Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pkcs11-tool command for creating keys in softhsm specifies aes but an RSA key was created instead in SoftHSM #55

Open
kchan7230 opened this issue Oct 25, 2024 · 0 comments
Open

pkcs11-tool command for creating keys in softhsm specifies aes but an RSA key was created instead in SoftHSM #55

kchan7230 opened this issue Oct 25, 2024 · 0 comments

Comments

@kchan7230
Copy link

kchan7230 commented Oct 25, 2024
edited
Loading

Security issue notifications

If you discover a potential security issue in aws-kms-xks-proxy we ask that you notify
AWS Security via our vulnerability reporting page. Please do not create a public github issue.

Problem:

The pkcs11-tool in the Dockerfile doesn't work, it specifies that we're creating an aes key, but the keys that end up getting created in the SoftHSM are RSA type:
RUN softhsm2-util --init-token --slot 0 --label "xks-proxy" --so-pin 1234 --pin 1234
RUN pkcs11-tool --module /usr/lib/softhsm/libsofthsm2.so \ --token-label xks-proxy --login --login-type user \ --keygen --id F0 --label foo --key-type aes:32 \ --pin 1234

I found this problem while trying to create KMS customer managed keys in AWS after connecting to the XKS proxy

Solution:

Not sure sorry.

image
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@kchan7230