not show them to user/application.
_Originally posted by @Jakuje in https://github.com/latchset/kryoptic/pull/17#discussion_r1536907568_
This should be handled in my last push in #17
For PIN objects, we should we either:
(or both)
Right now, it is possible to find the PIN objects through searching for the SECRET keys:
The objects do not have CKA_ID so most of the application will likely to ignore them but we should not depend on that and not show them to user/application.
_Originally posted by @Jakuje in https://github.com/latchset/kryoptic/pull/17#discussion_r1536907568_