Hello. It looks somewhat strange how default (so-called legacydb) database allows upper layer (softoken) to manipulate key's attributes.
[ http://bonsai.mozilla.org/cvsblame.cgi?file=mozilla/security/nss/lib/softoken/legacydb/lgattr.c&rev=1.9&mark=1630-1641#1601 ] ---- lg_SetPrivateKeyAttribute() @ lib/softoken/legacydb/lgattr.c ---- ........ case CKA_VALUE: case CKA_PRIVATE_EXPONENT: case CKA_PRIME_1: case CKA_PRIME_2: case CKA_EXPONENT_1: case CKA_EXPONENT_2: case CKA_COEFFICIENT: /* We aren't really changing these values, we are just triggering * the database to update it's entry */ *writePrivate = PR_TRUE; crv = CKR_OK; break; ........ ------------------------------------- One can see that softoken is allowed to change attributes of a RSA key, but *NOT* allowed to change attributes of DSA, ECC, DH, etc. keys. Could you, please, advice, how this code was designed, and how legacydb *should* grant access to key's attributes ? Best regards, -- Konstantin Andreev, software engineer. Swemel JSC -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
