There is bad trick, changing private key name in xca chip card management in “Details” (which does not trigger a save to the hsm) and then use F2 to rename. This will result in
pkcs15-init could be used to initialize a PKCS#15 structure on a smart card. PKCS#15 is the meta data structure for describing keys and certificates. This is commonly used for statically configured cards (i.e. the PKI cards issued by a CA).
The SmartCard-HSM does dynamically manage objects on the card and uses some parts of PKCS#15 to describe objects. However, it does not use a full PKCS#15 data structure to describe keys and as such pkcs15-init is the wrong tool. The OpenSC implementation for the SmartCard-HSM emulates some options available in pkcs15-init, but not all. For changing the label you need to use the PKCS#11 interface, which is what xca does.
OpenSC assumes a label at each object, i.e. key, certificate and public key. The SmartCard-HSM only stores a label for the key. The label reported for certificate and public key is always the same as for the private key.
You can change the label for a public key or certificate object, but that does not have an effect. That is a known issue in OpenSC, which should rather report an error then trying to change the label for a certificate or public key.
Hmm, interessting: while I found the command to use pkcs15-init to change a label, I have not found the command using pkcs#11 to do so ? Did I overlook something ?
Bump. Got the same question now and also haven’t found any solution. Will post it here if I come across one, though.
Hah, found a possible option using p11tool from GnuTLS it possesses a --set-label command line option which seems to fit the bill.
--set-label=str
Set the CKA_LABEL for the specified by the URL object.
This option must not appear in combination with any of the
following options: write, set-id.
Modifies or sets the CKA_LABEL in the specified by the URL
object
Alas, I don’t know if it fits your bill, given you’re asking for Windows.
