000014410 - SID 800 token initializes the token successfully does not change the token label

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000014410
Applies ToRSA SID800 SecurID Token
RSA SecurID SID800 Authenticator (USB token)
RSA Authentication Client (RAC) 3.5.4
IssueSID 800 token initializes the token successfully does not change the token label
C_InitToken method of the RSA PKCS#11 module does not set the token label I'm working on the support of the RSA SID 800 token in OpenTrust Card Management Solution with the RSA PKCS#11 middleware. In the PKCS#11 standard, the method C_InitToken initializes a token and sets the token label with the provided 32-byte string (padded with blank characters and not null-terminated). C_InitToken of the RSA PKCS#11 module initializes the token successfully but does not change the token label. The "PKCS #11 Developer Guide" does not mention this limitation. 

Token label is what the device will be displayed as with applications that would access it.


Token information: Token SecurID 800 rev D3 
Protocol version : 1.0
USB firmware version : 3.5
SecurId chip ID : 1.0
SecurId chip firmware version : 3.3
Causereason for the deviation is that the SID800 label length restriction was never based on PKCS #11 requirements. The label that our PKCS #11 module is using is actually a SecurID token label. Perhaps there is a 24-character limit on SecurID token labels as defined by the software token API specification.
ResolutionThis a design limitation that will be looked at in next Development Release of RAC. This is tracked with RFE ACLT-810
NotesACLT-810
Legacy Article IDa57384

Attachments

    Outcomes