Peter Koch wrote:
Hi
I just learned that PKCS#15 IDs are non-unique and MUST be choosen
it is not a must, just a recommendation to simplify the search for
the corresponding private key (btw: afaik pkcs11 recommends to use
subject key identifier (normally a digest of the key) as id)
such that a certificate has the same ID as its correspoding
private and public key.
Therefore I changed my PKCS#15-emulation for NetKey cards.
This kind of card contains more then one certificate that correspond
to the same private key and now all this certificates will be given the
same ID (namely the ID of the corresponding private key).
IS THAT CORRECT BEHAVIOUR ????
I guess you know my opinion :)
If yes - how is pkcs15-tool -r <ID> supposed to work if the given
ID is non-unique.
good point, I think it should return all certs for a specific
id. However I guess it just returns the first certificate found ...
Have a nice weekend,
Nils
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
