vendredi 23 janvier 2015

HSM: creating new key using NCryptoki



I'm working with the NCryptoki dll (http://ift.tt/1E9EJts)


I'm new to this dll and I'm trying to do some stuff.


Now I'm trying to create a new DES CBC key. I have write this, but it is giving me some issues:



public static int createKeyDES(string label, byte[] value, int locked)
{
    try
    {
        if (label.Length != 8)
            return ERROR_INVALID_NEW_LABEL_LEN;  ---> my custom error
        bool blockedt = false;
        bool blockedf = false;
        if (locked == 1)
            blockedt = true;
        else
            blockedf = true;

        CryptokiCollection templatePub = new CryptokiCollection();
        template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_SECRET_KEY));
        template.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
        template.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
        template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, label));
        template.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_DES)); //DES
        template.Add(new ObjectAttribute(ObjectAttribute.CKA_DECRYPT, true));
        template.Add(new ObjectAttribute(ObjectAttribute.CKA_ENCRYPT, true));
        template.Add(new ObjectAttribute(ObjectAttribute.CKA_EXTRACTABLE, blockedf));
        template.Add(new ObjectAttribute(ObjectAttribute.CKA_MODIFIABLE, blockedf));
        template.Add(new ObjectAttribute(ObjectAttribute.CKA_ALWAYS_SENSITIVE, blockedt));
        template.Add(new ObjectAttribute(ObjectAttribute.CKA_SENSITIVE, blockedt));
        template.Add(new ObjectAttribute(ObjectAttribute.CKA_NEVER_EXTRACTABLE, blockedt));
        template.Add(new ObjectAttribute(ObjectAttribute.CKA_VALUE, value));
        //template.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "1"));

        session.GenerateKey(Mechanism.XXX, template);  <----- WHICH MECHANISM HERE?? 

        return OK_RESPONSE;
    }
    catch (Exception e)
    {
         Console.WriteLine(e.ToString());
         return -1;
    }
}


I think (hope) the error is only in session.generateKey, where I don't know which mechanism I have to insert for create a DES CBC key.


I have try CKM_DES_CBC, but it is an int, not a Mechanism object. I have tried GENERIC_SECRET_KEY_GEN, but it gives me error 208 (incomplete template).


How can I reach my goal and create a new DES CBC key?


And if I write:



session.GenerateKey(new Mechanism(Mechanism.CKM_DES_CBC, null), templatePub);


I get error 122 (CKR_MECHANISM_INVALID).


So, how can I create a new key, passing the value and the new label? Where is/are my mistake(s)?





Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)