However this can cause a loss in fidelity of the CKA_ID. Whilst attempting to integrate a YubiHSM, we had CKA_ID's of the form: [0x00][0x38] returned (2 bytes in length). Once the CKA_ID had passed through the bignum conversions, the resultant CKA_ID (used in FindObject) was [0x38] - a single byte, which did not match.
I will raise a PR that proposes fixing the methods above to just treat CKA_ID as a byte array.
According to the PKCS11 spec,
the CKA_ID is defined as a byte array, however XCA is treating this as being convertible to an OpenSSL Bignum:
https://github.com/chris2511/xca/blob/2ba114d393e75a1a74ccde09fc9354d510813bd1/lib/pki_scard.cpp#L249-L255
https://github.com/chris2511/xca/blob/2ba114d393e75a1a74ccde09fc9354d510813bd1/lib/pki_scard.cpp#L290-L299
However this can cause a loss in fidelity of the CKA_ID. Whilst attempting to integrate a YubiHSM, we had CKA_ID's of the form:
[0x00][0x38]returned (2 bytes in length). Once the CKA_ID had passed through the bignum conversions, the resultant CKA_ID (used in FindObject) was[0x38]- a single byte, which did not match.I will raise a PR that proposes fixing the methods above to just treat CKA_ID as a byte array.