- Newest
- Most votes
- Most comments
Hello,
The issue you are facing is captured in the guidelines provided the in the CloudHSM documentation for "Migrating from Client SDK 3 to Client SDK 5". See these guidelines at link [1].
In Client SDK5, key handles for the same key change with each session. In other words, the key handle is not static as is the case in Client SDK3.
To successfully use key handles in Client SDK 5, you must obtain key handles each time you run an application. If you have existing applications that expect to use the same key handles across different runs, you must modify your code to obtain the key handle each time you run the application. This change is in compliance with the PKCS #11 2.40 specification [2].
Alternatively, you can assign unique key labels to your keys in the cluster and then consume these keys by their label when using client SDK 5.
References:
[1] https://docs.aws.amazon.com/cloudhsm/latest/userguide/migrate-sdk.html [2] https://docs.oasis-open.org/pkcs11/pkcs11-base/v2.40/os/pkcs11-base-v2.40-os.html#_Toc416959689
Relevant content
- asked a year ago
- asked 3 months ago
AWS OFFICIALUpdated 4 months ago- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated a year ago
Thank you very much, Teneng T, we will have to change our integration.