Hello JP,

Your suggestion seems simple but you don't know the label length limit of the device and
you don't know what happens when you try to set a longer label than supported. Is it trimmed or an error is returned?

Another problem is that the key id is a result of the key generation so you cannot set the label when generating the key :-)
I'm considering alternatives...


On 07. 07. 22 9:14, Jan-Piet Mens wrote:
> Hello Daniel, > >> I've just realised that the maximum PKCS#11 key label length >> probably isn't enough to cover all possible zone names. > > Understood. > > I'm having a devil of a time (i.e. I'm finding it impossible) to > associate key files created on a Thales Security World with the > zones they're used for. Admittedly this is not often necessary, but I > would like to be able to identify the key files themselves. > >> Some devices are limited to 32 characters. > > Object 449: URL: > pkcs11:model=;manufacturer=nCipher%20Corp.%20Ltd;serial=xxx;\ > token=YYY;\ > id=%04%66%D0%9C%0D%9E%24%D9%79%0A%17%D3%5D%A0%CC%5A%3F%E2%A3%26;\ > type=public Type: Public key (RSA-2048) Label: ID: > 04:66:d0:9c:0d:9e:24:d9:79:0a:17:d3:5d:a0:cc:5a:3f:e2:a3:26 > > The ID is that which `keymgr list' displays (with colons in it), but > the label is empty. > > Would it be possible for Knot to actually set the label so the key > identifier used by Knot, i.e. for above example set it to: > 0466d09c0d9e24d9790a17d35da0cc5a3fe2a326, maybe truncating it on > devices which limit the field to a smaller number of characters? > > Best regards, > > -JP