Encryption RSA_PKCS

You must sign in to post in the forums.
12/6/2012 3:37:22 PM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: Encryption RSA_PKCS

try to add the attibutes:

CKA_ENCRYPT, true

in the public key template

and

CKA_DECRYPT, true

in the private key template

12/6/2012 3:47:45 PM
mger1974
Gravatar
Total Posts 17
View Posts

Re: Encryption RSA_PKCS

I added those parameters and received error No6 Function failed...

12/6/2012 3:48:29 PM
mger1974
Gravatar
Total Posts 17
View Posts

Re: Encryption RSA_PKCS

Dim templatePub As New CryptokiCollection()

templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PUBLIC_KEY))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_TOKEN, True))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_PRIVATE, False))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_LABEL, "MGERRSA"))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_ID, "1"))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_MODULUS_BITS, 1024))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_PUBLIC_EXPONENT, &H10001))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_ENCRYPT, True))

Dim templatePri As New CryptokiCollection()

templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY))
templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_TOKEN, True))
templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_PRIVATE, True))
templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_LABEL, "MGERRSA"))
templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_ID, "1"))
templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_DECRYPT, True))

Dim keys As Key() = session.GenerateKeyPair(Mechanism.RSA_PKCS_KEY_PAIR_GEN, templatePub, templatePri)

12/7/2012 11:44:02 AM
mger1974
Gravatar
Total Posts 17
View Posts

Re: Encryption RSA_PKCS

Hi, any progress on this problem??

12/10/2012 12:08:20 PM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: Encryption RSA_PKCS

PKCS#11 v2.20 specifications, pag. 95 states:

CKR_KEY_FUNCTION_NOT_PERMITTED: An attempt has been made to use a
key for a cryptographic purpose that the key’s attributes are not set to allow it to do.
For example, to use a key for performing encryption, that key must have its
CKA_ENCRYPT attribute set to CK_TRUE (the fact that the key must have a
CKA_ENCRYPT attribute implies that the key cannot be a private key). This return
value has lower priority than CKR_KEY_TYPE_INCONSISTENT.

 

When do you get error 6 (FUNCTION_FAILED)?

12/10/2012 1:14:32 PM
mger1974
Gravatar
Total Posts 17
View Posts

Re: Encryption RSA_PKCS

Hi, I get it when running this:

 

Dim templatePub As New CryptokiCollection()

templatePub = New CryptokiCollection()
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PUBLIC_KEY))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_TOKEN, True))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_PRIVATE, False))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_LABEL, "MGERRSA"))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_ID, "1"))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_MODULUS_BITS, 1024))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_PUBLIC_EXPONENT, &H10001))
templatePub.Add(New ObjectAttribute(ObjectAttribute.CKA_ENCRYPT, True))

Dim templatePri As New CryptokiCollection()

templatePri = New CryptokiCollection()
templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY))
templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_TOKEN, True))
templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_PRIVATE, True))
templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_LABEL, "MGERRSA"))
templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_ID, "1"))
templatePri.Add(New ObjectAttribute(ObjectAttribute.CKA_DECRYPT, True))

Dim keys As Key() = session.GenerateKeyPair(Mechanism.RSA_PKCS_KEY_PAIR_GEN, templatePub, templatePri)

 

it fails on the GenerateKeyPair statement

12/13/2012 11:11:44 AM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: Encryption RSA_PKCS

it is very strange. this means that the underlying PKCS#11 don't want CKA_ENCRYPT or CKA_DECRYPT for the public or private key.
Try to set only one of them, for example remove CKA_DECRYPT in the private key template.
You must sign in to post in the forums.