OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Register vendor defined attribute types?

Hi,

  Taken from the 2.40 base PKCS 11 specification:

"Attribute types CKA_VENDOR_DEFINED and above are permanently reserved for token vendors. For
interoperability, vendors should register their attribute types through the PKCS process."

How do we do this?   We have the following attribute to define:


P6R defines the following vendor defined attribute:

CKA_P6R_GROUP   0x80001000UL
Data Type: RFC 2279 string                                       
MUST be specified when object is created with C_CreateObject.
MUST be specified when object is created with C_GenerateKey or C_GenerateKeyPair.

The purpose of this extension is to provide basic support for KMIP groups. CKA_P6R_GROUP maps into the KMIP “Object Group” attribute. Without the CKA_P6R_GROUP attribute defined the “default” KMIP group is used. P6R’s Keystore has the concept of namespaces. These are similar to groups in that they provide collections of objects. When CKA_P6R_GROUP is used for the Software Token its value is mapped into the Keystore’s namespace parameter. Without the CKA_P6R_GROUP attribute defined the Software Token uses “PKCS11″ namespace by default.

(Taken from https://www.p6r.com/articles/2014/11/22/p6rs-pkcs-11-provider/).


We did not see anyway to implement groups other than a new attribute.   Has anyone else done the same sort of thing?


Best,

Mark Joseph, Ph.D. 
President P6R, Inc 
408-205-0361 
mark@p6r.com 
Skype: markjoseph_sc 
http://www.linkedin.com/pub/mark-joseph/0/752/4b4

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]