Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-3495

The public part of a key is still on the P11 token after the private part is removed.

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: EJBCA 6.2.0
    • Component/s: PKI core
    • Labels:
      None

      Description

      When an entry is deleted in a keystore or an entry is created with same alias as an existing entry the private key and the certificate chain objects of the old entry are deleted from the token. If a public key object exists for the entry this objects is not deleted from the token.
      This means that a token with limited memory will be full if a number of "rekeyings" has occurred and no new keys could be generated.
      The problem is fixed by not storing the public key on the token at all. By setting CKA_TOKEN=false at key generation the public key will not be stored on the token.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              lars Lars Silvén
              Reporter:
              lars Lars Silvén
              Verified by:
              Mike Agrenius Kushner
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: