<link>http://ncryptoki.com/forum.aspx</link> <description /> <docs>http://www.rssboard.org/rss-specification</docs> <generator>mojoPortal Forum module</generator> <item> <title>Re: secret key load PKCS#11 error codes are described in our wiki:

http://wiki.ncryptoki.com/How-NCryptoki-manages-PKCS-11-errors.ashx

]]>
http://ncryptoki.com/Forums/Thread.aspx?pageid=9&t=68~-1#post958 acab http://ncryptoki.com/Forums/Thread.aspx?pageid= Wed, 11 Nov 2015 13:56:51 GMT Re: secret key load I have the SAME code and it returns me error 272 when I try to save a 16 byte key.. why?

]]>
http://ncryptoki.com/Forums/Thread.aspx?pageid=9&t=68~-1#post952 acab http://ncryptoki.com/Forums/Thread.aspx?pageid= Tue, 03 Nov 2015 08:35:46 GMT
Re: secret key load Thank you.  In my case, I was able to find the command syntax and use the "cmu importkey" command to take the key in.  

# cmu importkey -in file.pem -keyalg RSA

 

]]>
http://ncryptoki.com/Forums/Thread.aspx?pageid=9&t=68~-1#post407 acab http://ncryptoki.com/Forums/Thread.aspx?pageid= Tue, 18 Dec 2012 17:06:42 GMT
Re: secret key load Hi tomasfou,

the code I meant is something like this: 

public void storeKey(byte[] keyValue, String label, string algo)
{
    SecretKey wrappingKey = generaDES3ToWrap(session); // on the fly key
    session.EncryptInit(Mechanism.DES3_ECB, wrappingKey);
    byte[] bytes = session.Encrypt(keyValue); // encrypt the array with the generated key
    // Create a template with necessary properties
    CryptokiCollection template = new CryptokiCollection();
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_SECRET_KEY));
    if (algo.Equals("DES3") || algo.Equals("DES"))
    {
        template.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_DES3));
    }
    else
    {
        template.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_AES));
    }
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, label));
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_ENCRYPT, true));
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_DECRYPT, true));
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_SENSITIVE, true));
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_WRAP, true));
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_UNWRAP, true));
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_SIGN, true));
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_VERIFY, true));
    Key wrappata = session.UnwrapKey(Mechanism.DES3_ECB, wrappingKey, bytes, template); // unwrap the template with the on the fly key
    session.Objects.Destroy(wrappingKey); // destroy the temporary key
}
// Generate a key on the fly
private SecretKey generaDES3ToWrap(Session session)
{
    string labelTempKey = "Temp key to wrap";
    CryptokiCollection template = new CryptokiCollection();
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_SECRET_KEY));
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_DES3));
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, labelTempKey));
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, false));
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_ENCRYPT, true));
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_DECRYPT, true));
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_SENSITIVE, true));
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_VERIFY, true));
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_SIGN, true));
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_WRAP, true));
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_UNWRAP, true));
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_DERIVE, false));
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_EXTRACTABLE, false));
    template.Add(new ObjectAttribute(ObjectAttribute.CKA_VALUE_LEN, 24));
    Key key = session.GenerateKey(Mechanism.DES3_KEY_GEN, template);
    return (SecretKey)key;
}
]]>
http://ncryptoki.com/Forums/Thread.aspx?pageid=9&t=68~-1#post406 acab http://ncryptoki.com/Forums/Thread.aspx?pageid= Tue, 18 Dec 2012 15:55:27 GMT
Re: secret key load Hi Andrea,

 

Would it be possible to share the commands that you have used to successfully unwrap the key?

- generate on the fly a key on the token
- crypt the key with the just generated key
- unwrap the key on the token with the just generated key
- delete the temporary key

 

Thanks,

]]>
http://ncryptoki.com/Forums/Thread.aspx?pageid=9&t=68~-1#post404 acab http://ncryptoki.com/Forums/Thread.aspx?pageid= Fri, 14 Dec 2012 16:43:23 GMT
Re: secret key load Hi,

I found the solution and I post it now for other people that have the same problem.

In Luna PCI is not possible to directly create a key (secret key nor private key); the key must be derived or cloned or unwrapped.

