[Softhsm-develop] The lifespan of a private key identifier
Rick van Rein
rick at openfortress.nl
Tue Aug 24 18:20:51 UTC 2021
Hello Full Name,
> My question is, what is the lifespan of this identifier?
The authoritative source for this information is the PKCS #11
specification. Read That Functional Manual :-)
You should never, Never, NEVER make assumptions about an
exchangeable API like PKCS #11 based on a mere implementation
such as SoftHSM2. That only causes Bad Jynx.
Having said that, CKA_ID is only an identifier if it is set to a
unique value. Also, it "identifies" both public and private keys
(and says/suggests they form a pair). It is stored as an attribute
along with the others, and remains the same until it is changed.
I suppose this is another way to say that you should read the
PKCS #11 specification, namely to understand what the CKA_ID really
is and what properties you may assign to it.
Cheers,
-Rick
More information about the Softhsm-develop
mailing list