c++cryptographypkcs#11cryptoapimscapi

How to rename container name in cryptoki


I have write some code that writes keypair of public and private key in a token. From the keypair, I create pkcs10 and later generate certificate file from it. The certificate file will be inserted to the token. It all run successfully, but somehow the certificate cannot being read by CAPI or Internet Explorer. If i insert a p12 file, it run without a fuss. I suspect that the CKA_LABEL and CKA_ID is the culprit here. In p12, everything use the same name convention. From container, public key, private key, and certificate. However in my method, the container name looks like auto generated. How can i convert it to be same with CKA_ID? Down below is my code in generating keypair that save in container.

rv = g_pFunctionList->C_GenerateKeyPair(hSession,
        &ck_gen_ecc,
        tPubKey, sizeof(tPubKey) / sizeof(CK_ATTRIBUTE),
        tPrvKey, sizeof(tPrvKey) / sizeof(CK_ATTRIBUTE),
        &pkcs11_hPubKey, &pkcs11_hPrvKey); 

It save in container name like

cont_4440xxxxxxxx

How to change the container name as exactly as CKA_ID ? Can anyone help?


Solution

  • If your cryptoki library allow it, you can rename all the objects by setting new properties of them by calling C_SetAttributeValue function.

    In your case it can looks like this:

            CK_ATTRIBUTE atAttr[2];
    
            atAttr[0].type = CKA_LABEL;
            atAttr[0].pValue = pLabelValue;    // <-- pass here new Label value pointer
            atAttr[0].ulValueLen = ulLabelLen; // <-- pass here new Label length
    
            atAttr[1].type = CKA_ID;
            atAttr[1].pValue = pIDValue;    // <-- pass here new ID value pointer
            atAttr[1].ulValueLen = ulIDLen; // <-- pass here new ID length
    
            rv = g_pFunctionList->C_SetAttributeValue(hSession, pkcs11_hPubKey, atAttr, 2);
            rv = g_pFunctionList->C_SetAttributeValue(hSession, pkcs11_hPrvKey, atAttr, 2);