PKCS#11
|
| Cryptographic Token Interface Standard |
PKCS#11 |
WTLS certificate objects (certificate type CKC_WTLS) hold WTLS public key certificates. The following table defines the WTLS certificate object attributes, in addition to the common attributes defined for this object class.
Table 25: WTLS Certificate Object Attributes
| Attribute | Data type | Meaning |
| CKA_SUBJECT1 | Byte array | WTLS-encoding (Identifier type) of the certificate subject |
| CKA_ISSUER | Byte array | WTLS-encoding (Identifier type) of the certificate issuer (default empty) |
| CKA_VALUE2 | Byte array | WTLS-encoding of the certificate |
| CKA_URL3 | RFC2279 string | If not empty this attribute gives the URL where the complete certificate can be obtained |
| CKA_HASH_OF_SUBJECT_PUBLIC_KEY4 | Byte array | SHA-1 hash of the subject public key (default empty) |
| CKA_HASH_OF_ISSUER_PUBLIC_KEY4 | Byte array | SHA-1 hash of the issuer public key (default empty) |
1Must be specified when the object is created. Can only be empty if CKA_VALUE is empty.
2Must be specified when the object is created. Must be non-empty if CKA_URL is empty.
3Must be non-empty if CKA_VALUE is empty.
4Can only be empty if CKA_URL is empty.
Only the CKA_ISSUER attribute may be modified after the object has been created.
The encoding for the CKA_SUBJECT, CKA_ISSUER, and CKA_VALUE attributes can be found in [WTLS] (see [_References References]).
The CKA_URL attribute enables the support for storage of the URL where the certificate can be found instead of the certificate itself. Storage of a URL instead of the complete certificate is often used in mobile environments.
The CKA_HASH_OF_SUBJECT_PUBLIC_KEY and CKA_HASH_OF_ISSUER_PUBLIC_KEY attributes are used to store the hashes of the public keys of the subject and the issuer. They are particularly important when only the URL is available to be able to correlate a certificate with a private key and when searching for the certificate of the issuer.
The following is a sample template for creating a WTLS certificate object:
CK_OBJECT_CLASS class = CKO_CERTIFICATE; CK_CERTIFICATE_TYPE certType = CKC_WTLS; CK_UTF8CHAR label[] = "A certificate object"; CK_BYTE subject[] = {...}; CK_BYTE certificate[] = {...}; CK_BBOOL true = CK_TRUE; CK_ATTRIBUTE template[] = { {CKA_CLASS, &class, sizeof(class)}, {CKA_CERTIFICATE_TYPE, &certType, sizeof(certType)}; {CKA_TOKEN, &true, sizeof(true)}, {CKA_LABEL, label, sizeof(label)-1}, {CKA_SUBJECT, subject, sizeof(subject)}, {CKA_VALUE, certificate, sizeof(certificate)} };