Thank you, this was much more helpful. 2009/7/10 Victor Duchovni <victor.ducho...@morganstanley.com>: > On Fri, Jul 10, 2009 at 11:11:48PM +0200, Akos Vandra wrote: > >> > The parties involved here are not connected to the internet, and thus >> > don't have any access to a (this is an embedded project), and they >> > must confirm eachother's identity based on the CA-signed certificates. > > Well, my address is not my identity.
Surely not. But your picture, name, and other infos define who you are. "Identities" are just primary > keys. It seems that you don't want identity certificates, but > for some reason need attribute certificates with lots of attributes. > > Is the subject the holder of a corresponding private key in this context, yes > or this just a signed message binding the subject to a set of attributes? exactly, these are not exclusive. > > If the subject participates in a protocol in which the certificate > authenticates its private key, generally a unique identifier for > each subject is sufficient to support per-subject ACLs, ... > > If this is something akin to a signed "passport", the object in question > is a signed message, not a certificate. you can't really draw a clear line between "signed message" and "certificate", because a certificate isn't anything else but a signed message from the CA saying that this public key's pair belongs to that entity. > > Subject attributes are encoded in the subject DN. You can specify > custom OIDs, if the standard OIDs are not sufficient. Thank you, I think this is what I need. An image can be base64 encoded and passed as a field, but I'm not sure if there is any length limit, I will have to make some research on this. Thanks for the link. > > http://openssl.org/docs/apps/req.html#DISTINGUISHED_NAME_AND_ATTRIBUTE > > -- > Viktor. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-us...@openssl.org > Automated List Manager majord...@openssl.org > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org