My employer wants me to use a PKCS#11 DLL to read the CHUID record from an older smartcard, which he thinks is a "CAC NG" card. I've found all sorts of information about the CHUID record on those cards...
...but I haven't found a way to use any of that through the PKCS11 interface, or at least I haven't found a way that will coax the card to give up that information. It seems to want either a label or some kind of DER-encoded ASN.1 object identifier (which the documentation I've found explicitly states is NOT the GSC-IS Object Identifier).
I've also tried listing ALL the objects on the card, hoping to find a label I could use, but before entering the PIN there are only six objects visible: two each of "ID Certificate", "Signature Certificate", and "Encryption Certificate". There are two objects with no labels that appear after entering the PIN, but the CHUID record is always supposed to be available, so I'm assuming those aren't related.
There are no data objects available on this card at all, according to the PKCS11 library.
Is this even a "CAC NG" card? Could it be the older "CAC v1" instead, and not have a CHUID record at all?
Turns out that it wasn't a "CAC NG" card, but some much older specification that we still haven't been able to determine, and there was no CHUID record at all.