Wrong PKCS10 / CSR

You must sign in to post in the forums.
4/24/2012 7:58:16 PM
rodriguez
Gravatar
Total Posts 2
View Posts

Wrong PKCS10 / CSR

Hi Ugo,

I'm trying to develop a function that returns a CSR with PKCS#10 specification in C#.

 

Through documentation and wiki I was able to create the key pair, from smartcard, and a 'base 64' CSR string with the following code.

After creating the CSR I tried to verify the correctness of the string with some tools that can be found online but the check fails...

 

I 'm a newbie about certification request and I have simply copied the code from the documentation.

Can you tell me if there are any errors in my code???

Thank you

Mike

 

THE CODE:

           Cryptoki cryptoki = new Cryptoki("bit4ipki.dll");

            cryptoki.Initialize();

            Session session = cryptoki.Slots[0].Token.OpenSession(Session.CKF_SERIAL_SESSION | Session.CKF_RW_SESSION, null, null);
            session.Login(Session.CKU_USER, "12345");

            CryptokiCollection templatePub = new CryptokiCollection();
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PUBLIC_KEY));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, false));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Test PuKey"));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "1"));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_MODULUS_BITS, 1024));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_PUBLIC_EXPONENT, 0x010001));

            CryptokiCollection templatePri = new CryptokiCollection();
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Test PrKey"));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "1"));

            Key[] keys = session.GenerateKeyPair(Mechanism.RSA_PKCS_KEY_PAIR_GEN, templatePub, templatePri);
            RSAPrivateKey privateKey = (RSAPrivateKey)keys[1];
            RSAPublicKey publicKey = (RSAPublicKey)keys[0];


            CertificationRequestInfo reqInfo = new CertificationRequestInfo(
                new X509Name("OU=Test Mike DS, L=MyCity, T=Doctor, SERIALNUMBER=1234567890, O=CGN, C=IT, E=test@gmail.com, CN=Mike"),
                new SubjectPublicKeyInfo(new AlgorithmIdentifier(X509ObjectIdentifiers.IdEARsa, DerNull.Instance),
                new RsaPublicKeyStructure(new BigInteger(1, publicKey.Modulus), new BigInteger(1, publicKey.PublicExponent))
                .GetDerEncoded()), null);

             session.SignInit(Mechanism.SHA1_RSA_PKCS, privateKey);

             byte[] signature = session.Sign(reqInfo.GetDerEncoded());

             CertificationRequest pkcs10 = new CertificationRequest(
             reqInfo,
             new AlgorithmIdentifier(Org.BouncyCastle.Asn1.Pkcs.PkcsObjectIdentifiers.Sha1WithRsaEncryption, DerNull.Instance),
             new DerBitString(signature));

             string csr = System.Convert.ToBase64String(pkcs10.GetDerEncoded()); 

4/25/2012 7:45:51 PM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: Wrong PKCS10 / CSR

It seems the you used the wrong algo in your SubjectPublicKeyInfo in CertificationRequestInfo

The algo must be PkcsObjectIdentifiers.RsaEncryption.

See the documentation in the wiki:

http://wiki.ncryptoki.com/How-to-generate-a-PKCS-10-certification-request-in-C.ashx?NoRedirect=1

4/26/2012 7:43:05 PM
rodriguez
Gravatar
Total Posts 2
View Posts

Re: Wrong PKCS10 / CSR

You are right. I haven't seen it. Thank you

You must sign in to post in the forums.