Encrypt/Decrypt

You must sign in to post in the forums.
7/12/2011 4:49:28 PM
itziksaban
Gravatar
Total Posts 2
View Posts

Encrypt/Decrypt

Hi,

 

I'm planing to use NCryptoki and I'm doing some research. 

 

I have a question: To encrypt something, i first have to find the key and then supply it to the session.EncryptInit method.

When i find the key, does that mean that i have the key value, or only its describing details? Can a malice guy also find the key, copy it and send it abroad?

 

Thanks

7/12/2011 5:58:56 PM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: Encrypt/Decrypt

Hi,

When you find a key using the Find method you get an handle to the actual related object in the token/HSM. You can use such an handle in EncryptInit to encrypt something using that key.

Then you may ask for the key's attributes and its values by using the related properties.

Usually with the Key objects, the underlying PKCS#11 module and the token don't allow to read the sensitive private key values. Usually when you try to read the value of a private key the underlying PKCS#11 module returns the error CKR_ATTRIBUTE_SENSITIVE. This means that a malicious guy cannot read the sensitive private key values.

 

Regards,

Ugo Chirico

7/13/2011 1:37:07 PM
itziksaban
Gravatar
Total Posts 2
View Posts

Re: Encrypt/Decrypt

Hi Ugo,

 

Thanks for your quick reply - that well explained me the issue.

 

smiley

You must sign in to post in the forums.