Uploaded image for project: 'Fabric'
  1. Fabric
  2. FAB-16951

Add support for alternative mechanisms for locating pkcs11 keys

    XMLWordPrintable

Details

    • Story
    • Status: In Progress
    • Highest
    • Resolution: Unresolved
    • None
    • v1.4.7, v2.x
    • fabric-crypto
    • Unset
    • Unset
    • Unset

    Description

      The pkcs11 implementation in Fabric currently generates a key via pkcs11, then creates a X509 certificate with an SKI and then updates the CKA_ID attribute of the key via pkcs11.  The problem is that this assumes that the CKA_ID attribute is always writable and this is not always the case (e.g. AWS CloudHSM).

      Attachments

        Activity

          People

            ldesrosi Luc Desrosiers
            mastersingh24 Gari Singh
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

            Dates

              Created:
              Updated: