Storing AES Key

You must sign in to post in the forums.
2/21/2013 10:09:27 AM
Miked982
Gravatar
Total Posts 3
View Posts

Storing AES Key

Hello,

I am able to create an AES secrect key on our HSM using:

 

 // Template to create an AES256
CryptokiCollection template = new CryptokiCollection();
template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_SECRET_KEY));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_AES));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, "666"));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "SecretKey"));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, false));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_ENCRYPT, true));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_DECRYPT, true));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_SENSITIVE, false));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_WRAP, false));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_VALUE_LEN, 32));
Key secretKey = session.GenerateKey(Mechanism.AES_KEY_GEN, template);

 

but I can't see how to make the key persist in order to back it up - is this a user or session problem or is the a specific Attribute I am missing.

 

Cheers,

Mike
 

2/22/2013 10:17:31 AM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: Storing AES Key

Hi,

to store the key in the HSM you should set the CKA_TOKEN attribute to true:

template.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));

 

2/22/2013 2:44:55 PM
Miked982
Gravatar
Total Posts 3
View Posts

Re: Storing AES Key

Thanks for that it worked.

2/27/2013 1:37:24 PM
Miked982
Gravatar
Total Posts 3
View Posts

Re: Storing AES Key

I have been told to move development environment - now using Windows Server 2012 with Visual Studios 2012 and I get stuck on this

 

Cryptoki cryptoki = new Cryptoki("C:\\Program Files (x86)\\nCipher\\nfast\\toolkits\\pkcs11\\cknfast-64.dll");
 

It fails with error code 193 SIGNATURE_LEN_RANGE, would you suspect this is an error with the cknfast-64.dll?

 

Cheers

2/27/2013 2:30:35 PM
Ugo Chirico
Gravatar
Total Posts 300
View Posts
Ugo Chirico http://www.ugochirico.com

Re: Storing AES Key

You are using a 32bit version of NCryptoki in your VS2012 64bit application.

If you compile your app for AnyCPU it runs as 64bit application and cannot load a 32bit dll.

you can either:

1) Change your target cpu to x86 and use the 32bit version of the underlyin PKCS#11 dll

or

2) use the 64bit version of NCryptoki. you will find it in the sdk folder

You must sign in to post in the forums.