OASIS PKCS 11 TC

 View Only

  • 1.  Extra return values for message-based APIs.

    Posted 02-25-2025 11:32
    Hi PKCS11 TC,

    We have a minor comment about the allowed return values for message-based encryption/decryption.
    We think the following APIs
    • C_EncryptMessageBegin
    • C_DecryptMessageBegin
    • C_EncryptMessage
    • C_DecryptMessage
    should allow the return values:
    • CKR_MECHANISM_PARAM_INVALID: because the APIs process a pParameter from the caller
    • CKR_OPERATION_NOT_INITIALIZED:  because the APIs require a corresponding Init
    Note that the same suggestions apply to message-based sign/verify.

    Regards,

    Amine Najahi




  • 2.  RE: Extra return values for message-based APIs.

    Posted 02-27-2025 03:25

    Hi Amine,

    thank you very much for your comment. In our TC meeting yesterday, we have decided to review and fix the allowed return values in PKCS#11 v3.2 specification working draft 11, right in time for moving this working draft to committee specification draft. We'll be working in that in the next few days.



    ------------------------------
    Best regards,
    Dieter
    ------------------------------

    Original Message


Related Content