p12 import

You must sign in to post in the forums.
5/11/2017 8:32:10 AM
chenchen300
Gravatar
Total Posts 9
View Posts

p12 import

 X509Certificate2 cert = new X509Certificate2(@"C:\TEMP_CERTS\ca.p12", ss, X509KeyStorageFlags.Exportable);
            AsymmetricAlgorithm keyPair = cert.PrivateKey;
            
            if (keyPair is RSA)
            {
                RSAParameters keyParams = ((RSA)keyPair).ExportParameters(true);
                CryptokiCollection template = new CryptokiCollection();
                template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY));
                template.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_RSA));
                template.Add(new ObjectAttribute(ObjectAttribute.CKA_SUBJECT, cert.SubjectName.RawData));
                template.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "1"));
                template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "1"));
                template.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, false));
                template.Add(new ObjectAttribute(ObjectAttribute.CKA_MODULUS, keyParams.Modulus));
                template.Add(new ObjectAttribute(ObjectAttribute.CKA_PUBLIC_EXPONENT, keyParams.Exponent));
                template.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE_EXPONENT, keyParams.D));
                template.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
                template.Add(new ObjectAttribute(ObjectAttribute.CKA_MODIFIABLE, false));
                CryptokiObject priKey = session.Objects.Create(template);
            }

 

I get Error TEMPLATE_INCONSISTENT (Error 209)

i am using "C:\Program Files\SafeNet\LunaClient\cryptoki.dll"

 

 

 

 

5/11/2017 4:04:09 PM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: p12 import

Because NCryptoki is a wrapper to the underlying PKCS#11 module, the errors depends on such a module.

Anyway I think that in your case the problem is that you set two conflicting attributes:

template.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, false));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));

 

You set CKA_TOKEN false, i.e. the key must not be stored in the token and CKA_PRIVATE, i.e. the key must be kept private

try to set CKA_TOKEN to true,  

 

 

 

5/11/2017 8:58:51 PM
chenchen300
Gravatar
Total Posts 9
View Posts

Re: p12 import

Tried that, same result..

5/15/2017 10:55:29 AM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: p12 import

You problem is that the attributes you set is not completed for the Luna HSM.

Try to add this lines to better set the needed attributes:

template.Add(new ObjectAttribute(ObjectAttribute.CKA_EXTRACTABLE, false));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_DECRYPT, true));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_SIGN, true));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_UNWRAP, true));

Let me know

5/15/2017 12:52:52 PM
chenchen300
Gravatar
Total Posts 9
View Posts

Re: p12 import

Same result...

5/15/2017 3:21:44 PM
chenchen300
Gravatar
Total Posts 9
View Posts

Re: p12 import

My final goal is to store X.509 with it's private key in the HSM.

Should i try other approaches to achieve my goal?
 

You must sign in to post in the forums.