<link>http://ncryptoki.com/forum.aspx</link> <description /> <docs>http://www.rssboard.org/rss-specification</docs> <generator>mojoPortal Forum module</generator> <item> <title>Re: Wrong PKCS10 / CSR You are right. I haven't seen it. Thank you

]]>
http://ncryptoki.com/Forums/Thread.aspx?pageid=9&t=57~-1#post276 rodriguez http://ncryptoki.com/Forums/Thread.aspx?pageid= Thu, 26 Apr 2012 17:43:05 GMT Re: Wrong PKCS10 / CSR It seems the you used the wrong algo in your SubjectPublicKeyInfo in CertificationRequestInfo

The algo must be PkcsObjectIdentifiers.RsaEncryption.

See the documentation in the wiki:

http://wiki.ncryptoki.com/How-to-generate-a-PKCS-10-certification-request-in-C.ashx?NoRedirect=1

]]>
http://ncryptoki.com/Forums/Thread.aspx?pageid=9&t=57~-1#post275 rodriguez http://ncryptoki.com/Forums/Thread.aspx?pageid= Wed, 25 Apr 2012 17:45:51 GMT
Wrong PKCS10 / CSR Hi Ugo,

I'm trying to develop a function that returns a CSR with PKCS#10 specification in C#.

 

Through documentation and wiki I was able to create the key pair, from smartcard, and a 'base 64' CSR string with the following code.

After creating the CSR I tried to verify the correctness of the string with some tools that can be found online but the check fails...

 

I 'm a newbie about certification request and I have simply copied the code from the documentation.

Can you tell me if there are any errors in my code???

Thank you

Mike

 

THE CODE:

           Cryptoki cryptoki = new Cryptoki("bit4ipki.dll");

            cryptoki.Initialize();

            Session session = cryptoki.Slots[0].Token.OpenSession(Session.CKF_SERIAL_SESSION | Session.CKF_RW_SESSION, null, null);
            session.Login(Session.CKU_USER, "12345");

            CryptokiCollection templatePub = new CryptokiCollection();
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PUBLIC_KEY));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, false));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Test PuKey"));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "1"));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_MODULUS_BITS, 1024));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_PUBLIC_EXPONENT, 0x010001));

            CryptokiCollection templatePri = new CryptokiCollection();
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Test PrKey"));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "1"));

            Key[] keys = session.GenerateKeyPair(Mechanism.RSA_PKCS_KEY_PAIR_GEN, templatePub, templatePri);
            RSAPrivateKey privateKey = (RSAPrivateKey)keys[1];
            RSAPublicKey publicKey = (RSAPublicKey)keys[0];


            CertificationRequestInfo reqInfo = new CertificationRequestInfo(
                new X509Name("OU=Test Mike DS, L=MyCity, T=Doctor, SERIALNUMBER=1234567890, O=CGN, C=IT, E=test@gmail.com, CN=Mike"),
                new SubjectPublicKeyInfo(new AlgorithmIdentifier(X509ObjectIdentifiers.IdEARsa, DerNull.Instance),
                new RsaPublicKeyStructure(new BigInteger(1, publicKey.Modulus), new BigInteger(1, publicKey.PublicExponent))
                .GetDerEncoded()), null);

             session.SignInit(Mechanism.SHA1_RSA_PKCS, privateKey);

             byte[] signature = session.Sign(reqInfo.GetDerEncoded());

             CertificationRequest pkcs10 = new CertificationRequest(
             reqInfo,
             new AlgorithmIdentifier(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.Sha1WithRsaEncryption, DerNull.Instance),
             new DerBitString(signature));

             string csr = System.Convert.ToBase64String(pkcs10.GetDerEncoded()); 

]]>
http://ncryptoki.com/Forums/Thread.aspx?pageid=9&t=57~-1#post274 rodriguez http://ncryptoki.com/Forums/Thread.aspx?pageid= Tue, 24 Apr 2012 17:58:16 GMT