[Openca-Users] problems with templates in public and private key generation

Tue, 23 Nov 2004 01:49:07 -0800 

Dear all,

I am trying to generate a public and private keys, but I dont get a
label for the public key.

I use the following template for the public key. I use this shorter
version:

La que yo estoy probando, que es bastante mas reducida, deberia
funcionar, y es esta:

CK_ATTRIBUTE publicKeyTemplate[] = {
  {CKA_LABEL, (void *)nombre, strlen(nombre)},
  {CKA_KEY_TYPE, &tipoClave, sizeof(tipoClave)},
  {CKA_ENCRYPT, &tru, sizeof(tru)},
  {CKA_VERIFY, &tru, sizeof(tru)},
  {CKA_WRAP, &tru, sizeof(tru)},
  {CKA_MODULUS_BITS, &modulusBits, sizeof(modulusBits)},
  {CKA_PUBLIC_EXPONENT, publicExponent, sizeof (publicExponent)}
 };

where the label is given by "nombre" as an argument. I use a gpkcs11
template:

static CK_ATTRIBUTE
CK_I_rsa_public_key_template[CK_I_rsa_public_key_count] ={
 {CKA_CLASS, &CK_I_public_key_class, sizeof(CK_I_public_key_class)},
 {CKA_TOKEN, &CK_Tcsc_true, sizeof(CK_Tcsc_true)},
 {CKA_MODIFIABLE, &CK_Tcsc_false, sizeof(CK_Tcsc_false)},
 {CKA_LABEL, CK_I_rsa_public_label, sizeof(CK_I_rsa_public_label)},
 {CKA_KEY_TYPE, &CK_I_rsa_keyType, sizeof(CK_I_rsa_keyType)},
 {CKA_DERIVE, &CK_Tcsc_false, sizeof(CK_Tcsc_false)},
 {CKA_LOCAL, &CK_Tcsc_true, sizeof(CK_Tcsc_true)},
 {CKA_ENCRYPT, &CK_Tcsc_true, sizeof(CK_Tcsc_true)},
 {CKA_VERIFY, &CK_Tcsc_true, sizeof(CK_Tcsc_true)},
 {CKA_VERIFY_RECOVER, &CK_Tcsc_true, sizeof(CK_Tcsc_true)},
 {CKA_WRAP, &CK_Tcsc_true, sizeof(CK_Tcsc_true)},
 {CKA_EXTRACTABLE, &CK_Tcsc_true, sizeof(CK_Tcsc_true)},
 {CKA_MODULUS_BITS, &modulusBits, sizeof(modulusBits)},
 {CKA_PUBLIC_EXPONENT, publicExponent, sizeof(publicExponent)},
};


This is the template for the private key :

 CK_ATTRIBUTE privateKeyTemplate[] = {
  {CKA_TOKEN, &tru, sizeof(tru)},
  {CKA_PRIVATE, &tru, sizeof(tru)},
  {CKA_SUBJECT, (void *)nombre, sizeof(nombre)},
  {CKA_ID, id, sizeof(id)},
  {CKA_SENSITIVE, &tru, sizeof(tru)},
  {CKA_DECRYPT, &tru, sizeof(tru)},
  {CKA_SIGN, &tru, sizeof(tru)},
  {CKA_UNWRAP, &tru, sizeof(tru)},
  {CKA_LABEL, (void *)nombre, strlen(nombre)}
 };
Siendo la etiqueta el "nombre", tambi�n, como en la p�blica.

The template used is:

static CK_ATTRIBUTE
CK_I_rsa_private_key_template[CK_I_rsa_private_key_count] ={
 {CKA_CLASS, &CK_I_private_key_class, sizeof(CK_I_private_key_class)},
 {CKA_TOKEN, &CK_Tcsc_true, sizeof(CK_Tcsc_true)},
 {CKA_PRIVATE, &CK_Tcsc_true, sizeof(CK_Tcsc_true)},
 {CKA_MODIFIABLE, &CK_Tcsc_false, sizeof(CK_Tcsc_false)},
 {CKA_LABEL, CK_I_rsa_private_label, sizeof(CK_I_rsa_private_label)},
 {CKA_KEY_TYPE, &CK_I_rsa_keyType, sizeof(CK_I_rsa_keyType)},
 {CKA_DERIVE, &CK_Tcsc_false, sizeof(CK_Tcsc_false)},
 {CKA_LOCAL, &CK_Tcsc_true, sizeof(CK_Tcsc_true)},
 {CKA_SENSITIVE, &CK_Tcsc_true, sizeof(CK_Tcsc_true)},
 {CKA_DECRYPT, &CK_Tcsc_false, sizeof(CK_Tcsc_false)},
 {CKA_SIGN, &CK_Tcsc_false, sizeof(CK_Tcsc_true)},
 {CKA_SIGN_RECOVER, &CK_Tcsc_false, sizeof(CK_Tcsc_false)},
 {CKA_UNWRAP, &CK_Tcsc_true, sizeof(CK_Tcsc_true)},
 {CKA_EXTRACTABLE, &CK_Tcsc_false, sizeof(CK_Tcsc_false)},
 {CKA_ALWAYS_SENSITIVE, &CK_Tcsc_true, sizeof(CK_Tcsc_true)},
 {CKA_NEVER_EXTRACTABLE, &CK_Tcsc_true, sizeof(CK_Tcsc_true)},
};


These templates are passed to the function as arguments:

 rv = (*ckFunc->C_GenerateKeyPair )( hSession, &mechanism,
publicKeyTemplate, NumAttrPublico, privateKeyTemplate, NumAttrPrivado,
&hPublicKey, &hPrivateKey);

We have tried even rename it, once created, and only the private key is
renamed.

We have also tried with the following option in the public key

{CKA_TOKEN, &CK_Tcsc_true, sizeof(CK_Tcsc_true)},

But two public keys are generated: one without the label and the other
one outiside the public-private key pair...

If further information is needed I could send the source code...

Regards,

Miguel

--

���`����,��,����`����,��,����`����,��,����`�

Miguel Gonz�lez Casta�os

Ingeniero de Entrada

Telef�nica Investigaci�n y Desarrollo
Parque Tecnol�gico Walqa
Edificio Uno
Ctra. Zaragoza N-330a Km.556
22197 Cuarte
Huesca

Tel.: +34 913129876
Fax:  +34 974215500

Correo-e: [EMAIL PROTECTED]

Internet: http://www.tid.es


���`����,��,����`����,��,����`����,��,����`�






-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to