EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElPKCS11CertStorage class

Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.
Posted: 08/10/2015 11:13:45
by Darko Karamarko (Standard support level)
Joined: 03/02/2012
Posts: 3

While I'm looping with code through my PKCS11# token I can see three certificates there. One from Issuer, one for https connection use and one for document signing purpose.

What I want to do is to find out which one is for connection and which one for signing reading some property but can't find one?

Using SBB 10,11,12 with C# library

Appreciate any help about it
many thanks

Posted: 08/10/2015 11:31:19
by Ken Ivanov (EldoS Corp.)

Hi Darko,

Thank you for contacting us.

In general case, there is no 'standard' way for distinguishing between the certificates. Each particular infrastructure may impose its own rules (e.g. by naming) for identifying certificate purposes.

However, what you may try is checking the contents of the certificates' Key Usage extension. Typical flags indicating that the certificate is intended for document signing are Digital Signature and Non Repudiation, while HTTPS-specific purposes are specified via the Key Agreement flag. The contents of the Extended Key Usage extension is also worth checking.




Topic viewed 1203 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!