Closed conscott closed 5 years ago
The template is passed to C_CreateObject
and then read back to create the Python object, so there can be some changes based on what the HSM wants. If you check obj[Attribute.SIGN]
it's probably false. Annoyingly it's a bit inconsistent, some HSMs will raise TemplateInconsistent if they don't like your arguments. Some will just change the arguments.
The question is why. Assuming your HSM supports signing... are you passing it a key type it supports signing for. I know at least one commercial HSM you require a separate license to use EC. Possibly for EC it could depend on the curve you're using. Most HSM libraries have a debugging mode environment variable that will print more information out to the console, and can help you understand why it's not functioning.
Did we ever conclude what was going on here?
No exactly, but I found another satisfactory path for what I was trying to test. Thank you for the feedback, I will close the ticket.
Playing with signing with imported DER private key, and the object returned from create_object() contains no
sign
method.Fails with
AttributeError: 'PrivateKey' object has no attribute '_sign'
It looks like for some reason the SignMixin does not get added to the object type on construction and I am not really sure why.
The incoming pk also has attributes
ObjectClass
,Value
,KEY_TYPE
I know I should just generate keypairs on the HSM instead, but I am trying to compare HSM signing R/S values to another signing.
Any ideas here?