<link>http://ncryptoki.com/forum.aspx</link> <description /> <docs>http://www.rssboard.org/rss-specification</docs> <generator>mojoPortal Forum module</generator> <item> <title>Re: GenerateKeyPair: CKR_TEMPLATE_INCONSISTENT HI

 

The thing is, if i only set CKA_KEY_TYPE then it complains of missing attributes frown
The attributes defined in my earlier post are the ones needed for the hsm to stop throwing CKR_TEMPLATE_INCOMPLETE or CKR_TEMPLATE_INCONSISTENT and go on and try to generate the key pair, but with a  CKR_FUNCTION_FAILED as a result.

Unfortunately the hsm does not say why the key generation fails.

Regards,
Mikael
 

]]>
http://ncryptoki.com/Forums/Thread.aspx?pageid=9&t=55~-1#post270 mystiqu http://ncryptoki.com/Forums/Thread.aspx?pageid= Fri, 23 Mar 2012 08:13:38 GMT Re: GenerateKeyPair: CKR_TEMPLATE_INCONSISTENT http://ncryptoki.com/Forums/Thread.aspx?pageid=9&t=55~-1#post269 mystiqu http://ncryptoki.com/Forums/Thread.aspx?pageid= Thu, 22 Mar 2012 16:58:32 GMT Re: GenerateKeyPair: CKR_TEMPLATE_INCONSISTENT Hi

I managed to solve the inconsistent part, but now I get CKR_FUNCTION_FAILED instead.
The strange thing is that the documentation (for ncipher net hsm 2000) speficied that only the key type was a required attribute.

Any ideas what might be wrong? The attributes itself are pretty straight forward and nothing that should have an invalid value.

The following attributes were required:

                Log("Adding public attributes", true);
                CryptokiCollection templatePub = new CryptokiCollection();
                templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PUBLIC_KEY));
                templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_ENCRYPT, true));
                templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, storeOnToken));
                templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, publicLabel));
                templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_WRAP, true));
                templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_MODULUS_BITS, 1024));
                templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_PUBLIC_EXPONENT, 0x10001));
                Log("Added " + templatePub.Count.ToString() + " attributes.", true);

                Log("Adding private attributes", true);
                CryptokiCollection templatePri = new CryptokiCollection();
                templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY));
                templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_DECRYPT, true));
                templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_RSA));
                templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, storeOnToken));
                templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
                templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_SUBJECT, "test"));
                templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_UNWRAP, true));
                templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_SENSITIVE, false));
                templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, privateLabel));
                Log("Added " + templatePri.Count.ToString() + " attributes.", true);

Best regards,
Mikael

]]>
http://ncryptoki.com/Forums/Thread.aspx?pageid=9&t=55~-1#post268 mystiqu http://ncryptoki.com/Forums/Thread.aspx?pageid= Thu, 22 Mar 2012 14:45:55 GMT
Re: GenerateKeyPair: CKR_TEMPLATE_INCONSISTENT Hi

I tried using en example from NETPKCS11.pdf (How to use NCryptoki), but then I got error code 6: CKR_FUNCTION_FAILED.
Is there any example out there that works (see the example I used further down this post)?

Since the API doesn't tell me which attribute is invalid or missing I'm kind of stumbling in the dark here...


Regards,
Mikael


Sample code from ncryptoki site:

CryptokiCollection templatePub = new CryptokiCollection();

templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS,
CryptokiObject.CKO_PUBLIC_KEY));
templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, false));
templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Ugo's new Key"));
templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "1"));
templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_MODULUS_BITS, 1024));
templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_PUBLIC_EXPONENT, 0x010001));
// Prepares the templates for private key
CryptokiCollection templatePri = new CryptokiCollection();
templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS,
CryptokiObject.CKO_PRIVATE_KEY));
templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Ugo's new Key"));
templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "1"));  

]]>
http://ncryptoki.com/Forums/Thread.aspx?pageid=9&t=55~-1#post267 mystiqu http://ncryptoki.com/Forums/Thread.aspx?pageid= Thu, 22 Mar 2012 13:45:44 GMT
GenerateKeyPair: CKR_TEMPLATE_INCONSISTENT Hi

 

I'm trying to generate a key pair and store them on the token (ncipher net hsm 2000).
I'm getting error code 209: CKR_TEMPLATE_INCONSISTENT, and I can't figure out what's missing.
See the code snippet below where the attributes are defined.

Any ideas anyone?

Regards,
Mikael

........
                Log("Adding public attributes", true);
                CryptokiCollection templatePub = new CryptokiCollection();
                templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PUBLIC_KEY));
                templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_DERIVE, false));
                templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_ENCRYPT, true));
                templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_RSA));
                templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, storeOnToken));
                templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
                templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, publicLabel));
                templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "1"));
                templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_MODULUS_BITS, 1024));
                Log("Added " + templatePub.Count.ToString() + " attributes.", true);

                Log("Adding private attributes", true);
                CryptokiCollection templatePri = new CryptokiCollection();
                templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY));
                templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_DECRYPT, true));
                templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_DERIVE, false));
                templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_EXTRACTABLE, true));
                templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_RSA));
                templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, storeOnToken));
                templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
                templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, privateLabel));
                templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "1"));
                //templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_MODULUS_BITS, 1024));
                Log("Added " + templatePri.Count.ToString() + " attributes.", true);
............

]]>
http://ncryptoki.com/Forums/Thread.aspx?pageid=9&t=55~-1#post266 mystiqu http://ncryptoki.com/Forums/Thread.aspx?pageid= Thu, 22 Mar 2012 13:09:43 GMT