<link>http://www.ncryptoki.com/forum.aspx</link> <description /> <docs>http://www.rssboard.org/rss-specification</docs> <generator>mojoPortal Forum module</generator> <item> <title>Re: Create an Attribute Certificate object Oh, and the smart card is a G&D Sm@rt Cafe 3.1

]]>
http://www.ncryptoki.com/Forums/Thread.aspx?pageid=9&t=78~-1#post376 leopignataro http://www.ncryptoki.com/Forums/Thread.aspx?pageid= Sun, 25 Nov 2012 19:21:52 GMT Re: Create an Attribute Certificate object Thanks for the reply, Ugo.

 

I have tried with just those attributes suggested on the example contained in the PKCS#11 standard, and the result is still the same.

 

I am using SafeSign. The version of the PKCS#11 DLL (aetpkss1.dll) is 3.0.0.2299. Would you suggest an alternative?

]]>
http://www.ncryptoki.com/Forums/Thread.aspx?pageid=9&t=78~-1#post375 leopignataro http://www.ncryptoki.com/Forums/Thread.aspx?pageid= Sun, 25 Nov 2012 19:19:17 GMT
Re: Create an Attribute Certificate object The error TEMPLATE_INCONSISENT comes from the underlying PKCS#11. Usually it means that some of the attributes you set is not compliant with the others. Which PKCS#11 module are you using? 

Also, reading the page 79 of PKCS#11 2.20 specifications, the example in that page doesn't use MODIFIABLE attribute:

 

CK_ATTRIBUTE template[] = {
{CKA_CLASS, &class, sizeof(class)},
{CKA_CERTIFICATE_TYPE, &certType, sizeof(certType)};
{CKA_TOKEN, &true, sizeof(true)},
{CKA_LABEL, label, sizeof(label)-1},
{CKA_OWNER, owner, sizeof(owner)},
{CKA_VALUE, certificate, sizeof(certificate)}
};
]]>
http://www.ncryptoki.com/Forums/Thread.aspx?pageid=9&t=78~-1#post373 leopignataro http://www.ncryptoki.com/Forums/Thread.aspx?pageid= Sun, 25 Nov 2012 15:52:39 GMT
Re: Create an Attribute Certificate object Actually, I read in the PKCS#11 that the set of attributes is another one com completely. I am now using the following code:

 

   var certBytes = System.IO.File.ReadAllBytes(@"C:\Oak\Certs\AttributeCertificate.cer");
   var cert = AttributeCertificate.GetInstance(DerSequence.FromByteArray(certBytes));

   CryptokiCollection template = new CryptokiCollection();
   template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_CERTIFICATE));
   template.Add(new ObjectAttribute(ObjectAttribute.CKA_CERTIFICATE_TYPE, Certificate.CKC_X_509_ATTR_CERT));
   template.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
   template.Add(new ObjectAttribute(ObjectAttribute.CKA_MODIFIABLE, false));
   template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "AttCert"));
   template.Add(new ObjectAttribute(ObjectAttribute.CKA_OWNER, cert.ACInfo.Holder.GetEncoded()));
   template.Add(new ObjectAttribute(ObjectAttribute.CKA_AC_ISSUER, cert.ACInfo.Issuer.GetEncoded()));
   template.Add(new ObjectAttribute(ObjectAttribute.CKA_SERIAL_NUMBER, cert.ACInfo.SerialNumber.GetEncoded()));
   template.Add(new ObjectAttribute(ObjectAttribute.CKA_ATTR_TYPES, new DerSequence(new DerObjectIdentifier("2.5.4.72")).GetEncoded()));
   template.Add(new ObjectAttribute(ObjectAttribute.CKA_VALUE, certBytes));

   CryptokiObject certificate = session.Objects.Create(template);

 

However, the result is still the same. I have tried with various subsets of those attributes, but the result is always the same (error 209, TEMPLATE_INCONSISTENT)

]]>
http://www.ncryptoki.com/Forums/Thread.aspx?pageid=9&t=78~-1#post372 leopignataro http://www.ncryptoki.com/Forums/Thread.aspx?pageid= Sat, 24 Nov 2012 22:50:11 GMT
Create an Attribute Certificate object Hello.

 

I am trying to create an attribute certificate object in a smartcard. I have the following code. The AttributeCertificate class is from Bouncy Castle.

 

   var certBytes = System.IO.File.ReadAllBytes(@"C:\Oak\Certs\AttributeCertificate.cer");
   var cert = AttributeCertificate.GetInstance(DerSequence.FromByteArray(certBytes));

   CryptokiCollection template = new CryptokiCollection();
   template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_CERTIFICATE));
   template.Add(new ObjectAttribute(ObjectAttribute.CKA_CERTIFICATE_TYPE, Certificate.CKC_X_509_ATTR_CERT));
   template.Add(new ObjectAttribute(ObjectAttribute.CKA_SUBJECT, cert.ACInfo.Holder.GetEncoded()));
   template.Add(new ObjectAttribute(ObjectAttribute.CKA_ISSUER, cert.ACInfo.Issuer.GetEncoded()));
   template.Add(new ObjectAttribute(ObjectAttribute.CKA_SERIAL_NUMBER, cert.ACInfo.SerialNumber.GetEncoded()));
   template.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, 13));
   template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Certificado CAU"));
   template.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
   template.Add(new ObjectAttribute(ObjectAttribute.CKA_VALUE, certBytes));
   template.Add(new ObjectAttribute(ObjectAttribute.CKA_MODIFIABLE, false));

   CryptokiObject certificate = session.Objects.Create(template);

 

However, I get an exception in the last statement -- "Error n. 209" (TEMPLATE_INCONSISTENT)

 

I suspect that, for writing an attribute certificate, a different set of attributes must be set (I got those from the example on creating plain public key certificates), but I have no idea which attributes must be set.

 

Any ideas?

]]>
http://www.ncryptoki.com/Forums/Thread.aspx?pageid=9&t=78~-1#post371 leopignataro http://www.ncryptoki.com/Forums/Thread.aspx?pageid= Sat, 24 Nov 2012 20:17:00 GMT