[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [iaik-ssl]cu|| Generate Keypair on Smart Card or Import p12 file into Smart Card



hi Nick,

> -----Original Message-----
> From: iaik-ssl-owner@iaik.at [mailto:iaik-ssl-owner@iaik.at] 
> On Behalf Of Nick Karamer
> Sent: Friday, April 05, 2002 9:05 AM
> To: iaik-jce@iaik.at; iaik-ssl@iaik.at
> Subject: [iaik-ssl]cu|| Generate Keypair on Smart Card or 
> Import p12 file into Smart Card
> 
> 
> Hi all,
> 
> I can now access smart card using IAIK pkcs11 wrapper
> in my java application. I want to generate a key pair
> on smart card which would be later used for signing
> and verification. but the function GenerateKeyPair in
> class Session returns an exception
> 
> iaik.pkcs.pkcs11.wrapper.PKCS11Exception:
> CKR_ATTRIBUTE_TYPE_INVALID at 
> aik.pkcs.pkcs11.wrapper.PKCS11Implementation.C_GenerateKeyPair(Native
> Method)
> 	at
> iaik.pkcs.pkcs11.Session.generateKeyPair(Session.java:1193)
> 	at
> demo.pkcs.pkcs11.GenerateKeyPair.main(GenerateKeyPair.java:124)
> 
> Please note that when i use the same function for HSM
> token like Chrysalis, it works fine.

different PKCS#11 tokens require different attributes on the key
templates to be set.
if you give the token a key template that has 'encryption' set to true,
your token may reject it with CKR_ATTRIBUTE_TYPE_INVALID. try to set
only those attributes that you really need. some attributes are
required. you can see it in the PKCS#11 standard which attributes of
e.g. RSA private and public keys you have to set when calling
C_GenerateKeyPair. try e.g.

      // set the attributes for the public key
      rsaPublicKeyTemplate.getModulusBits().setLongValue(new
Long(1024));
      rsaPublicKeyTemplate.getToken().setBooleanValue(Boolean.TRUE);
      byte[] publicExponentBytes = {0x01, 0x00, 0x01};
 
rsaPublicKeyTemplate.getPublicExponent().setByteArrayValue(publicExponen
tBytes);

      // set the attributes for the private key
      RSAPrivateKey rsaPrivateKeyTemplate = new RSAPrivateKey();
      rsaPrivateKeyTemplate.getToken().setBooleanValue(Boolean.TRUE);
      rsaPrivateKeyTemplate.getPrivate().setBooleanValue(Boolean.TRUE);
      rsaPrivateKeyTemplate.getSign().setBooleanValue(Boolean.TRUE);


> 
> 2- Second problem is that i want to import p12 file
> into Smart card through my application. Any help on
> this ?

the demo demo.pkcs.pkcs11.DownloadPrivateKey does exactly this.

regards

  Karl

--

Karl Scheibelhofer, <mailto:Karl.Scheibelhofer@iaik.at>
Institute for Applied Information Processing and Communications (IAIK)
at Graz University of Technology, Austria, http://www.iaik.at and
http://jcewww.iaik.at
Phone: (+43) (316) 873-5540

--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl