Skip to content

Commit

Permalink
Update key pair sanity check mechanism
Browse files Browse the repository at this point in the history 
The key pair sanity check mechanism in the hsm.go file has been updated. Previously, it used the `CKM_SHA256` mechanism from the pkcs11 package, but now it is using the `CKM_ECDSA_SHA256` mechanism. This change helps to improve the security of the key pair verification process.
  • Loading branch information
@arkavo-com
arkavo-com committed May 12, 2024
1 parent 53f3ab8 commit 0ecca58
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion service/internal/security/hsm.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -498,7 +498,7 @@ func (h *HSMSession) LoadECKey(info KeyInfo) (*ECKeyPair, error) {
pair.PublicKey = ecPublicKey

// Do a sanity check of the key pair
mechanism := []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_SHA256, nil)}
mechanism := []*pkcs11.Mechanism{pkcs11.NewMechanism(pkcs11.CKM_ECDSA_SHA256, nil)}
err = h.ctx.SignInit(h.sh, mechanism, keyHandleEC)
if err != nil {
slog.Error("pkcs11 SignInit", "err", err)
Expand Down

0 comments on commit 0ecca58

Please sign in to comment.