Dear Ugo,

I'm currently using your sample project as a basis for creating an AES CBC encryption key.  When it calls the generatekey on the session object it returns error number 112  MECHANISM_INVALID.  Am I missing an attribute for the key creation?  The code is posted below.

Thanks,

Jason Bogdanski

            // Creates a Cryptoki object related to the specific PKCS#11 native library
Cryptoki cryptoki = new Cryptoki(@"C:\Program Files\SafeNet\Protect Toolkit M\hsm\cryptoki.dll");

cryptoki.Initialize();

// Prints all information relating to the native library
CryptokiInfo info = cryptoki.Info;

// Reads the set of slots containing a token
SlotList slots = cryptoki.Slots;
if(slots.Count == 0)
{
Console.WriteLine("No slot available");
return;
}

// Gets the first slot available
Slot slot = slots.FirstOrDefault(x => x.Token.Info.Label.Trim() == "CRYPTON_Keyset");

// Prints all information relating to the slot
SlotInfo sinfo = slot.Info;

if(!slot.IsTokenPresent)
{
Console.WriteLine("No token inserted in the slot: " + slots[0].Info.Description);
return;
}

// Gets the first token available
Token token = slot.Token;

// Prints all information relating to the token
TokenInfo tinfo = token.Info;

// Opens a read/write serial session
Session session =
token.OpenSession(Session.CKF_SERIAL_SESSION | Session.CKF_RW_SESSION,
null,
null);

// Executes the login passing the user PIN
int nRes = session.Login(Session.CKU_USER, "password");
if (nRes != 0)
{
Console.WriteLine("Wrong PIN");
return;
}

Console.WriteLine("Logged in:" + session.IsLoggedIn);

CryptokiCollection templatePub = new CryptokiCollection();
templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_SECRET_KEY));
templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_AES));
templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_ENCRYPT, true));
templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_VALUE, 32));

Key keys1 = session.GenerateKey(Mechanism.AES_CBC, templatePub);

// Logouts and closes the session
session.Logout();
session.Close();
cryptoki.Finalize(IntPtr.Zero); 

Thanks Ugo,

I was able to generate the key, but now when I try to encrypt a message it returns the error number 145, OPERATION_NOT_INITIALIZED.  I'm am calling the EncryptInit before encryption.  Do I need to pass it an initialization vector for AES?  Here is the code below.

Thanks,

Jason

            CryptokiCollection templatePub = new CryptokiCollection();
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_SECRET_KEY));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_AES));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "JasonKey"));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "1"));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_ENCRYPT, true));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_DECRYPT, true));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_VALUE_LEN, 32));

            Key keys1 = session.GenerateKey(Mechanism.AES_KEY_GEN, templatePub);
            // Logouts and closes the session

            string helloworld = "Hello World";
            byte[] text = Encoding.ASCII.GetBytes(helloworld);

            // launches the encryption operation DES mechanism
            nRes = session.EncryptInit(Mechanism.AES_CBC, keys1);

            // computes the encryption
            byte[] encrypted = session.Encrypt(text);

            nRes = session.DecryptInit(Mechanism.AES_CBC, keys1);

            byte[] decrypted = session.Decrypt(encrypted);

            session.Logout();
            session.Close();
            cryptoki.Finalize(IntPtr.Zero); 

Hi Ugo,

That worked.  Thanks for your help.

Jason