[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: Re: [pkcs11] PKCS#11 Object Uniqueness error codes
Currently, one CKA_ID is tied to all of the below objects: CKO_PUBLIC_KEY CKO_PRIVATE_KEY CKO_CERTIFICATE CKO_PASSWORDSo, a new attribute, CKA_UUID (or something), seems to be a good idea which identify every CKO_* object uniquely.
This is for PKCS #11 v3.00 -Oscar On 07/14/14 08:45 AM, Tim Hudson wrote:
On 15/07/2014 1:09 AM, Oscar So wrote:Perhaps, we can also set the CKA_ID during key generation where: C_GenerateKey CKA_ID = SHA1(symmetric key CKA_VALUE) C_GenerateKeyPair CKA_ID = SHA1(modulus) //this is how Mozilla set CKA_ID in Firefox/Thunderbird Hopefully, all CKA_ID(s) generated from the above method are unique. We can then compare all CKA_ID(s) value to determine when to return: CKR_OBJECT_EXISTS or CKR_KEY_EXISTSYou can do this - but the CKA_ID itself is also not guaranteed to be present or unique and there are devices which happily report multiple objects with the same CKA_ID value. We had quite a few discussions on this topic - the choices we faced are to either add in a new attribute or change the explicitly documented behaviour in the specification for one or more of the existing attributes. Many vendors do this as one of their vendor-specific extensions - but there is no currently defined requirement for this. I for one would like to see a simple mandatory attribute added which was the unique identifier (and not tied to anything other than the object itself so any changes to attributes etc do not effect its value) - but that wasn't something which made it into v2.40 ... Tim. --------------------------------------------------------------------- To unsubscribe from this mail list, you must leave the OASIS TC that generates this mail. Follow this link to all your TCs in OASIS at: https://www.oasis-open.org/apps/org/workgroup/portal/my_workgroups.php
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]