pkinit slotid=N ?
Jeffrey Altman
jaltman at secure-endpoints.com
Wed Jan 9 10:52:34 EST 2008
Given the way that PKCS#11 is specified, the only thing that you can
count on is that there may be one or more slots containing one or more
certificates. You cannot count on what certs are available, in what
slot or in what order. Its up to the application that calls PKCS#11 to
enumerate all of the available certificates and to:
(a) maintain a database of certs for a given usage
(b) implement a set of mapping rules that can be used to select the
appropriate cert for the desired usage
(c) prompt the user and let the user decide
slot and cert IDs are ephemeral identifiers which are only useful during
a single PKCS#11 session. If implementing (a) do not map certs in the
database by slot and cert ID.
Jeffrey Altman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3355 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.mit.edu/pipermail/krbdev/attachments/20080109/d65ce9e5/attachment.bin
More information about the krbdev
mailing list