[kmf-discuss] OIDs and Extensions
Massimiliano Pala
pala at cs.dartmouth.edu
Tue May 22 10:28:26 PDT 2007
Massimiliano Pala wrote:
> Hi all,
>
> I have two problems you might help me with. The first one is how to
[...]
> not already into KMF.
I actually found how to do this...
> Second problem is how to encode a generic extension. Probably I am missing
> something but I can not find any function that would let me generating my
> own extension to be added to a certificate or to a request.
I probably have to explain it better. In my project I have two different
configuration files, one for the OIDs and another for the certificate/request
profile. In the first I have all the "non-standard" OIDs - this helps in
updating the code without having to update the crypto libraries. The second
file has a "profile" which basically has configuration for the certificate.
What I would be able to do in KMF is, given the following description for
an extension:
<pki:extension name="OpenCA" critical="yes">
<pki:value type="ASN1:UTF8String">TEST VALUE</pki:value>
<pki:value type="DER">01:02:03:04:AA:F8</pki:value>
</pki:extension>
(the extension's OID for "OpenCA" is taken from the OIDs config file).
My question is if there is documentation on how to use the:
KMF_SetCertExtension ()
and how to correctly build the KMF_X509_EXTENSION record. Are there any
examples about this ?
Cheers,
Dr. Max
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3088 bytes
Desc: S/MIME Cryptographic Signature
Url : http://oss-beta1.opensolaris.org/pipermail/kmf-discuss/attachments/20070522/5c5f3c1c/attachment.bin
More information about the kmf-discuss
mailing list