pkcs#11

I'm trying to create GOSTR3410 public key. CKR_ATTRIBUTE_TYPE_INVALID exeption

徘徊边缘 提交于 2020-01-02 13:31:09
问题 Good day! I'm trying to create public key ObjectHandle based on hex string that comes from client via post request. I'm doing it according to the documentation, but it returns me CKR_ATTRIBUTE_TYPE_INVALID exeption. Full exeption message: Net.Pkcs11Interop.Common.Pkcs11Exception: 'Method C_CreateObject returned CKR_ATTRIBUTE_VALUE_INVALID' Inner exeption is null Can you please help me to figure out what i'm doing wrong? Here is my code: using (Pkcs11 pkcs11 = new Pkcs11(Settings

What does CKA_SENSITIVE attribute in PKCS 11 means?

百般思念 提交于 2020-01-01 05:31:25
问题 I'm reading PKCS 11 documentation, and I can not understand cleary, what does CKA_SENSITIVE attribute of a key means. And more common: where can I read attributes description? 回答1: Quote from PKCS#11 spec v2.20: If the CKA_SENSITIVEattribute is CK_TRUE, or if the CKA_EXTRACTABLE attribute is CK_FALSE, then certain attributesof the secret key cannot be revealed in plaintext outside the token. Which attributes these are is specified for each type of secret key in the attribute table in the

Signing document with qualified certificate - smart card

白昼怎懂夜的黑 提交于 2019-12-25 08:04:09
问题 Code below works correctly for 2 different cryptografic smart-card libraries (certum cryptoCertum3PKCS.dll and cencert enigmap11.dll ), but it's crashing for kir(szafir) lib - ccpkip11.dll, after providing pin, which is for 100% correct Anyone has an idea what I'm doing wrong? KeyingDataProvider kp = new PKCS11KeyStoreKeyingDataProvider( settings.getDriverPath(), settings.getProviderName(), settings.getSlot(), new CertificateSelector(), new KeyStorePasswordProvider(), null, false); Document

Where is the trust chain? [python] asn1crypto and pkcs11 Aladdin USB eToken

我怕爱的太早我们不能终老 提交于 2019-12-24 23:42:57
问题 I have this code working fine. I am signing with an USB eToken. But after copying and pasting the PEM output of this code in the https://lapo.it/asn1js/ the trust chain is not shown. This eToken was provided by a CA and thus it has a trust chain of the signature. What's wrong? lib = pkcs11.lib('/usr/lib/libeToken.so.9') for slot in lib.get_slots(): try: token = slot.get_token() with token.open(user_pin='****') as session: priv = session.get_key(object_class=pkcs11.constants.ObjectClass

pkcs11 support for kona 25 javacard

社会主义新天地 提交于 2019-12-24 17:25:22
问题 I have some Kona25 javacard from Tag systems and I want to use them for encryption and signature of my emails (for example in thunderbird). I have searched Google, and I found that I need a PKCS11 module for my cards. I search more and I found that Charismathics CSSI provide a pkcs11 module for kona25 cards, but I am looking for an open source or free solution. Does anybody have a offer? OpenSC doesn't support kona25 cards! 回答1: As this is a JavaCard, everything in OpenSC wiki about JavaCard

how C_CreateObject , C_GenerateKey and C_GenerateKeyPair are different ?

ぃ、小莉子 提交于 2019-12-24 09:17:58
问题 Our PKCS#11 library miss the implementation of C_CreateObject. Before jumping into its implementation, i want to know the instances where C_CreateObject should be used instead of C_GenerateKey/C_GenerateKeyPair . 回答1: C_CreateObject imports existing data objects, certificates and/or keys generated externally into the device. C_GenerateKey generates new symmetric key (DES/AES/...) inside the device. C_GenerateKeyPair generates new asymmetric key pair (RSA/ECC/...) inside the device. 回答2: The

Create 3DES key with pkcs11Interop and output key value, or proivde key value for creation

天大地大妈咪最大 提交于 2019-12-24 09:13:06
问题 I was wondering whether it is possible using pkcs11interop to create a 3DES key and specify the key value for creation, or otherwise create a key and output the generated key value. Basically I need the secret key to be exported to another device. I've tried using the CKA_VALUE attribute and passing the key as a byte[] array but with no success. Is such thing possible please? Can someone assist me please? EDIT: Here is the code I have with no luck so far: public ObjectHandle generate3DESKey

PKCS#10 request for a object key pair from PKCS#11

♀尐吖头ヾ 提交于 2019-12-24 08:42:21
问题 I have a RSA 1024 key pair generated using standard call from PKCS#11. I need to generate a PKCS#10 CSR for the public key. MS has the IEnroll4 dll which will allow to raise a CSR using createRequestWStr. The samples indicate that you need to generate a new key pair(a container with 2 objects in MS CAPI) and MS automatically gives the the public key context for csr generation. In my case, I already have a key pair generated using pkcs#11(as 2 objects but no key container). MS dll is not

Programmatically synchronizing keys generated by HSM clients with the RFS server

匆匆过客 提交于 2019-12-24 07:36:03
问题 I am using PKCS11Interop to perform Key Management operations inside an HSM. The HSM I am using is a network HSM, Thales N-Shield. Here are the details of my setup: 1- HSM 1- RFS Server 3- Clients My software application is distributed and is hosted over the 3 clients. The key will be generated in one of the clients and could be used by the application components present in other clients. However, I have noticed that a key generated in one client machine is not accessible to other client

Exception “CKR_FUNCTION_NOT_SUPPORTED”, PKCS11Interop with OpenSC

让人想犯罪 __ 提交于 2019-12-24 07:10:20
问题 I am trying to use PKCS11Interop Library with latest version (0.16) of OpenSC (opensc-pkcs11.dll). I have tried USB tokens from three vendors which are Yubico 4, NitroKey Pro/Start, Fetian ePass2003 but unable to use most of the functions from PKCS11Interop Library. I receive Net.Pkcs11Interop.Common.Pkcs11Exception: 'Method C_SignRecoverInit returned CKR_FUNCTION_NOT_SUPPORTED' for most of functions provided by the library. The functions that throw this exception are C_GetOperationState, C