|Applies To||RSA SID800 SecurID Token|
RSA SecurID SID800 Authenticator (USB token)
RSA Authentication Client (RAC) 3.5.4
|Issue||SID 800 token initializes the token successfully does not change the token label|
C_InitToken method of the RSA PKCS#11 module does not set the token label I'm working on the support of the RSA SID 800 token in OpenTrust Card Management Solution with the RSA PKCS#11 middleware. In the PKCS#11 standard, the method C_InitToken initializes a token and sets the token label with the provided 32-byte string (padded with blank characters and not null-terminated). C_InitToken of the RSA PKCS#11 module initializes the token successfully but does not change the token label. The "PKCS #11 Developer Guide" does not mention this limitation.
Token label is what the device will be displayed as with applications that would access it.
Token information: Token SecurID 800 rev D3
Protocol version : 1.0
USB firmware version : 3.5
SecurId chip ID : 1.0
SecurId chip firmware version : 3.3
|Cause||reason for the deviation is that the SID800 label length restriction was never based on PKCS #11 requirements. The label that our PKCS #11 module is using is actually a SecurID token label. Perhaps there is a 24-character limit on SecurID token labels as defined by the software token API specification.|
|Resolution||This a design limitation that will be looked at in next Development Release of RAC. This is tracked with RFE ACLT-810|
|Legacy Article ID||a57384|