SearchValidKeys does not work in SoftHSM

niclabs / dns-tools

DNS tools for zone signature (file, pkcs11-hsm) and validation, and zone digest (ZONEMD)

MIT License

16 stars 4 forks source link

SearchValidKeys does not work in SoftHSM #8

Closed eriverosr closed 4 years ago

eriverosr commented 5 years ago

Similar to #4, in SoftHSMv2, when this function executes, it throws the following error:

SecureDataManager.cpp(431): Invalid IV in encrypted data
P11Attributes.cpp(281): Internal error: failed to decrypt private attribute value

eriverosr commented 4 years ago

The problem was the key generation algorithm was asking for CKA_START_DATE and CKA_END_DATE attributes, and they can be defined only for certificates. Next version deletes the reference to those attributes from the code and now it works with SoftHSMv2.