<link>http://www.ncryptoki.com/forum.aspx</link> <description /> <docs>http://www.rssboard.org/rss-specification</docs> <generator>mojoPortal Forum module</generator> <item> <title>Re: RSA keypair generation on a LunaSA HSM Very good!

Many thanks for sharing your solution!

]]>
http://www.ncryptoki.com/Forums/Thread.aspx?pageid=9&t=91~-1#post440 dna http://www.ncryptoki.com/Forums/Thread.aspx?pageid= Thu, 14 Feb 2013 09:33:50 GMT Re: RSA keypair generation on a LunaSA HSM Okay so there was a couple of mistakes in my template.

 

1) The public exponent attribute needs to be a byte array

2) The attributes : CKA_SENSITIVE and CKA_EXTRACTABLE both provoke CKR_ATTRIBUTE_TYPE_INVALIDE (0x12)

 

Now everything is going fine!

Cheers

 

EDIT:

The topic can be closed

]]>
http://www.ncryptoki.com/Forums/Thread.aspx?pageid=9&t=91~-1#post439 dna http://www.ncryptoki.com/Forums/Thread.aspx?pageid= Thu, 14 Feb 2013 09:29:55 GMT
RSA keypair generation on a LunaSA HSM Hi there!

 

I'm currently trying to generate some RSA keypairs on a LunaSA HSM. However I keep getting a CKR_GENERAL_ERROR (0x5).

Here is the templates I'm using, note that I have tried multiple combinations of attributes but without success so far.

            CryptokiCollection templatePub = new CryptokiCollection();
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS,CryptokiObject.CKO_PUBLIC_KEY));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_SENSITIVE, false));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_MODIFIABLE, false));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_EXTRACTABLE, false));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_ENCRYPT, true));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_VERIFY, true));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_WRAP, true));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_DERIVE, false));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_MODULUS_BITS, 2048));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_PUBLIC_EXPONENT, 0x010001));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "60"));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "public key"));

            CryptokiCollection templatePri = new CryptokiCollection();
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_SENSITIVE, true));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_MODIFIABLE, false));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_EXTRACTABLE, false));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_DECRYPT, true));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_SIGN, true));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_UNWRAP, true));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_DERIVE, false));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "60"));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "private key"));

If any of you have some experience with the LunaSA or if I'm forgetting stuff in the template please let me know :)

Cheers

]]>
http://www.ncryptoki.com/Forums/Thread.aspx?pageid=9&t=91~-1#post435 dna http://www.ncryptoki.com/Forums/Thread.aspx?pageid= Fri, 08 Feb 2013 14:29:13 GMT