[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-ssl]cu|| Invalid Mechanism Error While Signing



Hi Karl,

Thanks .. i got it working through searching with two
attributes set, one for CKA_PRIVATE to true and CKA_ID
to the Key Id for Private, in case of Public Key i set
CKA_PRIVATE to false. Thanks again for your help.  Now
the keys are found but it gives an error 

iaik.pkcs.pkcs11.wrapper.PKCS11Exception:
CKR_MECHANISM_INVALID                 
	at
ASC_HSMManager.getChallengeSignedFromSmartCard(ASC_HSMManager.java:1011)
	at ASC_HSMManager.main(ASC_HSMManager.java:78)

when i call C_SignUpdate function.

CK_ATTRIBUTE[] attributeTemplateList = new
CK_ATTRIBUTE[2];
attributeTemplateList[0] = new CK_ATTRIBUTE();
attributeTemplateList[0].type = 2;         
attributeTemplateList[0].pValue = new
Boolean(PKCS11Constants.TRUE);
attributeTemplateList[1] = new CK_ATTRIBUTE();
attributeTemplateList[1].type =
PKCS11Constants.CKA_ID;
attributeTemplateList[1].pValue =
a_strKeyId.getBytes();
long[] slotIDs_ = __pkcs11.C_GetSlotList(true);
token_ = slotIDs_[0];
session_ = __pkcs11.C_OpenSession(token_,
PKCS11Constants.CKF_SERIAL_SESSION |
PKCS11Constants.CKF_RW_SESSION, null, null);
__pkcs11.C_Login(session_, PKCS11Constants.CKU_USER,
str_UserPIN.toCharArray());
System.out.println("The Smart Card is Logged in with
New User");
System.out.println("Going to get Handle for Private
Key the User --- " + str_UserPIN);
__pkcs11.C_FindObjectsInit(session_,
attributeTemplateList);
long[] availableSignatureKeys =
__pkcs11.C_FindObjects(session_, 100); //maximum of
100 at once
__pkcs11.C_FindObjectsFinal(session_);
if (availableSignatureKeys!=null &&
availableSignatureKeys.length >= 1)
        {
          System.out.println("Private Key has been
Found");
          CK_MECHANISM signatureMechanism_  = new
CK_MECHANISM();
          signatureMechanism_.mechanism =
PKCS11Constants.CKM_RSA_PKCS;
/* *************************************************
I have also tried CKM_SHA1_RSA_PKCS
*****************************************************/
signatureMechanism_.pParameter = null;
__pkcs11.C_SignInit(session_, signatureMechanism_,
availableSignatureKeys[0]);
__pkcs11.C_SignUpdate(session_, a_DataToBeSigned);
signedData = __pkcs11.C_SignFinal(session_);
        }

Do i have to add some provider or what ? Why this is
saying Invalid mechanism. The mechanism
CKM_SHA1_RSA_PKCS also does not appear when i print
information for all mechanisms available on the Smart
Card.

