On Wed, 14 Jun 2006 11:37:57 -0400 Thomas Harning <[EMAIL PROTECTED]> wrote:
> Just wondering... does the OpenSC pkcs11 library contain functions for > data object creation? > ......... I have a sort-of working version, however Object ID's/labels are an issue that I resolved using hacks. 1. A standing issue is how Object IDs are used. In OpenSC, the Object ID's are restricted to 1 byte... however in some code that interfaces with it via P11, the Object ID's are GUIDs or other data structures for uniquely identifying them. 2. Working with some other code, I found that the object ID was being used to uniquely identify a data structure on the card (non Cert/key), and it was not 1 byte. To work around the 2nd issue, I made is so that if the object ID sent to it was too big, it would store it as a label. Since there would be no object ID there, one would be auto-generated. However... matching cert/keys might not work quite right if another cert is loaded on or a key exists w/o a cert. The CKA_APPLICATION attribute is also stored into the label slot, since sc_pkcs15init_store_data_object stores labels in the app_label slot anyways. For attribute retreival with object IDs, I have it check the app_label rather than lookup the ID (especially since CKA_ID attribute retreival code is commented out in framework-pkcs15.c). With the above CKA_ID/CKA_APPLICATION 'hacks' certificate enrollment works over the IDA CSP both through Thawte's website enrollment setup and through IDAlly. Are there any better ways to store this additional data and properly handle long CKA_IDs. One solution might be to have a table of CKA_IDs in memory and dynamically generate the file name segments by keeping track of the used file-names. (Sorry if this a repeat of a previous mailing list topic... I'm searching through the list archives now...) -- Thomas Harning @ Identity Alliance _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
