[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: PKCS#11 bugs
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: PKCS#11 bugs |
Date: |
Fri, 17 Jun 2011 20:41:31 +0200 |
User-agent: |
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.17) Gecko/20110424 Thunderbird/3.1.10 |
On 06/17/2011 09:13 AM, Rickard Bellgrim wrote:
> Great, now it logs in as SO. Just one more thing. Also set the
> CKA_PRIVATE to false. As I noted above, the default value is
> "token-specific". Otherwise the SO cannot create the object. If this
> is fixed then it works. See table 6 (access rules) in the PKCS#11
> API, page 22.
I've set it to false when the CKA_TRUSTED is set as well.
> I also noted that the library enters an eternal loop when wrong PIN
> has been entered. This was because I do not set PIN_COUNT_LOW or
> PIN_FINAL_TRY in SoftHSM. GnuTLS will thus keep using the cached PIN.
> I will see what I can do about that.
I've also limited the number of attempts a PIN is used with p11tool.
This would prevent such an infinite loop.
regards,
Nikos