I've unwrapped the key that wey:

- generate on the fly a key on the token

- crypt the key with the just generated key

- unwrap the key on the token with the just generated key

- delete the temporary key

 

Hope this help

Andrea

]]>
http://ncryptoki.com/Forums/Thread.aspx?pageid=9&t=68~-1#post334 acab http://ncryptoki.com/Forums/Thread.aspx?pageid= Fri, 05 Oct 2012 06:48:13 GMT
Re: secret key load It is possible that I have to include some Safenet class attribute from the Safenet class?

Thanks

Andrea

]]>
http://ncryptoki.com/Forums/Thread.aspx?pageid=9&t=68~-1#post331 acab http://ncryptoki.com/Forums/Thread.aspx?pageid= Mon, 24 Sep 2012 14:06:33 GMT
Re: secret key load Thank you for the response, but it doesn't works.

I've cut off some attributes but the same error code.

CryptokiCollection template = new CryptokiCollection();
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_SECRET_KEY));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_DES));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, label));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, label));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_ENCRYPT, true));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_DECRYPT, true));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_MODIFIABLE, false));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_VALUE, keyValue));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_SENSITIVE, false));

            session.Objects.Create(template);

 

TEMPLATE_INCONSISTENT even if decrypt,encrypt was set to false or modifiable and sensitive to true.

Have you got any idea?

Thanks

Andrea 

]]>
http://ncryptoki.com/Forums/Thread.aspx?pageid=9&t=68~-1#post330 acab http://ncryptoki.com/Forums/Thread.aspx?pageid= Mon, 24 Sep 2012 11:52:14 GMT
Re: secret key load CKR_TEMPLATE_INCONSISTENT means that something in the attribute set is not coherent.

try to set CKA_SENSITIVE=False and CKA_EXTRACTABLE=True

]]>
http://ncryptoki.com/Forums/Thread.aspx?pageid=9&t=68~-1#post329 acab http://ncryptoki.com/Forums/Thread.aspx?pageid= Mon, 24 Sep 2012 10:20:36 GMT
secret key load Hi,

I've to load some secret keys (DES, 3DES, AES) on a Luna HSM.

I'm able to do this with Java API but I havent find a way with c#.

Here's the code snippet for DES:

 

            DESCryptoServiceProvider tdes = new DESCryptoServiceProvider();
            tdes.GenerateKey();
            byte[] keyValue = tdes.Key;
          

            CryptokiCollection template = new CryptokiCollection();
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_SECRET_KEY));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_DES));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, label));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, label));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_MODIFIABLE, true));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_VALUE, keyValue));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_SENSITIVE, true));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_EXTRACTABLE, true));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_ENCRYPT, true));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_DECRYPT, true));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_WRAP, true));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_UNWRAP, true));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_EXTRACTABLE, true));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_SIGN, true));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_VERIFY, true));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_DERIVE, false));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_ALWAYS_SENSITIVE, true));
            template.Add(new ObjectAttribute(ObjectAttribute.CKA_LOCAL, false));

          
            session.Objects.Create(template);

 

The response was always CKR_TEMPLATE_INCONSISTENT

I first tried with a small set of attributes, adding one at a time untill I've reached the set that seem have the key inserted with Java API:

 

Object
handle=5
CKA_CLASS=04000000
CKA_TOKEN=01
CKA_PRIVATE=01
CKA_LABEL=DACANC
CKA_KEY_TYPE=15000000
CKA_ID=00000139e3cd4f3b
CKA_SENSITIVE=01
CKA_ENCRYPT=01
CKA_DECRYPT=01
CKA_WRAP=01
CKA_UNWRAP=01
CKA_SIGN=01
CKA_VERIFY=01
CKA_DERIVE=00
CKA_START_DATE=
CKA_END_DATE=
CKA_VALUE_LEN=18000000
CKA_LOCAL=00
CKA_MODIFIABLE=01
CKA_EXTRACTABLE=01
CKA_ALWAYS_SENSITIVE=01
CKA_NEVER_EXTRACTABLE=00
CKA_CCM_PRIVATE=00
CKA_FINGERPRINT_SHA1=c6f41651262ef37ecbc0543931c4166abdbab842

 

Can you suggest me some more actions to do?

 

Thanks

Andrea

]]>
http://ncryptoki.com/Forums/Thread.aspx?pageid=9&t=68~-1#post328 acab http://ncryptoki.com/Forums/Thread.aspx?pageid= Mon, 24 Sep 2012 09:31:51 GMT