Re: csp/pkcs11 container name management

From: Dejan (dejan.gambin_at_pula.hr)
Date: 10/10/05


Date: 9 Oct 2005 23:13:44 -0700

Thank you both on your help. I would very like if some other csp
developers (especially csp11 ones) participate in this discussion.
Thanks again

regards, dejan
lelteto wrote:
> Than you can create your own CKO_DATA object and list all other objects
> (private key, pulic key, cert) by referencing their attributes (by which you
> can find them). Basically you create a combined LIST (as the data value) of
> - your container name
> - reference to your private key (attributes for C_FindObjectsInit)
> - reference to your public key
> - reference to your cert.
>
> Laszlo Elteto
> SafeNet, Inc.
>
> "Jakub Gwozdz" wrote:
>
> > Dnia Thu, 6 Oct 2005 09:13:02 -0700, lelteto napisal(a):
> >
> > > Since CKA_ID and CKA_LABEL is frequently used for other purposes (eg. CKA_ID
> > > is traditionally the hash of the modulus) it's better to use VENDOR_DEFINED
> > > CKA values (ie. >= 0x80000000) eg #define CKA_CONTAINER_NAME 0x80001110. Than
> > > you can store the container name to EACH Cryptoki object you plan to keep in
> > > that container. To distinguish between AT_SIGNATURE and AT_KEYEXCHANGE
> > > keypairs you can also add another vendor-defined attribute.
> >
> > But CKA_VENDOR_DEFINED is VENDOR defined, not USER defined, so if you
> > aren't also pkcs11.dll developer, It will be no use to you.
> >
> > --
> > Jakub Gwózdz
> > gwozdziu@rpg.pl
> >