Closed
Bug 1981034
Opened 3 months ago
Closed 3 months ago
CKA_SEED needs to be marked as a private attribute.
Categories
(NSS :: Libraries, defect, P3)
NSS
Libraries
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: rrelyea, Assigned: rrelyea)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
CKA_SEED is the seed used to generate some Post-Quantum Keys. If it is supplied, it needs to be private and stored in the database encrypted.
Currently we don't support keys with CKA_SEED, so there isn't a big issue yet, but it needs to be fixed before we add ML-DSA, or store ML-KEM keys in the database.
|
Assignee | |
Updated•3 months ago
|
Severity: -- → S3
Priority: -- → P3
|
|
Assignee | |
Updated•3 months ago
|
Assignee: nobody → rrelyea
|
|
Assignee | |
Updated•3 months ago
|
Status: NEW → ASSIGNED
|
|
Assignee | |
Comment 1•3 months ago
|
||
-
pkcs11u.c
- add it to the never modify table.
- add it to the sensitive table
-
sftkdb.c
- add it to the private attributes table (so it will be encrypted)
-
add it to the table of attributes that need to be updated on a password change.
|
|
Assignee | |
Updated•3 months ago
|
Status: ASSIGNED → RESOLVED
Closed: 3 months ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•