Skip to content

Add support for basic attribute filtering to list objects #2687

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
frankmorgner merged 2 commits into from
Feb 7, 2023
Merged

Add support for basic attribute filtering to list objects #2687

frankmorgner merged 2 commits into from
Feb 7, 2023

Conversation

@dlegaultbbry
Copy link
Contributor

@dlegaultbbry dlegaultbbry commented Jan 26, 2023

NOTE: Not sure if anything needs to be mentioned in the docs about this new capability.

fixes #2627

Generate some objects

# pkcs11-tool --module=/system/lib/dll/pkcs11-qkeystore.so --write-object /data/keystore/ec_privkey.pem --type privkey --id 2222 --label eckey
Using slot 0 with a present token (0x0)
Created private key:
Private Key Object; EC
  label:      eckey
  ID:         2222
  Usage:      none
  Access:     sensitive, never extractable

# pkcs11-tool --module=/system/lib/dll/pkcs11-qkeystore.so --keygen --key-type AES:32 --label aeskey --id 1111
Using slot 0 with a present token (0x0)
Key generated:
Secret Key Object; AES length 32
  VALUE:      e42d2476fe21337ce66d4f9c073770fbba8a70b171f41dbd5cf6d2cdadbf6cbb
  label:      aeskey
  ID:         1111
  Usage:      encrypt, decrypt
  Access:     never extractable, local

List all objects

# pkcs11-tool --module=/system/lib/dll/pkcs11-qkeystore.so --list-objects
Using slot 0 with a present token (0x0)
Secret Key Object; AES length 32
  VALUE:      e42d2476fe21337ce66d4f9c073770fbba8a70b171f41dbd5cf6d2cdadbf6cbb
  label:      aeskey
  ID:         1111
  Usage:      encrypt, decrypt
  Access:     never extractable, local
Private Key Object; EC
  label:      eckey
  ID:         2222
  Usage:      none
  Access:     sensitive, never extractable

Filter by key type

# pkcs11-tool --module=/system/lib/dll/pkcs11-qkeystore.so --list-objects --type privkey
Using slot 0 with a present token (0x0)
Private Key Object; EC
  label:      eckey
  ID:         2222
  Usage:      none
  Access:     sensitive, never extractable

Filter by id

# pkcs11-tool --module=/system/lib/dll/pkcs11-qkeystore.so --list-objects --id 1111
Using slot 0 with a present token (0x0)
Secret Key Object; AES length 32
  VALUE:      e42d2476fe21337ce66d4f9c073770fbba8a70b171f41dbd5cf6d2cdadbf6cbb
  label:      aeskey
  ID:         1111
  Usage:      encrypt, decrypt
  Access:     never extractable, local
Checklist
  • Documentation is added or updated
  • New files have a LGPL 2.1 license statement
  • PKCS#11 module is tested
  • Windows minidriver is tested
  • macOS tokend is tested

frankmorgner
frankmorgner requested changes Jan 27, 2023
View reviewed changes
Copy link
Member

@frankmorgner frankmorgner left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change looks good, but please add the possibility for combination of the arguments to doc/tools/pkcs11-tool.1.xml

@frankmorgner frankmorgner merged commit 2655e9e into OpenSC:master Feb 7, 2023
@xhanulik xhanulik mentioned this pull request Jul 3, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@frankmorgner frankmorgner frankmorgner approved these changes

@Jakuje Jakuje Jakuje approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

pkcs11-tool: list_objects not passing in object class template?

3 participants

@dlegaultbbry @frankmorgner @Jakuje