eliasp, 1 month ago And the unique part of the URI seems to be the "id=" value, e.g.: pkcs11:id=%22%F1%9E%2E%C6%EA%CC%FC%5D%23%46%F4%C2%E8%F6%C5%54%DD%5E%07;type=cert What's this ID? It's not the cert's serial. After 2 hours of digging through the documentation, RFCs etc. I ended up with the conclusion: it's completely up to the local tooling, since RFC#7512 says: "…the corresponding PKCS #11 "CKA_ID" object attribute can contain arbitrary binary data." Digging now through the sources for using a key tool… 😔
And the unique part of the URI seems to be the "id=" value, e.g.:
pkcs11:id=%22%F1%9E%2E%C6%EA%CC%FC%5D%23%46%F4%C2%E8%F6%C5%54%DD%5E%07;type=cert
What's this ID? It's not the cert's serial.
After 2 hours of digging through the documentation, RFCs etc. I ended up with the conclusion: it's completely up to the local tooling, since RFC#7512 says:
"…the corresponding PKCS #11 "CKA_ID" object attribute can contain arbitrary binary data."
Digging now through the sources for using a key tool… 😔