[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [pkcs11] Register vendor defined attribute types?
HI Mark, I don’t know the answer to where you should define your attribute. Seems something that we should be doing in the TC perhaps. With respect to your need of an attribute, we took a different approach at QuintessenceLabs in the implementation of our KMIP PKCS#11
token. All vendor specific stuff is specified in a token configuration file. One of our design goals was to support existing applications without requiring source code, or binary changes. Regards, John From: pkcs11@lists.oasis-open.org [mailto:pkcs11@lists.oasis-open.org]
On Behalf Of Mark Joseph Hi, Taken from the 2.40 base PKCS 11 specification: "Attribute types CKA_VENDOR_DEFINED and above are permanently reserved for token vendors. For interoperability, vendors should register their attribute types through the PKCS process." How do we do this? We have the following attribute to define:
P6R defines the following vendor defined attribute: CKA_P6R_GROUP 0x80001000UL
Data Type: RFC 2279 string
MUST be specified when object is created with C_CreateObject.
MUST be specified when object is created with C_GenerateKey or C_GenerateKeyPair.
The purpose of this extension is to provide basic support for KMIP groups. CKA_P6R_GROUP maps into the KMIP “Object Group” attribute. Without the CKA_P6R_GROUP attribute defined the “default” KMIP
group is used. P6R’s Keystore has the concept of namespaces. These are similar to groups in that they provide collections of objects. When CKA_P6R_GROUP is used for the Software Token its value is mapped into the Keystore’s namespace parameter. Without the
CKA_P6R_GROUP attribute defined the Software Token uses “PKCS11″ namespace by default.
(Taken from https://www.p6r.com/articles/2014/11/22/p6rs-pkcs-11-provider/). We did not see anyway to implement groups other than a new attribute. Has anyone else done the same sort of thing?
President P6R, Inc 408-205-0361 Skype: markjoseph_sc |
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]