OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

pkcs11 message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [pkcs11] PKCS#11 Object Uniqueness error codes

Oh, I meant CKO_DATA (not CKO_PASSWORD - never defined) which represents an authentication object, the PIN as described in Page 8 of PKCS #15 spec:

And, for CKO_SECRET_KEY, that should be another CKA_ID that represents CKO_SECRET_KEY. But, I don't see application using CKA_ID to represents CKO_SECRET_KEY. Application mostly uses CKA_LABEL to represents CKO_SECRET_KEY, and try to make CKA_LABEL unique within its domain.



On 07/14/14 10:05 AM, Tim Hudson wrote:
On 15/07/2014 2:54 AM, Oscar So wrote:
The uniqueness can only be applied to a set of defined domains or a
centralized server that generates CKA_ID and all application must go
through this server.
For example, the CKA_ID can only be guaranteed to be unique within
these 3 servers.

Currently, one CKA_ID is tied to all of the below objects:
So, a new attribute, CKA_UUID (or something), seems to be a good idea
which identify every CKO_* object uniquely.

This is for PKCS #11 v3.00

Actually that sort of change could be added into a v2.41 if we wanted to
do so.

There is nothing as yet which commits to moving straight to a v3.0 - and
the list of items for v3.0 are somewhat broad so the time frame is
unclear (to me at least).

BTW I assume CKO_PASSWORD is a vendor specific extension of yours or a
typo or did you mean CKO_SECRET_KEY?


To unsubscribe from this mail list, you must leave the OASIS TC that
generates this mail.  Follow this link to all your TCs in OASIS at:

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]