WIP: support all roles in yubikey #653
Conversation
Signed-off-by: David Lawrence <david.lawrence@docker.com> (github: endophage)
endophage
force-pushed
the
yubikey_all_roles
branch
from
659d53b to
13359e1
Compare
| ctx, | ||
| session, | ||
| privKey, | ||
| slot, |
There was a problem hiding this comment.
I've been wondering if we should change the signatures for addECDSAKey and createLoadCert to have a slotID variable instead of privKeyID variable, WDYT?
There was a problem hiding this comment.
The terminology is weird and we never settled on something. If memory serves (from discussions with the Yubikey folks 4-5 months back), in PKCS11 a "slot" is technically a device, i.e. the Yubikey itself is a PKCS11 "slot". I'm not sure what the correct term is for the space that a key actually resides in. We should find out and stop using "slot" because it'll just confuse anyone familiar with PKCS11.
There was a problem hiding this comment.
Seems like "token"? The pkcs11 spec has a nice section for definitions on page 12 of the core specification PDF (numbered pg6 on the document)
There was a problem hiding this comment.
Yeah, token does appear to be the correct PKCS11 name. I'll switch over to that in the PR.
|
Hi, @endophage if you could put a new line between your commit message and the sign-off-by, it will be better when we use |
|
There have been a lot of changes so closing this. Will preserve branch for future reference. |
Signed-off-by: David Lawrence david.lawrence@docker.com (github: endophage)