I have write some code that writes keypair of public and private key in a token. From the keypair, I create pkcs10 and later generate certificate file from it. The certificate file will be inserted to the token. It all run successfully, but somehow the certificate cannot being read by CAPI or Internet Explorer. If i insert a p12 file, it run without a fuss. I suspect that the CKA_LABEL and CKA_ID is the culprit here. In p12, everything use the same name convention. From container, public key, private key, and certificate. However in my method, the container name looks like auto generated. How can i convert it to be same with CKA_ID? Down below is my code in generating keypair that save in container.
rv = g_pFunctionList->C_GenerateKeyPair(hSession,
&ck_gen_ecc,
tPubKey, sizeof(tPubKey) / sizeof(CK_ATTRIBUTE),
tPrvKey, sizeof(tPrvKey) / sizeof(CK_ATTRIBUTE),
&pkcs11_hPubKey, &pkcs11_hPrvKey);
It save in container name like
cont_4440xxxxxxxx
How to change the container name as exactly as CKA_ID ? Can anyone help?
If your cryptoki library allow it, you can rename all the objects by setting new properties of them by calling C_SetAttributeValue
function.
In your case it can looks like this:
CK_ATTRIBUTE atAttr[2];
atAttr[0].type = CKA_LABEL;
atAttr[0].pValue = pLabelValue; // <-- pass here new Label value pointer
atAttr[0].ulValueLen = ulLabelLen; // <-- pass here new Label length
atAttr[1].type = CKA_ID;
atAttr[1].pValue = pIDValue; // <-- pass here new ID value pointer
atAttr[1].ulValueLen = ulIDLen; // <-- pass here new ID length
rv = g_pFunctionList->C_SetAttributeValue(hSession, pkcs11_hPubKey, atAttr, 2);
rv = g_pFunctionList->C_SetAttributeValue(hSession, pkcs11_hPrvKey, atAttr, 2);