EldoS | Feel safer!

Software components for data protection, secure storage and transfer

TElPKCS11CertStorage class

#34210
Posted: 08/10/2015 11:13:45
by Darko Karamarko (Standard support level)
Joined: 03/02/2012
Posts: 3

While I'm looping with code through my PKCS11# token I can see three certificates there. One from Issuer, one for https connection use and one for document signing purpose.

What I want to do is to find out which one is for connection and which one for signing reading some property but can't find one?

Using SBB 10,11,12 with C# library

Appreciate any help about it
many thanks

Darko
#34211
Posted: 08/10/2015 11:31:19
by Ken Ivanov (Team)

Hi Darko,

Thank you for contacting us.

In general case, there is no 'standard' way for distinguishing between the certificates. Each particular infrastructure may impose its own rules (e.g. by naming) for identifying certificate purposes.

However, what you may try is checking the contents of the certificates' Key Usage extension. Typical flags indicating that the certificate is intended for document signing are Digital Signature and Non Repudiation, while HTTPS-specific purposes are specified via the Key Agreement flag. The contents of the Extended Key Usage extension is also worth checking.

Ken

Reply

Statistics

Topic viewed 1494 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!