On Thu, 25 Jul 2002, Chris Jarshant wrote: [...]
> Also, my app will support multiple keys/certs in a variety of places. For > example, > the public key cert for user X is in one PKCS12-format file, and the > corresponding private key is in a separate PKCS12-format file. Are there > any official matching mechanisms? Currently, a user of my app who wishes > to sign something with their private key specifies an "alias" which I map to a > > friendlyName, then look for their public key cert using that friendlyName, > then look for a corresponding private key using the friendlyName. If I > can't find a private key with that friendlyName, I use the localKeyID from > the public key cert to match. If there is no localKeyID then I error out. > Does that sound like a reasonable matching algorithm? Can localKeyIDs > be used to match across different files? Well.. I should rephrase.. Is this > common, or acceptable practice? How is that localKeyID calculated? Is it a hash of the public key? If yes, then this sounds an acceptable practice, if you really *need* to keep separate PKCS#12 files, which is uncommon. -- Erwann ABALEA <[EMAIL PROTECTED]> - RSA PGP Key ID: 0x2D0EABD5 ----- Alors, remettons les pendules � l'heure: C'est toi qui te gourres compl�tement pour les raisons suivantes: J'admet tout � fait que j'ai tort. -+- TL in <http://neuneu.mine.nu> : Totor, t'as tort -+- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
