Viktor TARASOV wrote: > Dimitrios Siganos wrote: > >> My question is: can I change this id and make it smaller? Who allocates >> this id? >> > You can change it back to one-byte ID > when you set 'pkcs15-id-style' = 'native' > in the 'pkcs15' part of the pkcs15.profile. > Thank you for the tip, that worked fine. I changed the profile to native and I got the key id 45.
Now I have another question, is there a deterministic way to allocate that id? Is 45 some kind of special number that says this is the first id or is it just a random number or an implementation specific number? Let's say I have 1000 smartcards each equiped with a single unique rsa private key. Is there a way to ensure that all the private keys have the same key id (e.g. 45)? >> Some apps, assume that the key id is small and don't allocate enough >> buffer space for my long key id. >> > What are these apps? > My phrase "some apps" is wrong. It is just my assumption showing through. I only know of one app which cannot handle long ids and it is charon, the IKEv2 daemon of strongswan. In case someone is interested the problem is in the function: static void load_secrets(private_stroke_cred_t *this, char *file, int level, FILE *prompt) The buffers for the id and related strings are allocated on the stack like this: char smartcard[32], keyid[22], pin[32]; Making these numbers larger solved my problem, I successfully setup an ipsec tunnel but I prefer to go with the low risk approach of using a short id. It is also easier to handle and hopefully I can set all my key ids to be the same. I will email the strongswan mailing list and let them know of the problem. Regards, Dimitrios Siganos _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
