[kmf-discuss] pktool import/export file <-> pkcs11
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Tue Aug 7 14:15:35 PDT 2007
Huie-Ying Lee wrote:
> For import subcommand, we decided to support certficate, CRL and PK12
> files only for phase 1. Also because we support only 4 kinds of
> symmetric keys (AES, DES, 3DES and RC4) in phase 1, we can not
> auto-detect the key type from a keyfile without additional
> "meta-data" information, as you mentioned above.
>
> The generic key support was added after phase 1 and it is supported
> only on ONNV currently. With the generic key support, I think it
> should be OK to treat it as a generic symmetric key when importing a
> key file.
>
> BTW, one idea that we have thought of (but havn't had chances to
> pursue further) is to create an .xml file that would contain
> meta-data for raw symmetric keys in a single directory. This
> meta-data XML file will allow better symmetric key management.
>
> Huie-Ying
>
I'm working on adding the ability to import generic keys in my workspace,
if it comes out OK, I'll include it in the API update gate so it gets
putback
with that stuff.
-Wyllys
More information about the kmf-discuss
mailing list