hcldan
commented
1 year ago hmm... the dll says it's for pkcs11 2.20... i guess that attribute isn't in that spec.
Open hcldan opened 1 year ago
hcldan
commented
1 year ago hmm... the dll says it's for pkcs11 2.20... i guess that attribute isn't in that spec.
wiktor-k
commented
1 year ago I'm not sure if you can query these attributes directly. IIUC you need to first get the X.509 certificate object from the card (for example using this object class: https://docs.rs/cryptoki/latest/cryptoki/object/struct.ObjectClass.html#associatedconstant.CERTIFICATE) and then parse the X.509 cert to get the field you want (the last part is outside of this library's scope).
Does it answer your question or am I completely wrong? :sweat_smile:
hcldan
commented
1 year ago @wiktor-k That's interesting. I am going to try to go that route, as my options are rather limited.
FWIW, it looks like in pkcs11 2.40 those attributes are defined and should work. But I found the driver I have only supports pkcs11 2.20 (which does not define those attributes)
hcldan
commented
1 year ago ~@wiktor-k I have the object_handle for the cert... how do I get the bytes?~ edit: nevermind, I found it.
wiktor-k
commented
1 year ago I think you used Attribute::Value right? (In general it's good to paste your solution for the next person that has the same problem :sweat_smile: )
hcldan
commented
1 year ago @wiktor-k Yes, I was actually hoping to wrap things up with my task and contribute a few examples.
Is that something that would be welcome? Is there a good place to put them?
wiktor-k
commented
1 year ago Yep, most certainly! I was just today casually browsing documentation and the lack of doctests saddens me 😔
I think adding examples to functions would be the best. Just in case you need inspiration see our "sister" repo: https://docs.rs/tss-esapi/latest/tss_esapi/struct.Context.html#method.ecdh_z_gen
You can file a PR and then we can iteratively improve what you have there 😊
hcldan
commented
1 year ago @wiktor-k Sent a pr. I'm not sure the doctests will work well seeing as you need a library to init the card.
I hope you can give me a pointer. I'm using a smartcard that has some certs on it for smime.
I can use the ActivClient smartcard tool on windows to poke around at the details, and I've been using this library fairly successfully pointing to their driver so far... until this.
I can see when I inspect the certs in the ActivClient program that they have a SubjectKeyIdentifier
When I try to get the attribute from any of the objects returned, it always says TypeInvalid... Is this a driver problem? Am I misunderstanding something here?