hsm compatibility

10/10/2010 7:39:47 PM
Gravatar
Total Posts 6

Re: hsm compatibility

I managed to export the private keys from HSM by using security override.

What is the difference between C_Sign and C_SignRecover? As I read in the pkcs#11 docs, the second is a sign where the data can be recovered from the signature. I think I need this in my implementation, but the NCryptoki is returning code 112 from the SignRecoverInit operation (where I'm giving in the Mechanism.SHA1_RSA_PKCS and the private RSA key. If this method was successful, how can I recover the data from the signature? 

Thanks in advance, 
Pance

10/11/2010 9:08:15 AM
Gravatar
Total Posts 300
Ugo Chirico http://www.ugochirico.com

Re: hsm compatibility

error 112 (0x70) means CKR_MECHANISM_INVALID.
This means that the mechanism you used Mechanism.SHA1_RSA_PKCS is not valid for your HSM for SignRecover function.

The list of all errors with its meaning is in CryptokiException class.