Hello JP,
Your suggestion seems simple but you don't know the label length limit
of the device and
you don't know what happens when you try to set a longer label than
supported. Is it trimmed or an error is returned?
Another problem is that the key id is a result of the key generation so
you cannot set the label when generating the key :-)
I'm considering alternatives...
Daniel
On 07. 07. 22 9:14, Jan-Piet Mens wrote:
Hello Daniel, > >> I've just realised that the maximum PKCS#11 key label length >>
probably isn't enough to cover all possible zone names. > > Understood.
> > I'm having a devil of a time (i.e. I'm finding it impossible) to >
associate key files created on a Thales Security World with the > zones
they're used for. Admittedly this is not often necessary, but I > would
like to be able to identify the key files themselves. > >> Some devices
are limited to 32 characters. > > Object 449: URL: >
pkcs11:model=;manufacturer=nCipher%20Corp.%20Ltd;serial=xxx;\ >
token=YYY;\ >
id=%04%66%D0%9C%0D%9E%24%D9%79%0A%17%D3%5D%A0%CC%5A%3F%E2%A3%26;\ >
type=public Type: Public key (RSA-2048) Label: ID: >
04:66:d0:9c:0d:9e:24:d9:79:0a:17:d3:5d:a0:cc:5a:3f:e2:a3:26 > > The ID
is that which `keymgr list' displays (with colons in it), but > the
label is empty. > > Would it be possible for Knot to actually set the
label so the key > identifier used by Knot, i.e. for above example set
it to: > 0466d09c0d9e24d9790a17d35da0cc5a3fe2a326, maybe truncating it
on > devices which limit the field to a smaller number of characters? >
> Best regards, > > -JP--
