How to get the public key from Certificate

10/15/2011 2:20:54 PM
Gravatar
Total Posts 6

How to get the public key from Certificate

Hi Ugo,

I have p12 file. When i copy it to the etoken , i have 2 objects in store X509 certificate and private RSA key. To crypting data i must have public key. The x509 certificate contains the public key , but i can not convert it to NCriptoki PublicKey.
Where i can get Public key?

 

Thanks
 

10/15/2011 2:39:48 PM
Gravatar
Total Posts 300
Ugo Chirico http://www.ugochirico.com

Re: How to get the public key from Certificate

Hi,

the NCryptoki PublicKey object is a link to the real Public Key inside the token while the Certificate Object is a link to the actual certificate inside the token. You cannot convert a Certificate object to a PublicKey object. If you need to do public key encryption you can use the Certificate object, converting it to X509Certificate2 by using the conversion function in Utility class and then you can use that X509Certificate2 object to encrypt something by the public key.

Regards,

Ugo

10/15/2011 3:00:48 PM
Gravatar
Total Posts 6

Re: How to get the public key from Certificate

Thanks for answer . Realy, I can encrypt data using x509 Certificate2. But when i try decrypt data using NCrytoki Private Key (function session.DecryptInit()
session.Decrypt()) i get error message

what i doing wrong

thanks

10/16/2011 9:35:31 AM
Gravatar
Total Posts 300
Ugo Chirico http://www.ugochirico.com

Re: How to get the public key from Certificate

What error are you getting? I mean the error code

10/17/2011 1:45:41 PM
Gravatar
Total Posts 6

Re: How to get the public key from Certificate

Ugo, many thanks, it worked !

11/15/2011 12:05:22 PM
Gravatar
Total Posts 6

Re: How to get the public key from Certificate

Hi there!

 

I got a question about this issue.

I got a x509 Certificate on a smartcard which I converted as mentioned above.

Using this method I get the public key as a byte[]. Is there any way I can initialize a PublicKey object using that byte[] to use the smartcard session to encrypt or do I have to use the CSP from the Windows Crypto API?

 

Greetings

Stephan

11/15/2011 3:23:44 PM
Gravatar
Total Posts 300
Ugo Chirico http://www.ugochirico.com

Re: How to get the public key from Certificate

Yes, you can use the public key as byte[] to encrypt some text by using a PublicKey object.

You should create a public key session object (I mean not a token object stored in the token) and use it to encrypt.
You can use the Create method passing a template for a public key by setting CKA_TOKEN attribute to false

11/23/2011 10:29:21 AM
Gravatar
Total Posts 6

Re: How to get the public key from Certificate

I have some problems creating the Object with the given byte[].

At the moment it looks like this:

 

System.Security.Cryptography.X509Certificates.X509Certificate2 x509cert = Cryptware.NCryptoki.Utils.ConvertCertificate((X509Certificate)certs[0]);
byte[] x509key = x509cert.GetPublicKey();

 

CryptokiCollection template = new CryptokiCollection();
template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PUBLIC_KEY));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, false));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, false));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "Key"));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "1"));

 

I'm missing the understanding of how to create the Key object using the key which I read from the certificate, as the EncryptInit required a Key Object.

 

Stephan

11/23/2011 3:51:49 PM
Gravatar
Total Posts 6

Re: How to get the public key from Certificate

Ok, I'm a little further now:

 

I managed to extract the modulus and the exponent of the public key, both represented as byte[].

The exponent in my example is a byte[] of length 4, the modulus of length 172.

What does the template have to contain to create the key?

I always get FUNCTION_FAILED, even using the template from your examples.

11/25/2011 11:09:10 AM
Gravatar
Total Posts 6

Re: How to get the public key from Certificate

Even though it might look like spamming, I could narrow down the problem a little.

I tried adding single items to the template and it kept working until I added the public exponent.

Am I missing something?

I'm getting the modulus and the exponent by exporting it to a xml string and reading the values between the brackets.

11/25/2011 12:26:48 PM
Gravatar
Total Posts 300
Ugo Chirico http://www.ugochirico.com

Re: How to get the public key from Certificate

How are you creating the public key object? Which template are you using?

And also, what native PKCS#11 are you using?

11/25/2011 1:03:50 PM
Gravatar
Total Posts 6

Re: How to get the public key from Certificate

CryptokiCollection template = new CryptokiCollection();
template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PUBLIC_KEY));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_RSA));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_WRAP, false));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_DERIVE, false));

template.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, false));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, false));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "keyname"));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "12"));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_ENCRYPT, true));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_PUBLIC_EXPONENT, exponent));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_MODULUS, modulus));

CryptokiObject pubKey = session.Objects.Create(template);

 

exponent and modulus are forementioned byte arrays.

 

I'm using cmP11.dll from Charismathics.

I tried OpenSC but it doesn't support encryption so I'm a little helpless.

11/30/2011 4:07:41 PM
Gravatar
Total Posts 6

Re: How to get the public key from Certificate

Ok, I finally got it working.

The exponent and modulus were encoded so the lengths didn't match to create a working key object.

Here the code snippet which exports the values, hope it helps if someone else encounters the same problem.

 

System.Security.Cryptography.X509Certificates.X509Certificate2 x509cert = Cryptware.NCryptoki.Utils.ConvertCertificate((X509Certificate)certs[0]);


byte[] hexponent = null;
byte[] hmodulus = null;
RSACryptoServiceProvider helpkey = x509cert.PublicKey.Key as RSACryptoServiceProvider;
if (helpkey != null)
{
RSAParameters parameters = helpkey.ExportParameters(false);
hexponent = parameters.Exponent;
hmodulus = parameters.Modulus;
}

 

where certs is a CryptokiCollection.

5/22/2014 8:58:21 AM
Gravatar
Total Posts 8

How to export the public key to a file

Hi, 

I have generated the key pairs using these codes 

CryptokiCollection templatePub = new CryptokiCollection();
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PUBLIC_KEY));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "PUKey"));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "1"));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_MODULUS_BITS, 1024));

            CryptokiCollection templatePri = new CryptokiCollection();
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "PRKey"));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "1"));

            //Generate the key pair
            Key[] keys = session.GenerateKeyPair(Mechanism.RSA_PKCS_KEY_PAIR_GEN, templatePub, templatePri);
            RSAPrivateKey privateKey = (RSAPrivateKey)keys[1];
            RSAPublicKey publicKey = (RSAPublicKey)keys[0];

Now How can i export this public key to a file. ?