问题
Hei, The question is not really about Ncryptoki but i didnt know anywhere else to ask.. so if anybody can help please help me. Im tryng to generate AES key and heres the code what i have right now:
CK_MECHANISM keyGenMech = new CK_MECHANISM(CKM.AES_KEY_GEN);
CK_ATTRIBUTE[] template =
{
new CK_ATTRIBUTE(CKA.CLASS, CKO.SECRET_KEY),
new CK_ATTRIBUTE(CKA.TOKEN, CK_BBOOL.TRUE),
new CK_ATTRIBUTE(CKA.SENSITIVE, CK_BBOOL.TRUE),
new CK_ATTRIBUTE(CKA.VALUE_LEN, 32),
new CK_ATTRIBUTE(CKA.KEY_TYPE, CKK.AES),
new CK_ATTRIBUTE(CKA.LABEL, "testAES".getBytes()),
new CK_ATTRIBUTE(CKA.PRIVATE, new CK_BBOOL(bPrivate))
};
CryptokiEx.C_GenerateKey(session, keyGenMech, template, template.length, wrappingKey);
But this gives me a error:
C_GenerateKey rv=0x62 - key size range
Can anybody give me some idea where to go from here to solve this..
EDIT: Just for info - I have SafeNet HSM and im using java PKCS#11 wrapper called jprov what comes with SafeNet ProtectToolkit.
回答1:
I found the answere, new CK_ATTRIBUTE(CKA.VALUE_LEN, 32), , the 32 in there has to be CK_ULONG value so when i do this:
LongRef l = new LongRef((long)32);
CK_ATTRIBUTE[] template =
{
new CK_ATTRIBUTE(CKA.CLASS, CKO.SECRET_KEY),
new CK_ATTRIBUTE(CKA.TOKEN, CK_BBOOL.TRUE),
new CK_ATTRIBUTE(CKA.SENSITIVE, CK_BBOOL.TRUE),
new CK_ATTRIBUTE(CKA.VALUE_LEN, l.value),
//new CK_ATTRIBUTE(CKA.VALUE, key),
new CK_ATTRIBUTE(CKA.KEY_TYPE, CKK.AES),
new CK_ATTRIBUTE(CKA.LABEL, "testAES".getBytes()),
new CK_ATTRIBUTE(CKA.PRIVATE, new CK_BBOOL(bPrivate))
};
Where LongRef is:
public class LongRef {
public long value;
public LongRef(long l) {
//compiled code
throw new RuntimeException("Compiled Code");
}
}
Hope this helps someone.
来源:https://stackoverflow.com/questions/6661329/pkcs11-generate-aes-key