I have a LunaSA HSM and i'm trying to unwrap a PKCS#8 formatted private key with a CAST5 secret key? The mechanism to use is CKM_CAST5_CBC_PAD the OID of which is 1.2.840.113533.7.66.10.
Unfortunately when i run the C_UnwrapKey function using the above mechanism with the specified secret key, the HSM returns with CKM_MECHANISM_INVALID which according to PKCS11 means that the mechanism is not supported for the specified cryptographic operation.
How can I unwrap my PKCS#8 private key using CKM_CAST5_CBC_PAD?
With CKR_MECHANISM_INVALID your PKCS#11 library is telling you that "An invalid mechanism was specified to the cryptographic operation".
Are you sure that your PKCS#11 library supports CKM_CAST5_CBC_PAD mechanism? You can check by simply calling C_GetMechanismList() and checking whether this mechanism is present in the returned list.
Related
I wanted to know if there is a way a disable a particular operation on a PKCS#11 Object. For instance, I create an Object (AES Key) using C_CreateObject. I would want to set some property in this object that pauses/ disables the use of this object for any encryption/ decryption use. Is this possible ? Can we set the CKA_DECRYPT value to CK_FALSE to disable Decrypt operations? Also can this be changed multiple times using C_SetAttributeValue
Theoretically PKCS#11 standard don't restrict your from changing values of properties.
Practically your possibility to change the values after object created dependent on your PKCS#11 provider.
My suggestion that this property is immutable.
Try to set this values during creation of key or change values during copying of key object using C_CopyObject.
Another solution is to implement your own PKCS#11 proxy library with custom logic inside of PKCS#11 exported functions.
I am trying to use IAIK PKCS#11 wrapper to perform ECDH key agreement. I can see that there is a class of the parameters: EcDH1KeyDerivationParameters. But I don't see any classes of the keys for ECDH: http://javadoc.iaik.tugraz.at/pkcs11_wrapper/current/iaik/pkcs/pkcs11/objects/package-summary.html
When running ECDH key agreement via IAIK PKCS#11 wrapper, what key types should I feed into it? Can I use ECDSA key objects or DH key objects? Or I need to something extra?
Thanks
I am working on a library which follows PKCS#11 standard.
https://www.cryptsoft.com/pkcs11doc/v220/
The library can generate RSA Keypair in token by the function C_GenerateKeyPair and returns appropriate object handles with return value CKR_OK.
The token(applet) not supports load of private/public key except generate key pair. What will be the appropriate return value of create RSA private/public key using C_CreateObject?
Now I am returning CKR_GENERAL_ERROR, is it okay?
Allowed return values are
CKR_ARGUMENTS_BAD, CKR_ATTRIBUTE_READ_ONLY,
CKR_ATTRIBUTE_TYPE_INVALID, CKR_ATTRIBUTE_VALUE_INVALID,
CKR_CRYPTOKI_NOT_INITIALIZED, CKR_DEVICE_ERROR, CKR_DEVICE_MEMORY,
CKR_DEVICE_REMOVED, CKR_DOMAIN_PARAMS_INVALID, CKR_FUNCTION_FAILED,
CKR_GENERAL_ERROR, CKR_HOST_MEMORY, CKR_OK, CKR_PIN_EXPIRED,
CKR_SESSION_CLOSED, CKR_SESSION_HANDLE_INVALID, CKR_SESSION_READ_ONLY,
CKR_TEMPLATE_INCOMPLETE, CKR_TEMPLATE_INCONSISTENT,
CKR_TOKEN_WRITE_PROTECTED, CKR_USER_NOT_LOGGED_IN.
Thanks for your help
Update
I have two types of applet, one supports load of RSA private/public key to token and another not supports. It can only possible to identify if the token supports load of key is the response of transmitted APDU. So I can't take decision only to check the class attribute of C_CreateObject.
If your library does not support C_CreateObject at all then the best choice IMO is CKR_FUNCTION_NOT_SUPPORTED.
Chapter 11 in PKCS#11 v2.20 states:
A Cryptoki library need not support every function in the Cryptoki API. However, even an unsupported function must have a "stub" in the library which simply returns the value CKR_FUNCTION_NOT_SUPPORTED.
If your library does support C_CreateObject for creation of other object types (e.g. certificates, data objects etc.) then the best choice IMO is CKR_ATTRIBUTE_VALUE_INVALID.
Chapter 10.1.1 in PKCS#11 v2.20 states:
If the supplied template specifies an invalid value for a valid attribute, then the attempt should fail with the error code CKR_ATTRIBUTE_VALUE_INVALID.
