On 06/24/2016 06:29 PM, Andrew Cagney wrote:
What are you after? They are deprecated mostly because they provide access to low level PKCS #11 values.Hi, according to the NSS documentation, the functions for getting CKAIDs are deprecated vis:/********************************************************************** * New functions which are already deprecated.... **********************************************************************/ SECItem * PK11_GetLowLevelKeyIDForCert(PK11SlotInfo *slot, CERTCertificate *cert, void *pwarg); SECItem * PK11_GetLowLevelKeyIDForPrivateKey(SECKEYPrivateKey *key); I'm just wondering what I should be using instead?
If you are after the actual PKCS #11 CKA_ID attribute then you could use:PK11_ReadRawAttribute() for the key. Unfortunately useing PK11_ReadRawAttribute() for cert doesn't work yet, but could be added.
bob
Andrew PS: What does CKA actually stand for :-)
CryptoKi Attribute All PKCS #11 attributes start with CKA_ .
smime.p7s
Description: S/MIME Cryptographic Signature
-- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto