Disabling Key object usage in PKCS#11
Question
I wanted to know if there is a way a disable a particular operation on a PKCS#11 Object. For instance, I create an Object (AES Key) using C_CreateObject. I would want to set some property in this object that pauses/ disables the use of this object for any encryption/ decryption use. Is this possible? Can we set the CKA_DECRYPT value to CK_FALSE to disable Decrypt operations? Also can this be changed multiple times using C_SetAttributeValue
1 answers
solution1
0 2022-08-14 06:13:06
Theoretically PKCS#11 standard don't restrict your from changing values of properties.
Practically your possibility to change the values after object created dependent on your PKCS#11 provider.
My suggestion that this property is immutable.
Try to set this values during creation of key or change values during copying of key object using C_CopyObject .
Another solution is to implement your own PKCS#11 proxy library with custom logic inside of PKCS#11 exported functions.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.