Greatly thankful
Nick
 
--- Karl Scheibelhofer <Karl.Scheibelhofer@iaik.at>
wrote:
> hi,
> 
> > -----Original Message-----
> > From: Nick Karamer [mailto:nkaramer@yahoo.com] 
> > Sent: Friday, April 12, 2002 6:19 AM
> > To: Karl Scheibelhofer
> > Cc: iaik-ssl@iaik.at
> > Subject: RE: [iaik-ssl]cu|| Retrieving Public Key
> from Smart Card
> > 
> > 
> > Hi Karl,
> > 
> > Thanks for Your Response. That is fine that i will
> > save the Public Key in this situation but i do not
> > want to save Private Key ever out of Smart Card.
> Now i
> > want that i send some information to smart card
> which
> > is signed by Private Key and then i verify it with
> the
> > Public Key saved in say Database [which i would
> have
> > done when i had generated the key pair]. In this
> case
> > i will definitly have to search the Private Key so
> > that i get the Key handle for Private key and then
> > pass to encrypt and/or sign methods. What do you
> > suggest in that case.
> 
> if you have the key's ID, search for the private key
> just by it's ID. 
> otherwise, try to search for a private key with the
> same modulus as the
> public key.
> 
> if your PKCS#11 driver does not return any object
> (nor an error), your
> driver does not work correctly. contact the vendor
> to fix it. (i assume
> you paid for this hardware/software that claims to
> be PKCS#11 compliant.
> if it is not, they should make it compliant...)
> 
> regards
> 
>   Karl
> 
> --
> 
> Karl Scheibelhofer,
> <mailto:Karl.Scheibelhofer@iaik.at>
> Institute for Applied Information Processing and
> Communications (IAIK)
> at Graz University of Technology, Austria,
> http://www.iaik.at and
> http://jcewww.iaik.at
> Phone: (+43) (316) 873-5540
> 
> > 
> > Best Regards
> > Nick
> > --- Karl Scheibelhofer
> <Karl.Scheibelhofer@iaik.at>
> > wrote:
> > > hi Nick,
> > > 
> > > > -----Original Message-----
> > > > From: iaik-ssl-owner@iaik.at
> > > [mailto:iaik-ssl-owner@iaik.at]
> > > > On Behalf Of Nick Karamer
> > > > Sent: Thursday, April 11, 2002 12:43 PM
> > > > To: iaik-ssl@iaik.at
> > > > Subject: [iaik-ssl]cu|| Retrieving Public Key
> from
> > > Smart Card
> > > > 
> > > > 
> > > > Hi all,
> > > > 
> > > > I am successful in generating Key pair on the
> > > smart
> > > > card through my application code. Infact i had
> to
> > > use
> > > > C_XXXX functions od wrapper class PKCS11
> directly.
> > > Now
> > > > i want to do following
> > > > 
> > > > 1- Retreive Public Key
> > > > 2- Retrieve Private Key to send the handle of
> that
> > > for
> > > > signing.
> > > 
> > > the method C_GenerateKeyPair returns the handle
> of
> > > the generated public
> > > key and the private key.
> > > you do not need to search for them.
> > > 
> > > > 
> > > > I have written following code to find the Key
> > > > 
> > > >       long[] slotIDs_ =
> > > __pkcs11.C_GetSlotList(true);
> > > >       token_ = slotIDs_[0];
> > > >       session_ =
> __pkcs11.C_OpenSession(token_,
> > > > PKCS11Constants.CKF_SERIAL_SESSION | 
> > > > PKCS11Constants.CKF_RW_SESSION, null, null);
> > > >       __pkcs11.C_Login(session_,
> > > > PKCS11Constants.CKU_USER,
> > > str_UserPIN.toCharArray());
> > > >       System.out.println("The Smart Card is
> Logged
> > > in
> > > > with New User");
> > > >       System.out.println("Going to get Public
> Key
> > > the
> > > > User --- " + str_UserPIN);
> > > >       // set the search template for the
> public
> > > key
> > > >       int i_KeyLength = 1024; // change it
> > > >       RSAPublicKey rsaPublicKeyTemplate = new
> > > > RSAPublicKey();
> > > >      
> > > >
> > >
> >
>
rsaPublicKeyTemplate.getId().setByteArrayValue(a_strKeyId.getBytes());
> > > >      
> > > >
> > >
> >
>
rsaPublicKeyTemplate.getModulusBits().setLongValue(new
> > > > Long(i_KeyLength));
> > > >      
> > > >
> > >
> >
>
rsaPublicKeyTemplate.getToken().setBooleanValue(Boolean.TRUE);
> > > >       byte [] publicKeyExponentBytes = {0x01 ,
> > > 0x00,
> > > > 0x01};
> > > >      
> > > >
> > >
> >
>
rsaPublicKeyTemplate.getPublicExponent().setByteArrayValue(pub
> > > > licKeyExponentBytes);
> > > >       Vector publikKeyAttributes =
> > > > rsaPublicKeyTemplate.getSetAttributes();
> > > >       CK_ATTRIBUTE [] publicKeyAttList = null;
> > > >       if (publikKeyAttributes!=null &&
> > > publikKeyAttributes.size()> 0)
> > > >       {
> > > >         publicKeyAttList = new
> > > > CK_ATTRIBUTE[publikKeyAttributes.size()];
> > > >         for (int i_Index=0; i_Index <
> > > > publikKeyAttributes.size(); i_Index++)
> > > >         {
> > > >           publicKeyAttList[i_Index] =
> > > >
> (CK_ATTRIBUTE)publikKeyAttributes.get(i_Index);
> > > >         }
> > > >         System.out.println("Total Attributes
> are "
> > > +
> > > > publikKeyAttributes.size());
> > > >       }
> > > >       __pkcs11.C_FindObjectsInit(session_,
> > > > publicKeyAttList);
> > > >       long [] keysFound =
> > > > __pkcs11.C_FindObjects(session_, 100);
> > > >       __pkcs11.C_FindObjectsFinal(session_);
> > > >       System.out.println("Total Attributes are
> > > after
> > > > finding " + publicKeyAttList.length);
> > > >       System.out.println("Total Keys Found are
> " +
> > > > keysFound.length);
> > > > 
> > > > 
> > > > These were the attributes which i had set when
> i
> > > > created the key pair and it was created with
> > > success.
> > > > Now everything goes fine but the function
> > > > C_FindObjects returns 0 no of key handles.
> Also if
> > > i
> > > 
> > > as written above, you get the handles from the
> > > key-pair generation
> > > directly.
> > > 
> > > > get some key then how would i convert it to
> 
=== message truncated ===


__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/
--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl