We're using a Thales HSM, and trialing your library to help with a project to encrypt and decrypt data using AES.
I generate a key using the following code:
CryptokiCollection template = new CryptokiCollection(); template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_SECRET_KEY)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_AES)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, keyLabel)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "1")); template.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_ENCRYPT, true)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_DECRYPT, true)); template.Add(new ObjectAttribute(ObjectAttribute.CKA_VALUE_LEN, 32));
Key key = _session.GenerateKey(Mechanism.AES_KEY_GEN, template);
I have a need to query the CKA_NFKM_ID attribute of the newly generated key at this point.
How should I do this?
Kind regards,
Further information:
CKA_NFKM_ID is a nShield specific attribute. I can use C_GetAttributeValue to get the value of this attribute.
Hi Scott,
do you know the integer value of CKA_NFKM_ID?
if so you can use it in this way:
key.Attributes[CKA_NFKM_ID]
if not I just contacted thales techy guys to know that value. let me know...
Thanks Ugo.
With the following constants defined:
private const uint CKA_VENDOR_DEFINED = 0x80000000; private const ulong NFCK_VENDOR_NCIPHER = 0xde436972UL; private const ulong CKA_NCIPHER = CKA_VENDOR_DEFINED | NFCK_VENDOR_NCIPHER; private const uint CKA_ID = 0x00000102; public const long CKA_NFKM_ID = (long)(CKA_NCIPHER + CKA_ID);
I was able to add the following lines of code:
ObjectAttribute keyFileNameAttribute = key.Attributes[unchecked((int)SymmetricWrapper.CKA_NFKM_ID)]; string nfkmid = System.Text.Encoding.ASCII.GetString(keyFileNameAttribute.RawValue);
Perfect.
Thanks for your help.