Encryption RSA_PKCS

You must sign in to post in the forums.
12/6/2012 11:48:00 AM
mger1974
Gravatar
Total Posts 17
View Posts

Encryption RSA_PKCS

Hi

I have problems to encrypt a string. see my code below.

I get the following Error message when trying.

 

OPERATION_NOT_INITIALIZED

Error n. 145

at Cryptware.NCryptoki.Session.Encrypt(Byte[] data)
at RSA_HSM.Contracts.V1.SessionKey.GetSessionKey.GetSessionKey(GetSessionKeyRequest Request) in C:\BCS\Windows Applications\Web\RSA HSM\RSA HSM\GetSessionKey\GetSessionKey.vb:line 109

 

Code

===

If objects.Count > 0 Then
privateKey = CType(objects(objects.Count - 1), RSAPrivateKey)


template = New CryptokiCollection()
template.Add(New ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PUBLIC_KEY))
template.Add(New ObjectAttribute(ObjectAttribute.CKA_LABEL, "MGERRSA"))
template.Add(New ObjectAttribute(ObjectAttribute.CKA_ID, "1"))

objects = session.Objects.Find(template, 1)
publicKey = CType(objects(0), RSAPublicKey)

MsgBox(publicKey.KeyType.ToString() + " " + publicKey.KeyTypeName.ToString())

Dim text(1024) As Byte
Dim encrypted() As Byte

text = Encoding.ASCII.GetBytes(TotalString)

nRes = session.EncryptInit(Mechanism.RSA_PKCS, privateKey)

encrypted = session.Encrypt(text)

End If

Best regards

Magnus

12/6/2012 11:48:56 AM
mger1974
Gravatar
Total Posts 17
View Posts

Re: Encryption RSA_PKCS

'Dim templatePub As New CryptokiCollection()

'templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PUBLIC_KEY))
'templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_TOKEN, True))
'templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_PRIVATE, False))
'templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_LABEL, "MGERRSA"))
'templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_ID, "1"))
'templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_MODULUS_BITS, 1024))
'templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_PUBLIC_EXPONENT, &H10001))

'Dim templatePri As New CryptokiCollection()

'templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY))
'templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_TOKEN, True))
'templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_PRIVATE, True))
'templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_LABEL, "MGERRSA"))
'templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_ID, "1"))


'Dim keys As Key() = session.GenerateKeyPair(Mechanism.RSA_PKCS_KEY_PAIR_GEN, templatePub, templatePri)

12/6/2012 11:51:54 AM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: Encryption RSA_PKCS

usually you cannot encrypt by private Key. Encryption must be done by public key.

If you check the return value of this call:

nRes = session.EncryptInit(Mechanism.RSA_PKCS, privateKey)

you will see that nRes is not 0

12/6/2012 12:51:57 PM
mger1974
Gravatar
Total Posts 17
View Posts

Re: Encryption RSA_PKCS

Hi, thanks for the quick reply.

 

I changed it so that I encrypt with publicKey instead, but I still get the same errormessage

12/6/2012 1:57:42 PM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: Encryption RSA_PKCS

What is the value of nRes after this call:

nRes = session.EncryptInit(Mechanism.RSA_PKCS, publicKey);

12/6/2012 2:01:41 PM
mger1974
Gravatar
Total Posts 17
View Posts

Re: Encryption RSA_PKCS

hi,

 

the value of nres is 104

12/6/2012 2:40:22 PM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

1Re: Encryption RSA_PKCS

104 means CKR_KEY_FUNCTION_NOT_PERMITTED

This means that with your token you cannot encrypt using the given mechanism with the given key.

12/6/2012 3:13:18 PM
mger1974
Gravatar
Total Posts 17
View Posts

Re: Encryption RSA_PKCS

OK, thanks for the answer.

 

Is there any way to find out what can be be done (what mechanisms) with my token?

12/6/2012 3:14:38 PM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: Encryption RSA_PKCS

This depends on what you have to do.

