Problem In Adding Certificate

You must sign in to post in the forums.
5/8/2011 3:42:47 AM
BlackFox1234
Gravatar
Total Posts 5
View Posts

Problem In Adding Certificate

Dears NCryptoki's team ,

 

i try to add a certificate to my RSA SecureID800 , but whenever i restart my application , i find no certificates in the token , am i doing something wrong ?? :

 

#region Insert Cert


X509Certificate2 cert = new X509Certificate2(@"D:\Cert\X.pfx","0000");

//STORE CERTIFICATE
CryptokiCollection certTemplate = new CryptokiCollection();
certTemplate.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_CERTIFICATE));
certTemplate.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "MyLabel"));
certTemplate.Add(new ObjectAttribute(ObjectAttribute.CKA_CERTIFICATE_TYPE, Certificate.CKC_X_509));
certTemplate.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
certTemplate.Add(new ObjectAttribute(ObjectAttribute.CKA_SUBJECT, cert.SubjectName.RawData));
certTemplate.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, Encoding.ASCII.GetBytes("MyKeyPairID")));
certTemplate.Add(new ObjectAttribute(ObjectAttribute.CKA_VALUE, cert.RawData));
certTemplate.Add(new ObjectAttribute(ObjectAttribute.CKA_ISSUER, cert.Issuer));
certTemplate.Add(new ObjectAttribute(ObjectAttribute.CKA_SERIAL_NUMBER, cert.SerialNumber));

CryptokiObject certificate = session.Objects.Create(certTemplate);
session.Logout();
session.Close();

CryptokiCollection xx = session.Objects.Find(certTemplate, 10) ;
int xxc = xx.Count;


#endregion

 

in this code , xxc = 1 only if i call : CryptokiObject certificate = session.Objects.Create(certTemplate); , the next time if i didn't call it it counts 0 :(

 

why

5/9/2011 9:49:07 AM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: Problem In Adding Certificate

Hi,

Is't very strange it should work. NCryptoki returns the values returned by the undelrying PKCS#11 module. So it maybe a problem of the underlying PKCS#11 module.
Anyway, the template used for searching usually needs less attributes then the one used  to create it.

Try to remove the attribute CKA_VALUE.

 

Regards,

Ugo Chirico

5/9/2011 7:09:05 PM
BlackFox1234
Gravatar
Total Posts 5
View Posts

Re: Problem In Adding Certificate

but windows it self tells me when i try to login that the token "Have no valid certificates"

my certificate is not expired , so it means token have 0 certificate although i added it many times

do i have to login to token as "SO ( security office)" to add certificate ??? or is there any prerequisite needed to add certificate

and do i have to add certificate before use generatekeypair ?

 

thanks for your help a lot sir , you gave me great help in my questions

5/11/2011 12:07:16 AM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: Problem In Adding Certificate

What do you mean by "windows it self tells me when i try to login that the token "Have no valid certificates""?

Windows uses the CSP module not PKCS#11. The CSP uses different ways to attach a keypair to a certificate. If you create a certificate in the wrong way you'll never see it in the CSP.

You don't need to login as SO to install the certificate and you cannot create a certificate before generating a keypair because the certificate contains the public key.

5/11/2011 1:26:04 AM
BlackFox1234
Gravatar
Total Posts 5
View Posts

Re: Problem In Adding Certificate

ooooh , here is a part i cant get

i do get the certificate from a .pfx file , reading it as x509 cert and try to create it as an object using CreateObject method

shouldn't this be the way i do create the certificate in the token ??

and about windows reading the certificate , i had a token before this ( the same model ) the windows did identified that it have certificate but i had no pin , does doing this require special template for the certificates ?

 

by the way Ugo Chirico , you are a real tresure for security programming information , thanks alot my dear friend

5/11/2011 11:36:48 AM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: Problem In Adding Certificate

Now, all is clear. You have to add a pfx in the token.

The pfx contains both a private key and a certificate. Adding a pfx means adding both in the token. this is why you cannot see it in windows.

To add a pfx read this thread in the forum: http://www.ncryptoki.com/Forums/Thread.aspx?pageid=9&mid=22&ItemID=1&thread=5

You must sign in to post in the forums.