Creating X509 certificates

Forum > NCryptoki Forum > Creating X509 certificates

Creating X509 certificates

You must sign in to post in the forums.

10/17/2012 9:39:15 AM

hyfakih

Total Posts 13

View Posts

Creating X509 certificates

byte[] data = new byte[512];
RNGCryptoServiceProvider rng = new RNGCryptoServiceProvider();
rng.GetNonZeroBytes(data);

CryptokiCollection template = new CryptokiCollection();
template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_CERTIFICATE));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_SUBJECT, "hello world"));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_ISSUER, "Company Name"));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_SERIAL_NUMBER, "96663-121212-qwewqe-213123"));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, 1));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Cert-1"));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_VALUE, data));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_EXTRACTABLE, true));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_MODULUS_BITS, 4096));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_MODIFIABLE, true));
CryptokiObject certificate = session.Objects.Create(template);

return (Cryptware.NCryptoki.X509Certificate)certificate;

and it is showing error n.18

10/17/2012 10:42:35 AM

Ugo Chirico

Total Posts 300

View Posts

Ugo Chirico http://www.ugochirico.com

Re: Creating X509 certificates

You are a bit confused.
In the template for generating a certificate, in the CKA_VALUE you should set a DER encoded X509 certificate not a random number.
Also, you set some attributes that are not valid for a certificate, such as MODULUS_BIT.

If you want to generate a key pair you should use the generateKeyPair method.
Then, to generate a certificate you should call a CA.

You must sign in to post in the forums.