Prohibited attribute was passed to key generation function (pkcs11: 0x10: CKR_ATTRIBUTE_READ_ONLY) #819
Description
I'm attempting to generate a simple EC key pair with these attributes:
pubAttributes := []*pkcs11.Attribute{
pkcs11.NewAttribute(pkcs11.CKA_CLASS, pkcs11.CKO_PUBLIC_KEY),
pkcs11.NewAttribute(pkcs11.CKA_KEY_TYPE, pkcs11.CKK_EC),
pkcs11.NewAttribute(pkcs11.CKA_TOKEN, true),
pkcs11.NewAttribute(pkcs11.CKA_VERIFY, true),
pkcs11.NewAttribute(pkcs11.CKA_EC_PARAMS, prime256v1OID),
pkcs11.NewAttribute(pkcs11.CKA_ID, id),
pkcs11.NewAttribute(pkcs11.CKA_LABEL, []byte(label)),
}
privAttributes := []*pkcs11.Attribute{
pkcs11.NewAttribute(pkcs11.CKA_CLASS, pkcs11.CKO_PRIVATE_KEY),
pkcs11.NewAttribute(pkcs11.CKA_KEY_TYPE, pkcs11.CKK_EC),
pkcs11.NewAttribute(pkcs11.CKA_TOKEN, true),
pkcs11.NewAttribute(pkcs11.CKA_SIGN, true),
pkcs11.NewAttribute(pkcs11.CKA_ID, id),
pkcs11.NewAttribute(pkcs11.CKA_LABEL, []byte(label)),
pkcs11.NewAttribute(pkcs11.CKA_SENSITIVE, true),
pkcs11.NewAttribute(pkcs11.CKA_ALWAYS_SENSITIVE, true),
pkcs11.NewAttribute(pkcs11.CKA_PRIVATE, true),
}
mechanism := pkcs11.NewMechanism(pkcs11.CKM_EC_KEY_PAIR_GEN, nil)
_, _, err = c.ctx.GenerateKeyPair(c.session, []*pkcs11.Mechanism{mechanism}, pubAttributes, privAttributes)
.
.
.
but I get "Prohibited attribute was passed to key generation function (pkcs11: 0x10: CKR_ATTRIBUTE_READ_ONLY)"
Which of these attributes am I setting are not allowed?