search

p11-glue / p11-kit

Provides a way to load and enumerate PKCS#11 modules.
https://p11-glue.github.io/p11-glue/p11-kit.html
Other
150 stars 92 forks source link

`p11-kit list-objects` doesn't return any matches when a query attribute is in URL #564

Closed ueno closed 10 months ago

ueno commented 11 months ago

After generating a key, when listing objects with a query attribute, it doesn't show any matches, while it does if the query attribute is omitted:

$ p11-kit generate-keypair --type=rsa --bits=2048 --label=foo2 'pkcs11:model=SoftHSM%20v2?pin-value=12345'

# OK
$ p11-kit list-objects 'pkcs11:model=SoftHSM%20v2'                
Object: #0
    uri: pkcs11:model=SoftHSM%20v2;manufacturer=SoftHSM%20project;serial=4d5c2be2819673ce;token=test;id=;object=foo2;type=public
    class: public-key
    key-type: rsa
    label: foo2

# NG
$ p11-kit list-objects 'pkcs11:model=SoftHSM%20v2?pin-value=12345'

Ideally, it should also perform login if pin-value is specified, as the objects with CKA_PRIVATE flag enabled.

ZoltanFridrich commented 10 months ago

This has been fixed and the test exists test_list_private