Only for example:
You must open a session first. If certificate are stored in private space
you must also login.
int scan_PKCS11_cert() {
X509 *crt=NULL;
CK_BYTE *p=NULL;
CK_RV rv;
CK_OBJECT_HANDLE hCert = CK_INVALID_HANDLE;
int ret=0;
CK_ULONG Matches;
CK_ULONG ulCertAttributeCount = 3;
CK_OBJECT_CLASS certClass = CKO_CERTIFICATE;
CK_CERTIFICATE_TYPE certType=CKC_X_509;
CK_BYTE *value=NULL;
CK_ATTRIBUTE CertTemplate[]={
{CKA_CLASS,&certClass,sizeof(CK_OBJECT_CLASS)},
{CKA_CERTIFICATE_TYPE, &certType, sizeof(CK_CERTIFICATE_TYPE)},
{CKA_VALUE,(void *)NULL,0}};
rv = pFunctionList->C_FindObjectsInit(hSession, CertTemplate, 2);
if (rv != CKR_OK) { goto err; }
while (1) {
rv = pFunctionList->C_FindObjects(hSession, &hCert, 1,
&Matches);
if (rv != CKR_OK) { goto err; }
if (Matches==0) break;
value=(unsigned char *)OPENSSL_malloc(6000);//size is an
example, you can get first the size then the value
CertTemplate[2].ulValueLen=6000;
CertTemplate[2].pValue=p=value;
rv =
pFunctionList->C_GetAttributeValue(hSession,hCert,&CertTemplate[2],1);
if (rv == CKR_OK) {
crt=d2i_X509(NULL,&p,CertTemplate[2].ulValueLen);
if (crt) {
// make something with cert
X509_free(crt);
}
}
OPENSSL_free(value);
}
rv = pFunctionList->C_FindObjectsFinal(hSession);
if (rv != CKR_OK) {goto err;}
return 1;
err:
return 0;
}
Francesco Petruzzi
[EMAIL PROTECTED]
--------
The information contained in this electronic message and any attachments
(the "Message") is intended for one or more specific individuals or
entities, and may be confidential, proprietary, privileged or otherwise
protected by law. If you are not the intended recipient, please notify the
sender immediately, delete this Message and do not disclose, distribute, or
copy it to any third party or otherwise use this Message. Electronic
messages are not secure or error free and can contain viruses or may be
delayed, and the sender is not liable for any of these occurrences. The
sender reserves the right to monitor, record and retain electronic messages.
--------
Le informazioni contenute in questo messaggio e gli eventuali allegati (il
"Messaggio") si intendono inviate a uno o pi� specifici destinatari. Il
contenuto del Messaggio pu� essere confidenziale, riservato e comunque
protetto dalla legge applicabile. Se non siete i destinatari del Messaggio,
siete pregati di informare immediatamente il mittente, cancellare questo
Messaggio, non rivelarlo, non distribuirlo ne' inoltrarlo a terzi, non
copiarlo n� farne alcun uso. I messaggi di posta elettronica non sono sicuri
e sono soggetti ad alterazioni, possono essere trasmettitori di Virus
informatici o soggetti a ritardi nella distribuzione. Il mittente del
Messaggio non pu� essere in alcun modo considerato responsabile per queste
evenienze. Il mittente si riserva il diritto di archiviare, ritenere e
controllare i messaggi di posta elettronica.
----- Original Message -----
From: "Andreas Feldner" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, March 23, 2004 6:45 PM
Subject: PKCS#11 and openssl: how to get a certificate onto the smart card?
> Hi,
>
> probably I'm overlooking something obvious: I have a smart card that can
be
> accessed through a suitable PKCS#11 library and I have a working
sort-of-CA
> using openssl. I know how to generate key pairs on the smart card and
> (hopefully) how to read the public key off the card. But how do I get a
> certificate from that?
>
> Thanks in advance,
>
> Andreas.
>
> --
> Dr. Andreas Feldner e-mail: [EMAIL PROTECTED]
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
