Scute: feature request: Support CKA_TRUSTED attribute on X.509 certs

Marcus Brinkmann marcus.brinkmann at
Mon May 14 14:08:38 CEST 2007


sorry this didn't get sent out earlier, it was stuck in my drafts box.

At Tue, 24 Apr 2007 11:32:41 +0200,
'Werner Koch' wrote:
> On Mon, 23 Apr 2007 11:35, simon at said:
> > Thanks.  Btw, do you know what the best way to find out which
> > certificate correspond to a private key?  Using the key id seems
> > somewhat fragile, but it is what I'll use unless I learn of a better
> > way.
> GnuPG uses a thing called keygrip
>  unsigned char *gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array)

We only export the fingerprint in the PKCS #11 token data (via
CKA_ID).  I don't think there is a good space to export the grip as
well.  Shouldn't the fingerprint be good enough?


More information about the Gnupg-devel mailing list