CKA_VALUE_LEN attribute when generating CKK_DES3 key?
Darren J Moffat
darrenm at opensolaris.org
Tue Jul 8 03:49:11 PDT 2008
Raymond Xiong wrote:
> Thanks. I misunderstood that CKA_VALUE and CKA_VALUE_LEN were common
> attributes of all objects, but they aren't. (Now I think I understand
> attribute hierarchy and how they are organized in the spec :)
>
> BTW, I doubt if it is better for C_GenerateKey() to return
> CKR_ATTRIBUTE_TYPE_INVALID error in this case?
I think either CKR_ATTRIBUTE_TYPE_INVALID or CKR_TEMPLATE_INCONSISTENT
are correct in this case. The template is inconsistent and there is an
invalid attribute type.
The problem is that neither of them actually tells you where the problem
is - a well known issue with PKCS#11.
--
Darren J Moffat
More information about the crypto-discuss
mailing list