Switch the default mechanism to AES key wrap

pyauth · Jan 30, 2018 · 27d5140 · 27d5140
1 parent 199a23c
commit 27d5140
Show file tree

Hide file tree

Showing 3 changed files with 3 additions and 4 deletions.
diff --git a/README.rst b/README.rst
@@ -39,7 +39,7 @@ Or build from source:
 
     python setup.py build
 
-Assuming your PKCS#11 library is set as `PKCS_MODULE` and contains a
+Assuming your PKCS#11 library is set as `PKCS11_MODULE` and contains a
 token named `DEMO`:
 
 AES

diff --git a/pkcs11/defaults.py b/pkcs11/defaults.py
@@ -72,7 +72,7 @@
 """
 
 DEFAULT_WRAP_MECHANISMS = {
-    KeyType.AES: Mechanism.AES_ECB,
+    KeyType.AES: Mechanism.AES_KEY_WRAP,
     KeyType.DES2: Mechanism.DES3_ECB,
     KeyType.DES3: Mechanism.DES3_ECB,
     KeyType.RSA: Mechanism.RSA_PKCS_OAEP,

diff --git a/tests/test_aes.py b/tests/test_aes.py
@@ -105,8 +105,7 @@ def test_sign_stream(self):
         self.assertIsInstance(signature, bytes)
         self.assertTrue(self.key.verify(data, signature))
 
-    @requires(Mechanism.AES_ECB)
-    @Not.softhsm2  # requires AES keywrapping support
+    @requires(Mechanism.AES_KEY_WRAP)
     @FIXME.opencryptoki  # can't set key attributes
     def test_wrap(self):
         key = self.session.generate_key(pkcs11.KeyType.AES, 128, template={