Hi, trying to use a certificate/key on an eToken, to login to my Apple Mac, I have been doing some digging and saw two different notations for attributes (output generated with Mac tool "sudo security dump-keychain"):
Some Apple stuff: class: 0x0000000F attributes: 0x00000000 <uint32>=0x0000000F 0x00000001 <blob>="com.apple.systemdefault" 0x00000002 <blob>=<NULL> 0x00000003 <uint32>=0x00000001 0x00000004 <uint32>=0x00000000 0x00000005 <uint32>=0x00000000 0x00000006 <blob>=0x4E03...5943E6 "N\003\360\....7\245>\324%\237YC\346" OpenSSL generated stuff: class: 0x80001000 attributes: "alis"<blob>="SomeString" "cenc"<uint32>=0x00000002 "ctyp"<uint32>=0x00000001 "hpky"<blob>=0x2E67...DC11 ".gO\002\013\...\334\021" "labl"<blob>="My Token CA" "skid"<blob>=0x2E67...BDC11 ".gO\002\013\...\334\021" "snbr"<blob>=0x00B7...AFD "\000\267\\001:<*\375" To "tell" the OS that a certain user is supposed to login with a key, I have to assign an id of the key/cert to this user with a shell script "sc_auth". This does not work however, as the script is not able to extract required information, because some regular expressions do not match (the script looks for 0x00000001 and 0x00000006, whereas my OpenSSL cert has "alis=..."). What kind of notation does the Apple stuff use and how can I create something similar with OpenSSL? Cheers, Emre ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org