Re: Hello to the list (UNCLASSIFIED)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Geoff Elgey wrote:

In my case, I need to know which certificates are suitable for smartcard logon to Active Directory. This means decoding each certificate on the token, checking the extensions for the existence of a UPN in the subject alternative name extension, and for the existence of smartcard logon oid in the extended key usage extension.

Welcome to the life of a CAC middleware developer. :) FWIW, this is exactly what ActivCard does (in the newer versions; older versions had more ... obscure cert selection algorithms).

Since I am only interested in the certificate that can be used for smartcard logon, I am toying with the idea of only making the email signing certificate visible to PKCS#11 to make this easier.

This is certainly an option, but will limit reuse of your code.

-- Tim

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Coolkey-devel mailing list

[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Women]

  Powered by Linux