其他分享
首页 > 其他分享> > 导入RSA密钥的Alladin eToken错误

导入RSA密钥的Alladin eToken错误

作者:互联网

我正在将SafeNet的(Alladin)eToken与PKCS11接口连接到C#.
我需要将没有eToken创建的RSA密钥导入到eToken中.

RSA密钥的创建通过以下方式完成:

RSACryptoServiceProvider RSA = new RSACryptoServiceProvider();
RSAParameters publicKey = RSA.ExportParameters(false);
RSAParameters privateKey = RSA.ExportParameters(true);
eTokenHelper.WritePrivateKeyToToken(session, privateKey, "private");

并且上面的WritePrivateKeyToToken的实现是:

public static void WritePrivateKeyToToken(PKCS11.Session session, System.Security.Cryptography.RSAParameters publicParams, string label)
    {

        List<PKCS11.Attribute> attList = new List<PKCS11.Attribute>{};


        attList.Add(new PKCS11.Attribute(PKCS11.CKA_CLASS, PKCS11.CKO_PRIVATE_KEY));
        attList.Add(new PKCS11.Attribute(PKCS11.CKA_KEY_TYPE, PKCS11.CKK_RSA));
        attList.Add(new PKCS11.Attribute(PKCS11.CKA_PRIVATE, true));
        //attList.Add(new PKCS11.Attribute(PKCS11.CKA_SUBJECT, cert.SubjectName.RawData));
        attList.Add(new PKCS11.Attribute(PKCS11.CKA_ID, 0xa1));
        attList.Add(new PKCS11.Attribute(PKCS11.CKA_LABEL, label));
        attList.Add(new PKCS11.Attribute(PKCS11.CKA_TOKEN, true));
        attList.Add(new PKCS11.Attribute(PKCS11.CKA_MODULUS, publicParams.Modulus));
        attList.Add(new PKCS11.Attribute(PKCS11.CKA_PUBLIC_EXPONENT, publicParams.Exponent));
        attList.Add(new PKCS11.Attribute(PKCS11.CKA_PRIVATE_EXPONENT, publicParams.D));
        // attList.Add(new ObjectAttribute(PKCS11.CKH_CLOCK, true));
        attList.Add(new PKCS11.Attribute(PKCS11.CKA_MODIFIABLE, true));
        attList.Add(new PKCS11.Attribute(PKCS11.CKA_LOCAL, true));
        attList.Add(new PKCS11.Attribute(PKCS11.CKA_EXTRACTABLE, false));
        attList.Add(new PKCS11.Attribute(PKCS11.CKA_NEVER_EXTRACTABLE, true));
        attList.Add(new PKCS11.Attribute(PKCS11.CKA_SENSITIVE, true));
        attList.Add(new PKCS11.Attribute(PKCS11.CKA_ALWAYS_SENSITIVE, true));
        attList.Add(new PKCS11.Attribute(PKCS11.CKA_DERIVE, false));
        attList.Add(new PKCS11.Attribute(PKCS11.CKA_LOCAL, false));
        attList.Add(new PKCS11.Attribute(PKCS11.CKA_DECRYPT, true));
        attList.Add(new PKCS11.Attribute(PKCS11.CKA_SIGN, true));
        attList.Add(new PKCS11.Attribute(PKCS11.CKA_SIGN_RECOVER, false));
        attList.Add(new PKCS11.Attribute(PKCS11.CKA_UNWRAP, false));

        PKCS11.Object.Create(session, attList.ToArray());
    }

当我运行此代码时,我得到了代码异常

public const int CKR_TEMPLATE_INCONSISTENT = 0x000000D1;

(例外出现在最后一行:Create()).

在理解我做错了什么方面,我将不胜感激.

谢谢,
罗嫩

解决方法:

我有问题顺便说一下,您在代码中两次设置了属性PKCS11.CKA_LOCAL.它不是核心.不要设置属性PKCS11.CKA_LOCAL-它是自动设置的.如果设置为PKCS11.SENSITIVE,则无法设置CKA_EXTRACTABLE,CKA_NEVER_EXTRACTABLE和CKA_ALWAYS_SENSITIVE.

此代码应工作:

   List<PKCS11.Attribute> attList = new List<PKCS11.Attribute>{};

    attList.Add(new PKCS11.Attribute(PKCS11.CKA_CLASS, PKCS11.CKO_PRIVATE_KEY));
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_KEY_TYPE, PKCS11.CKK_RSA));
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_PRIVATE, true));
    //attList.Add(new PKCS11.Attribute(PKCS11.CKA_SUBJECT, cert.SubjectName.RawData));
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_ID, 0xa1));
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_LABEL, label));
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_TOKEN, true));
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_MODULUS, publicParams.Modulus));
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_PUBLIC_EXPONENT, publicParams.Exponent));
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_PRIVATE_EXPONENT, publicParams.D));
    // attList.Add(new ObjectAttribute(PKCS11.CKH_CLOCK, true));
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_MODIFIABLE, true));
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_SENSITIVE, true));
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_DERIVE, false));
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_DECRYPT, true));
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_SIGN, true));
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_SIGN_RECOVER, false));
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_UNWRAP, false));

    PKCS11.Object.Create(session, attList.ToArray());

标签:pkcs11,rsa,c,e-token
来源: https://codeday.me/bug/20191122/2061055.html