RSA keypair generation on a LunaSA HSM

You must sign in to post in the forums.
2/8/2013 3:29:13 PM
dna
Gravatar
Total Posts 5
View Posts

RSA keypair generation on a LunaSA HSM

Hi there!

 

I'm currently trying to generate some RSA keypairs on a LunaSA HSM. However I keep getting a CKR_GENERAL_ERROR (0x5).

Here is the templates I'm using, note that I have tried multiple combinations of attributes but without success so far.

            CryptokiCollection templatePub = new CryptokiCollection();
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS,CryptokiObject.CKO_PUBLIC_KEY));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_SENSITIVE, false));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_MODIFIABLE, false));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_EXTRACTABLE, false));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_ENCRYPT, true));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_VERIFY, true));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_WRAP, true));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_DERIVE, false));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_MODULUS_BITS, 2048));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_PUBLIC_EXPONENT, 0x010001));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "60"));
            templatePub.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "public key"));

            CryptokiCollection templatePri = new CryptokiCollection();
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_PRIVATE_KEY));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_SENSITIVE, true));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_MODIFIABLE, false));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_EXTRACTABLE, false));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_DECRYPT, true));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_SIGN, true));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_UNWRAP, true));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_DERIVE, false));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "60"));
            templatePri.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "private key"));

If any of you have some experience with the LunaSA or if I'm forgetting stuff in the template please let me know :)

Cheers

2/14/2013 10:29:55 AM
dna
Gravatar
Total Posts 5
View Posts

Re: RSA keypair generation on a LunaSA HSM

Okay so there was a couple of mistakes in my template.

 

1) The public exponent attribute needs to be a byte array

2) The attributes : CKA_SENSITIVE and CKA_EXTRACTABLE both provoke CKR_ATTRIBUTE_TYPE_INVALIDE (0x12)

 

Now everything is going fine!

Cheers

 

EDIT:

The topic can be closed

2/14/2013 10:33:50 AM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: RSA keypair generation on a LunaSA HSM

Very good!

Many thanks for sharing your solution!

You must sign in to post in the forums.