Scute: feature request: Support CKA_TRUSTED attribute on X.509 certs
Marcus Brinkmann
marcus.brinkmann at ruhr-uni-bochum.de
Mon May 14 14:08:38 CEST 2007
Hi,
sorry this didn't get sent out earlier, it was stuck in my drafts box.
At Tue, 24 Apr 2007 11:32:41 +0200,
'Werner Koch' wrote:
>
> On Mon, 23 Apr 2007 11:35, simon at josefsson.org said:
>
> > Thanks. Btw, do you know what the best way to find out which
> > certificate correspond to a private key? Using the key id seems
> > somewhat fragile, but it is what I'll use unless I learn of a better
> > way.
>
> GnuPG uses a thing called keygrip
>
> unsigned char *gcry_pk_get_keygrip (gcry_sexp_t key, unsigned char *array)
We only export the fingerprint in the PKCS #11 token data (via
CKA_ID). I don't think there is a good space to export the grip as
well. Shouldn't the fingerprint be good enough?
Thanks,
Marcus
More information about the Gnupg-devel
mailing list