Store Certificate from PEM

11/8/2010 3:14:13 PM
Total Posts 1

Store Certificate from PEM

Dear Ugo,


I am currently testing your demo wrapper as basis for our new card production coming up next year. I have already initialized the card an generated a key pair. Now i want to store the issued certificate on the token.

My snippet looks like :


Session session = token.OpenSession((int)Session.CKF_SERIAL_SESSION,null,null);


X509Certificate2 cert = new X509Certificate2(Convert.FromBase64String(certPEM));

CryptokiCollection template = new CryptokiCollection();
template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_CERTIFICATE));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, false));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "MyLabel"));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "E"));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_SUBJECT, cert.SubjectName.RawData));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_ISSUER, cert.Issuer));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_SERIAL_NUMBER,cert.SerialNumber));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_VALUE, cert.RawData));

CryptokiObject certificate = session.Objects.Create(template);


I always get the Exception TEMPLATE_INCOMPLETE when using the above code.

Another Problem I currently have is setting the id for a key/certificate correctly. i want to have id(hex) 45. Why do I have to submit "E" as value for hex45?


Thank you in advance

Ingmar Göhr


11/8/2010 4:38:13 PM
Total Posts 300
Ugo Chirico

Re: Store Certificate from PEM


the attributes needed by a token to create an X509Certificate depends on the token itself. A template may be valid for a token and may be not valid for another kind of token.

In your case may be your token requires the attributes


Try to add this line in your template:

template.Add(new ObjectAttribute(ObjectAttribute.CKA_CERTIFICATE_TYPE, Certificate.CKC_X_509));

If this still doesn't work you should try with a different set of attributes in the template.
See this page on ncryptoki wiki to know what are the other attributes you can use for a certificate:



Ugo Chirico