Replacement for PK11_GetLowLevelKeyIDForCert etc

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Replacement for PK11_GetLowLevelKeyIDForCert etc

Andrew Cagney
Hi, according to the NSS documentation, the functions for getting
CKAIDs are deprecated vis:

/**********************************************************************
 * New functions which are already deprecated....
 **********************************************************************/
SECItem *
PK11_GetLowLevelKeyIDForCert(PK11SlotInfo *slot,
                                        CERTCertificate *cert, void *pwarg);
SECItem *
PK11_GetLowLevelKeyIDForPrivateKey(SECKEYPrivateKey *key);

I'm just wondering what I should be using instead?

Andrew

PS: What does CKA actually stand for :-)
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: Replacement for PK11_GetLowLevelKeyIDForCert etc

Manuel Dejonghe
On Sat, Jun 25, 2016 at 3:29 AM, Andrew Cagney <[hidden email]> wrote:
> PS: What does CKA actually stand for :-)

CryptoKiAttribute ?
--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto
Reply | Threaded
Open this post in threaded view
|

Re: Replacement for PK11_GetLowLevelKeyIDForCert etc

Robert Relyea
In reply to this post by Andrew Cagney
On 06/24/2016 06:29 PM, Andrew Cagney wrote:

> Hi, according to the NSS documentation, the functions for getting
> CKAIDs are deprecated vis:
>
> /**********************************************************************
>   * New functions which are already deprecated....
>   **********************************************************************/
> SECItem *
> PK11_GetLowLevelKeyIDForCert(PK11SlotInfo *slot,
>                                          CERTCertificate *cert, void *pwarg);
> SECItem *
> PK11_GetLowLevelKeyIDForPrivateKey(SECKEYPrivateKey *key);
>
> I'm just wondering what I should be using instead?
What are you after? They are deprecated mostly because they provide
access to low level PKCS #11 values.
  If you are after the actual PKCS #11 CKA_ID attribute then you could use:

PK11_ReadRawAttribute() for the key. Unfortunately useing
PK11_ReadRawAttribute() for cert doesn't work yet, but could be added.

bob

>
> Andrew
>
> PS: What does CKA actually stand for :-)
CryptoKi Attribute All PKCS #11 attributes start with CKA_ .



--
dev-tech-crypto mailing list
[hidden email]
https://lists.mozilla.org/listinfo/dev-tech-crypto

smime.p7s (5K) Download Attachment