如何创建 EC 密钥对?
[英]How to create a EC Key Pair?
问题描述
I am trying to create an EC key pair using the Pkcs#11 interop library (5.1.2) but every time I try to generate one it returns CKR_TEMPLATE_INCOMPLETE or CKR_DOMAIN_PARAMS_INVALID.
我正在尝试使用 Pkcs#11 互操作库 (5.1.2) 创建一个 EC 密钥对,但每次我尝试生成一个时,它都会返回 CKR_TEMPLATE_INCOMPLETE 或 CKR_DOMAIN_PARAMS_INVALID。 I am using SC650 smart card to be able to generate the keys.我正在使用 SC650 智能卡来生成密钥。 As well as BouncyCastle (1.8.9) to generate an EC curve.以及用于生成 EC 曲线的 BouncyCastle (1.8.9)。 The snippet of code below is from one of the examples from Pkcs#11 library, just modified.下面的代码片段来自 Pkcs#11 库的示例之一,刚刚修改。
public void GenerateKP()
{
using (IPkcs11Library pkcs11lib = _factory.Pkcs11LibraryFactory.LoadPkcs11Library(_factory, FILE_PATH, AppType.MultiThreaded))
{
ISlot slot = GetUsableSlot(pkcs11lib);
using(ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Must Der Encoding of the EcParameters
X9ECParameters curve = NistNamedCurves.GetByName("P-256");
X962Parameters x962 = new X962Parameters(curve);
byte[] paramBytes = curve.GetDerEncoded();
byte[] ckaId = session.GenerateRandom(20);
session.Login(CKU.CKU_USER, TOKEN_CODE);
// ECC Public Key Template
List<IObjectAttribute> publicKeyAttributes = new List<IObjectAttribute>();
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIVATE, false));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, "EC P-256 public key"));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ID, ckaId));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_VERIFY, true));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_VERIFY_RECOVER, true));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_WRAP, true));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_MODULUS_BITS, 1024));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PUBLIC_EXPONENT, new byte[] { 0x01, 0x00, 0x01 }));
//publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_EC_PARAMS, paramBytes));
// ECC Private Key Template
List<IObjectAttribute> privateKeyAttributes = new List<IObjectAttribute>();
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIVATE, true));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, "EC P-256 private key"));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_KEY_TYPE, CKK.CKK_EC));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ID, ckaId));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_SENSITIVE, true));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_EC_PARAMS, paramBytes));
IMechanism mechanism = session.Factories.MechanismFactory.Create(CKM.CKM_ECDSA_KEY_PAIR_GEN);
IObjectHandle pubKeyHandle = null;
IObjectHandle privateHandle = null;
session.GenerateKeyPair(mechanism, publicKeyAttributes, privateKeyAttributes, out pubKeyHandle, out privateHandle);
}
}
}
1 个解决方案
解决方案1
0 2022-10-04 06:25:25
you should remove some attributes from your EC public key template because they will use for RSA key-pair.您应该从您的 EC 公钥模板中删除一些属性,因为它们将用于 RSA 密钥对。 these attributes are:这些属性是:
- CKA_VERIFY_RECOVER CKA_VERIFY_RECOVER
- CKA_MODULUS_BITS CKA_MODULUS_BITS
- CKA_PUBLIC_EXPONENT CKA_PUBLIC_EXPONENT
- CKA_WRAP CKA_WRAP
uncomment CKA_EC_PARAMS attribute from public key template.取消注释公钥模板中的 CKA_EC_PARAMS 属性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.