p11tool fails to generate AES key

p11tool --lib /onprem/lib/libCryptoki2.so --token linggg --pin Google@123 generate --keytype AES --keysize 128 --label k8s-kms-plugin-kek-AES-linggg

root@k8s-kms-plugin-server:/# DPoD configuration error. Invalid XTC timeout. DPoD: unable to initialize XTC 2020/09/10 20:27:07 An error occurred: pkcs11: 0x71: CKR_MECHANISM_PARAM_INVALID

p11tool --lib /onprem/lib/libCryptoki2.so --token linggg --pin Google@123 generate --keytype RSA --keysize 1024 --label k8s-kms-plugin-kek-RSA-linggg

root@k8s-kms-plugin-server:/# DPoD configuration error. Invalid XTC timeout. DPoD: unable to initialize XTC 2020/09/10 20:27:32 Keypair "k8s-kms-plugin-kek-RSA-linggg" generated on token


RCA:
CKM_AES_KEY_GEN doesn’t take any mechanism parameters. The source shows p11tool is providing a parameter to that mechanism though:

       _, err := p.ctx.GenerateKey(p.session,
              []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_AES_KEY_GEN, make([]byte, 16))},
              privateKeyTemplate)





Provide feedback

Saved searches

Use saved searches to filter your results more quickly

p11tool fails to generate AES key #5

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

p11tool fails to generate AES key #5

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions