Doug Engert

https://docs.oasis-open.org/pkcs11/pkcs11-base/v3.0/os/pkcs11-base-v3.0-os.pdf The attribute is passed in a CK_ATTRIBUTE ``` typedef struct CK_ATTRIBUTE { CK_ATTRIBUTE_TYPE type; CK_VOID_PTR pValue; CK_ULONG ulValueLen; } CK_ATTRIBUTE; ``` So in the simplest case, your `--extra-attr 80000001:AF0234BC`...

> pValue of CK_ATTRIBUTE can point to an arbitrary structure of arbitrary length (defined by ulValueLen), right? Yes, but pkcs11 specs are careful to define types in terms of CK_*...

The closest thing PKCS\#15 has is: "6.1.14 CommonCertificateAttributes CommonCertificateAttributes ::= SEQUENCE { iD Identifier, authority BOOLEAN DEFAULT FALSE, ... The **authority** field indicates whether the certificate is for an authority...

> what is the status of this PR? has it been abandoned as well? It seems there was a previous attempt at implementing EC keygen which didn't prosper either (https://github.com/OpenSC/libp11/pull/379)....

Ssee https://github.com/OpenSC/libp11/pull/470#issuecomment-1219913973 and make sure the free callback is also added. Further comments discuses OpenSSL 1.1 and OpenSSL 3.0 while engines are still available #471 tries to address the dup...

Where were the keys created? On card or off card? Who created the card? By you or some organization that issued a card to you. As @popovec points out if...

So it looks like some organization issued you a certificate and you followed their rules. Have you "contacted their support? A certificate contains the public key that matches a private...

> The only thing I want is that this card is supported enough so I can take my own certificate out of it and put it somewhere else, that's all....

> Yubikey is flawed like that? No. Yubico is fine. Your goal of reading a private key off a token is the problem. Bye

The windows install/uninstall was tested on Windows 11. Before the install, any previous OpenSC packages where uninstalled. NIST "Beta Test Cards" (from 2010) were used to test the minidriver. -...