Re: csp/pkcs11 container name management

From: Jakub Gwozdz (gwozdziu_at_rpg.pl)
Date: 10/06/05 

Date: Thu, 6 Oct 2005 11:46:19 +0200

Dnia 6 Oct 2005 02:23:43 -0700, Dejan napisał(a):

> Hi,
>
> I am trying to modify/improve csp11 in order to be able to generate the
> keypair on the card, and also to do a smartcard logon. If I can see
> correctly, there is a problem with a current container name management
> that needs to be changed.
>
> Since csp11 relies on PKCS#11 library module, does anyone have a
> suggestion - how to handle the container names, as PKCS#11 does not
> handle this? csp11 follows the rules in container naming and this is

But P11 can handle CKA_ID and CKA_LABEL attributes for each objects. So you
can generate GUID, and after generating keypair in p11 on token and
receiving certificate for public key, you may set the CKA_ID of private key
and imported certificate to this generated GUID.

> not a good idea (smartcard logon, for example, sets a randomly
> generated GUID as a container name)? Do I have to "store" the container
> name on the card to be able to reffer to it later? Or maybe labeling
> the key with the container name?

Setting CKA_LABEL or CKA_ID should be good enough idea, but you should also
rebuild CPAcquireContext, so it will use the same method to find the
appropriate key on demand from CryptoAPI. 

-- 
Jakub Gwóźdź
gwozdziu@rpg.pl
Loading