I managed to export the private keys from HSM by using security override. What is the difference between C_Sign and C_SignRecover? As I read in the pkcs#11 docs, the second is a sign where the data can be recovered from the signature. I think I need this in my implementation, but the NCryptoki is returning code 112 from the SignRecoverInit operation (where I'm giving in the Mechanism.SHA1_RSA_PKCS and the private RSA key. If this method was successful, how can I recover the data from the signature? Thanks in advance, Pance
error 112 (0x70) means CKR_MECHANISM_INVALID. This means that the mechanism you used Mechanism.SHA1_RSA_PKCS is not valid for your HSM for SignRecover function.
The list of all errors with its meaning is in CryptokiException class.