> Peter Koch wrote: > ... > > OpenSwan should NOT assume that the key has the same ID as the > > certificate as this cannot be true for cards that have more than > > one certificate per key. > > the pkcs11 (and pkcs15) ids are not unique ids. It is possible > that there is more than one cert with a specific id (actually, all > cert belonging to a specific private key should have the same id > as the corresponding private key as otherwise it would be difficult > to find the private key for a certificate).
Non-unique identifiers - isn't that a contradiction in terms ? So the final conclusion of this discussion is: The current implementation for NetKey E4-cards is buggy. There might be more than one certificate on a NetKey card that belong to the same private key and all this certificates MUST have the same id (namely the id of the corresponding private key). I will fix that this weekend. Peter -- Lust, ein paar Euro nebenbei zu verdienen? Ohne Kosten, ohne Risiko! Satte Provisionen für GMX Partner: http://www.gmx.net/de/go/partner _______________________________________________ opensc-devel mailing list [email protected] http://www.opensc-project.org/mailman/listinfo/opensc-devel
