CKM_RSA_PKCS

3/7/2017 8:57:07 AM
Gravatar
Total Posts 3

CKM_RSA_PKCS

Good morning,

i've met a problem while using the method SignInit of NCryptoki, in the HSM used :

1 - When the signature mode CKM_RSA_PKCS of the HSM is allowed, the method SignInit can use the SHA1_RSA_PKCS mecanism.

2 - But if i disallow the signature mode CKM_RSA_PKCS of the HSM, i can't use the SHA1_RSA_PKCS mecanism.

3 - the signature modes allowed in the HSM are :

- CKM_SHA_256_HMAC

- CKM_SHA_384_HMAC

- CKM_SHA_512_HMAC

- CKM_RSA_PKCS_PSS

- CKM_ECDSA

Does an equivalent exist in Cryptoki for those modes ?

Best Regards

3/7/2017 11:36:14 AM
Gravatar
Total Posts 30

Re: CKM_RSA_PKCS

Hi,

first of all NCryptoki is a wrapper to the underlying PKCS#11 module related to your HSM. It simply passes the function calls to the HSM as is without doing nothing else. You should read the PKCS#11 specifications to understand the ways to call your HSM (see our wiki: http://wiki.ncryptoki.com)

Then, if you disable CKM_RSA_PKCS, you are disabling RSA algorithm in the HSM, so all other mechanisms related to RSA, such as SHA1_RSA_PKCS, will not work.

Finally, NCryptoki fully support PKCS#11 specifications. All the mechanisms (also the ones you mentioned) are declared in the class Mechanism (see api doc http://www.ncryptoki.com/api-documentation.aspx)

 

 

 

 

3/7/2017 4:00:19 PM
Gravatar
Total Posts 3

Re: CKM_RSA_PKCS

Hi,

Thank you for your answer.

we voluntarily disabled CKM_RSA_PKCS and we want to use the CKM_RSA_PKCS_PSS enabled.

But we can't find any mecanism which matches with it.

Also, i'm not able to view your link : can't show the content of cryptware.com .

 

 

 

3/7/2017 4:50:58 PM
Gravatar
Total Posts 30

Re: CKM_RSA_PKCS

We are currently having some issues with the server cryptware.com. I hope to have all solved in half an hour.

Anyway you can download the API doc from this link: http://www.ncryptoki.com/SharedFiles/Download.aspx?pageid=7&mid=17&fileid=5

 I have just seen that the mechanism CKM_RSA_PKCS_PSS is not in the Machanism class. Let's prepare a new version with the missing algo.

 

 

3/8/2017 10:40:44 AM
Gravatar
Total Posts 3

Re: CKM_RSA_PKCS

That is brilliant !

Thank you for your support.

Instead of adding new mecanism, is there any equivalent in Ncryptoki for those :

- CKM_SHA_256_HMAC

- CKM_SHA_384_HMAC

- CKM_SHA_512_HMAC

- CKM_ECDSA

?

3/14/2017 3:48:50 PM
Gravatar
Total Posts 30

Re: CKM_RSA_PKCS

In the class Mechanism, in the current version, you have the following definitions:

public const int CKM_SHA256                     = 0x00000250;
public const int CKM_SHA256_HMAC                = 0x00000251;
public const int CKM_SHA256_HMAC_GENERAL        = 0x00000252;
public const int CKM_SHA384                     = 0x00000260;
public const int CKM_SHA384_HMAC                = 0x00000261;
public const int CKM_SHA384_HMAC_GENERAL        = 0x00000262;
public const int CKM_SHA512                     = 0x00000270;
public const int CKM_SHA512_HMAC                = 0x00000271;
public const int CKM_SHA512_HMAC_GENERAL        = 0x00000272;

 

Actually in the Mechanism class there are all the mechanisms defined in the PKCS#11 2.20 specifications

 

5/23/2017 2:21:41 PM
Gravatar
Total Posts 300
Ugo Chirico http://www.ugochirico.com

Re: CKM_RSA_PKCS

To use CKM_RSA_PKCS_PSS mecahanism you don't need a new version. You can use  this code:

Mechanism mechanism = new Mechanism(Mechanism.CKM_RSA_PKCS_PSS, param);