Hi,

trying to use a certificate/key on an eToken, to
login to my Apple Mac, I have been doing some digging
and saw two different notations for attributes
(output generated with Mac tool "sudo security dump-keychain"):

Some Apple stuff:

class: 0x0000000F
attributes:
    0x00000000 <uint32>=0x0000000F
    0x00000001 <blob>="com.apple.systemdefault"
    0x00000002 <blob>=<NULL>
    0x00000003 <uint32>=0x00000001
    0x00000004 <uint32>=0x00000000
    0x00000005 <uint32>=0x00000000
    0x00000006 <blob>=0x4E03...5943E6  "N\003\360\....7\245>\324%\237YC\346"

OpenSSL generated stuff:

class: 0x80001000
attributes:
    "alis"<blob>="SomeString"
    "cenc"<uint32>=0x00000002
    "ctyp"<uint32>=0x00000001
    "hpky"<blob>=0x2E67...DC11  ".gO\002\013\...\334\021"
    "labl"<blob>="My Token CA"
    "skid"<blob>=0x2E67...BDC11  ".gO\002\013\...\334\021"
    "snbr"<blob>=0x00B7...AFD  "\000\267\\001:<*\375"

To "tell" the OS that a certain user is supposed to login
with a key, I have to assign an id of the key/cert to this
user with a shell script "sc_auth".

This does not work however, as the script is not able to extract
required information, because some regular expressions do not match
(the script looks for 0x00000001 and 0x00000006, whereas my OpenSSL
cert has "alis=...").

What kind of notation does the Apple stuff use and how
can I create something similar with OpenSSL?

Cheers,

Emre
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    openssl-users@openssl.org
Automated List Manager                           majord...@openssl.org

Reply via email to