0

I want to write a C++ program to parse a X.509 compatible certificate file with PolarSSL, extract all of it's attributes & map them to a PKCS#11 object template for storing on a cryptographic token. I also need to be able to fetch stored object attributes & re-create original file using them, but I exactly don't know how to map between PolarSSL x509_cert struct fields & PKCS#11 X.509 object attributes.
I know part of this mapping (i.e. crt.valid_from maps to CKA_START_DATE or crt.valid_to maps to CKA_END_DATE) & need these attributes for creating my certificate object on the token (all of these values must be set according to PKCS#11 specs):

CKA_CERTIFICATE_CATEGORY
CKA_CHECK_VALUE
CKA_SUBJECT
CKA_ID
CKA_ISSUER
CKA_SERIAL_NUMBER
CKA_VALUE
CKA_URL
CKA_HASH_OF_SUBJECT_PUBLIC_KEY
CKA_HASH_OF_ISSUER_PUBLIC_KEY
CKA_JAVA_MIDP_SECURITY_DOMAIN

Can anybody help me please?

Ehsan Khodarahmi
  • 4,390
  • 9
  • 57
  • 81

1 Answers1

0

You basically need to understand two specs: X509 (RFC 5280) and PKCS#11. A certificate is a cryptographically "whole" object, whereas the many optional "helper attributes" in PKCS#11 have no cryptographic value. For example, I believe that CKA_JAVA_MIDP_SECURITY_DOMAIN is something that makes close to zero point in real life in 2013. If you take a certificate as a blob, you only need to care about the raw certificate data (AKA CKA_VALUE) and the subject of the certificate (CKA_SUBJECT). Unless you explain why you want "all the attributes" my guess is you want to do something you should not actually do.

Martin Paljak
  • 3,989
  • 16
  • 19