What kind of encryption you have to do?

What kind of data you need to encrypt?

12/6/2012 3:28:20 PM
mger1974
Gravatar
Total Posts 17
View Posts

Re: Encryption RSA_PKCS

well, we would like to use the RSA_PKCS mechanism. is there something in the key creation phase that needs to be set apart from the basics that are provided in 2nd post to make that happen, is there something that is missed out?

the data we need to encrypt is string consisting of various parts (date, time, randomnumber, socsec no)... around 37 chars long

 

12/6/2012 3:37:22 PM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: Encryption RSA_PKCS

try to add the attibutes:

CKA_ENCRYPT, true

in the public key template

and

CKA_DECRYPT, true

in the private key template

12/6/2012 3:47:45 PM
mger1974
Gravatar
Total Posts 17
View Posts

Re: Encryption RSA_PKCS

I added those parameters and received error No6 Function failed...

12/6/2012 3:48:29 PM
mger1974
Gravatar
Total Posts 17
View Posts

Re: Encryption RSA_PKCS

Dim templatePub As New CryptokiCollection()

templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PUBLIC_KEY))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_TOKEN, True))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_PRIVATE, False))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_LABEL, "MGERRSA"))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_ID, "1"))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_MODULUS_BITS, 1024))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_PUBLIC_EXPONENT, &H10001))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_ENCRYPT, True))

Dim templatePri As New CryptokiCollection()

templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY))
templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_TOKEN, True))
templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_PRIVATE, True))
templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_LABEL, "MGERRSA"))
templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_ID, "1"))
templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_DECRYPT, True))

Dim keys As Key() = session.GenerateKeyPair(Mechanism.RSA_PKCS_KEY_PAIR_GEN, templatePub, templatePri)

12/7/2012 11:44:02 AM
mger1974
Gravatar
Total Posts 17
View Posts

Re: Encryption RSA_PKCS

Hi, any progress on this problem??

12/10/2012 12:08:20 PM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: Encryption RSA_PKCS

PKCS#11 v2.20 specifications, pag. 95 states:

CKR_KEY_FUNCTION_NOT_PERMITTED: An attempt has been made to use a
key for a cryptographic purpose that the key’s attributes are not set to allow it to do.
For example, to use a key for performing encryption, that key must have its
CKA_ENCRYPT attribute set to CK_TRUE (the fact that the key must have a
CKA_ENCRYPT attribute implies that the key cannot be a private key). This return
value has lower priority than CKR_KEY_TYPE_INCONSISTENT.

 

When do you get error 6 (FUNCTION_FAILED)?

12/10/2012 1:14:32 PM
mger1974
Gravatar
Total Posts 17
View Posts

Re: Encryption RSA_PKCS

Hi, I get it when running this:

 

Dim templatePub As New CryptokiCollection()

templatePub = New CryptokiCollection()
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PUBLIC_KEY))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_TOKEN, True))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_PRIVATE, False))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_LABEL, "MGERRSA"))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_ID, "1"))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_MODULUS_BITS, 1024))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_PUBLIC_EXPONENT, &H10001))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_ENCRYPT, True))

Dim templatePri As New CryptokiCollection()

templatePri = New CryptokiCollection()
templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY))
templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_TOKEN, True))
templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_PRIVATE, True))
templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_LABEL, "MGERRSA"))
templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_ID, "1"))
templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_DECRYPT, True))

Dim keys As Key() = session.GenerateKeyPair(Mechanism.RSA_PKCS_KEY_PAIR_GEN, templatePub, templatePri)

 

it fails on the GenerateKeyPair statement

12/13/2012 11:11:44 AM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: Encryption RSA_PKCS

it is very strange. this means that the underlying PKCS#11 don't want CKA_ENCRYPT or CKA_DECRYPT for the public or private key.
Try to set only one of them, for example remove CKA_DECRYPT in the private key template.
You must sign in to post in the forums.