Skip to content

Commit c97a93a

Browse files
gbologbolo
committed
[FAB-5407] Fix issue with pubkey pkcs11 CKA_PRIVATE
According to PKCS11 standard: CKA_PRIVATE - CK_BBOOL - TRUE if object is a private object (vs. public object) (default FALSE) Changing this to FALSE for public key pkcs11 attribute struct fixed an issue we were having with our Thalas HSM: CKR_TEMPLATE_INCONSISTENT Commenting out this line also works (since there is no reason for it to be in the pubkey struct). Please also vendor in this change to other projects using it, such as Fabric-CA. Change-Id: I87d363a89e34c39f438492123166ed59eb515c44 Signed-off-by: gbolo <[email protected]>
1 parent a3f2a02 commit c97a93a

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

bccsp/pkcs11/pkcs11.go

+1-1
Original file line numberDiff line numberDiff line change
@@ -239,7 +239,7 @@ func (csp *impl) generateECKey(curve asn1.ObjectIdentifier, ephemeral bool) (ski
239239
pkcs11.NewAttribute(pkcs11.CKA_TOKEN, !ephemeral),
240240
pkcs11.NewAttribute(pkcs11.CKA_VERIFY, true),
241241
pkcs11.NewAttribute(pkcs11.CKA_EC_PARAMS, marshaledOID),
242-
pkcs11.NewAttribute(pkcs11.CKA_PRIVATE, true),
242+
pkcs11.NewAttribute(pkcs11.CKA_PRIVATE, false),
243243

244244
pkcs11.NewAttribute(pkcs11.CKA_ID, publabel),
245245
pkcs11.NewAttribute(pkcs11.CKA_LABEL, publabel),

0 commit comments

Comments
 (0)