UPDATE
Now that you have shared more details about your library in the comments I can add more detailed explanation:
It seems I can call your implementation of C_CreateObject with template containing CKA_CLASS=CKO_CERTIFICATE and it will create certificate object on this particular token and return CKR_OK. If I call it with template containing CKA_CLASS=CKO_PRIVATE_KEY then your code will decide to return an error right after the evaluation of the supplied value of this attribute. IMO there is no doubt that chapter 10.1.1 of PKCS#11 v2.20 recommends you to return CKR_ATTRIBUTE_VALUE_INVALID in this case.
However if are not willing to follow behavior recommended by the specification and there is no predefined error code you like, you can introduce your own vendor defined code (see my older answer for more details):
#define CKR_TOKEN_OPERATION_NOT_SUPPORTED (CKR_VENDOR_DEFINED|0x0000001)
IMO confusion level for inexperienced developer will be the same regardless of error code you return. In the end he/she will need to consult your documentation or logs produced by your library to find out the real reason why he/she received the error.
I would like to read Key value from a KEY/Data object of PKCS11 into a local variable.
I observe that Key is stored in CKA_VALUE of Key object.
Which is the ideal function to be used to get this value to my local variable?
I have used C_GetAttributeValue it but doesn't help.
Please guide me.
Thanks
Harsha
Private keys of assymmetric algorithms and symmetric keys usually can not be extracted from the hardware device. This is a protection measure. That's why you can't get the value.
There exist exceptions (some implementations allow you to add the key and explicitly mark it as not protected, in which case the key can be read later) but this reduces security and other user benefits, so this not popular.
In some implementation, if you set the CKA.CKA_SENSITIVE to false, yes you can read the value.
If CKA_EXTRACTABLE is set to CK_FALSE on a key then the value cannot be extracted using PKCS#11.
IF CKA_SENSITIVE is set to CK_TRUE then a key cannot be extracted in plain text.
However,
If CKA_EXTRACTABLE is CK_TRUE, and CKA_SENSITIVE is CK_FALSE the key can be extracted using CKA_VALUE.
If CKA_EXTRACTABLE is CK_TRUE, and CKA_SENSITIVE is CK_TRUE the key can be extracted by wrapping the key using C_WrapKey, then unwrapping the wrapped key outside the unit.
First off, that is not a typo, I want to decrypt using a public key. The purpose for doing this is to challenge a third party to ensure they do, in fact, have the private key that corresponds to the public key. Basically, I would send some random data, they would encrypt it with their private key, I would decrypt it using the public key and compare the decrypted value to the random data that I sent. I believe this is a pretty standard procedure in public key crypto but for some reason decrypting with a public key seems to be taboo.
I am simply using the RSACryptoServiceProvider in .NET 2.0. However, when I call Decrypt it throws a CryptographicException with message Bad Key. The key is not bad (I can Encrypt with no problem), but it appears as though it will not let me decrypt with just the public key. What gives? This must be possible to do.
I think the recognized term is signing. They sign with the private key, and you verify with the public key. I admit I don't understand the low-level math as well as I should, but my understanding is signing is really just encrypting with the private key.
Use RSACryptoServiceProvider's sign and verify family of methods. In fact, SignHash actually says, "encrypting it with the private key."
These .Net classes should be a wrapper of the crypto API.
There are two types of keys in crypto API. Crypto API is a wrapper around PKCS#11. When you generate a key pair using Microsoft cryptographic service provider, you get AT_EXCHANGE AND AT_SIGNATURE keys. Every key is generated based on some attributes defined in PKCS#11 standard..
AT_EXCHANGE keys Attributes:
wrap/unwrap = true
sign/verify = true
encrypt/decrypt = false
AT_SIGNATURE keys Attributes:
wrap/unwrap = false
sign/verify = true
encrypt/decrypt = false
So basically, when you are exchaning data, you are essentially performing a wrapping/unwrapping function. This is what Microsoft calls it as AT_EXCHANGE. This is primarily used to exchange secrete/symmetric keys and not used to echange huge amounts of data.
So you need to go back and find out which key you chose to EITHER sign / wrap your dat.
Per Raj, the key you've been provided with probably isn't marked for exchange.
Ask the party who provided the public key how they generated it. If using makecert.exe, they'll need to specify "-sky Exchange". Without this, you can only use the key for signing and authentication, not encryption/decryption which is the use case you're implementing here.