导入RSA密钥的Alladin eToken错误
作者:互联网
我正在将SafeNet的(Alladin)eToken与PKCS11接口连接到C#.
我需要将没有eToken创建的RSA密钥导入到eToken中.
RSA密钥的创建通过以下方式完成:
RSACryptoServiceProvider RSA = new RSACryptoServiceProvider();
RSAParameters publicKey = RSA.ExportParameters(false);
RSAParameters privateKey = RSA.ExportParameters(true);
eTokenHelper.WritePrivateKeyToToken(session, privateKey, "private");
并且上面的WritePrivateKeyToToken的实现是:
public static void WritePrivateKeyToToken(PKCS11.Session session, System.Security.Cryptography.RSAParameters publicParams, string label)
{
List<PKCS11.Attribute> attList = new List<PKCS11.Attribute>{};
attList.Add(new PKCS11.Attribute(PKCS11.CKA_CLASS, PKCS11.CKO_PRIVATE_KEY));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_KEY_TYPE, PKCS11.CKK_RSA));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_PRIVATE, true));
//attList.Add(new PKCS11.Attribute(PKCS11.CKA_SUBJECT, cert.SubjectName.RawData));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_ID, 0xa1));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_LABEL, label));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_TOKEN, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_MODULUS, publicParams.Modulus));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_PUBLIC_EXPONENT, publicParams.Exponent));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_PRIVATE_EXPONENT, publicParams.D));
// attList.Add(new ObjectAttribute(PKCS11.CKH_CLOCK, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_MODIFIABLE, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_LOCAL, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_EXTRACTABLE, false));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_NEVER_EXTRACTABLE, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_SENSITIVE, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_ALWAYS_SENSITIVE, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_DERIVE, false));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_LOCAL, false));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_DECRYPT, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_SIGN, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_SIGN_RECOVER, false));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_UNWRAP, false));
PKCS11.Object.Create(session, attList.ToArray());
}
当我运行此代码时,我得到了代码异常
public const int CKR_TEMPLATE_INCONSISTENT = 0x000000D1;
(例外出现在最后一行:Create()).
在理解我做错了什么方面,我将不胜感激.
谢谢,
罗嫩
解决方法:
我有问题顺便说一下,您在代码中两次设置了属性PKCS11.CKA_LOCAL.它不是核心.不要设置属性PKCS11.CKA_LOCAL-它是自动设置的.如果设置为PKCS11.SENSITIVE,则无法设置CKA_EXTRACTABLE,CKA_NEVER_EXTRACTABLE和CKA_ALWAYS_SENSITIVE.
此代码应工作:
List<PKCS11.Attribute> attList = new List<PKCS11.Attribute>{};
attList.Add(new PKCS11.Attribute(PKCS11.CKA_CLASS, PKCS11.CKO_PRIVATE_KEY));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_KEY_TYPE, PKCS11.CKK_RSA));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_PRIVATE, true));
//attList.Add(new PKCS11.Attribute(PKCS11.CKA_SUBJECT, cert.SubjectName.RawData));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_ID, 0xa1));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_LABEL, label));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_TOKEN, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_MODULUS, publicParams.Modulus));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_PUBLIC_EXPONENT, publicParams.Exponent));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_PRIVATE_EXPONENT, publicParams.D));
// attList.Add(new ObjectAttribute(PKCS11.CKH_CLOCK, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_MODIFIABLE, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_SENSITIVE, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_DERIVE, false));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_DECRYPT, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_SIGN, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_SIGN_RECOVER, false));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_UNWRAP, false));
PKCS11.Object.Create(session, attList.ToArray());
标签:pkcs11,rsa,c,e-token 来源: https://codeday.me/bug/20191122/2061055.html