Attribute certificate
The Set Attribute Ticket, which is used to authorize updates to key usage limits, has the format of an Attribute Certificate defined by PKIX (RFC 3281).
The algorithm OID_X509_ATTR_KEY_DIGEST
is:
Where:
ObjectID
is the concatenation of the CKA_LABEL and CKA_ID attributes of the target Object.
OID used to indicate key digest algorithm
OID | OID-type |
---|---|
{ iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprises(1) safeNetInc(23629) safenetRoot(1) safenetHSM(4) ptkc(2) objDigests(2) key(1) } | OID_X509_ATTR_KEY_DIGEST |
OID Value | OID-type | Cryptoki Attribute Type | DER Encoded Value |
---|---|---|---|
{ iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprises(1) safeNetInc(23629) safenetRoot(1) safenetHSM(4) ptkc(2) p11Attrs(1) usage_limit(1) } | OID_X509_ATTR_USAGE_LIMIT | CKA_USAGE_LIMIT | INTEGER |
{ iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprises(1) safeNetInc(23629) safenetRoot(1) safenetHSM(4) ptkc(2) p11Attrs(1) end_date(2) } | OID_X509_ATTR_END_DATE | CKA_END_DATE | PrintableString |
{ iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprises(1) safeNetInc(23629) safenetRoot(1) safenetHSM(4) ptkc(2) p11Attrs(1) start_date(3) } | OID_X509_ATTR_START_DATE | CKA_START_DATE | PrintableString |
{ iso(1) identified-organization(3) dod(6) internet(1) private(4) enterprises(1) safeNetInc(23629) safenetRoot(1) safenetHSM(4) ptkc(2) p11Attrs(1) admin_cert(4) } | OID_X509_ATTR_ADMIN_CERT | CKA_ADMIN_CERT |