Closed nkosmynin closed 7 months ago
This is on purpose as the client code filters the mechanism list, though it might be an opportunity to review the list. Do you have any use-case of a filtered mechanism?
My use cases utilize AES-CBC encryption, which are missing on client side.
Looking into code, I see that AES_CBC is defined among p11_rpc_mechanism_serializers (added already 2 years ago), which is checked against mechanism_has_sane_parameters(). So it shall not be purged by the client. I will try to compile and test with the latest p11-kit version, maybe the version is repository is too old
After compiling and installing the latest p11-kit from github, my problem is solved - AES-CBC is stated in the mechanisms list by client.
I have installed SoftHSM v.2 on Rocky Linux and trying to access it remotely with p11-kit according to the instructions in p11-kit remoting/forwarding. The remote access works as described there.
However, the lists of mechanisms retrieved locally by p11tool (from gnutls-untils package) from SoftHSM and remotely from the client are different, the list from client is much shorter. My understanding is that the lists shall be the same, I would appreciate feedback on this issue.
Packages are installed from default repositories of Rocky Linux 8.7.
Server host
Client host