I am quite new to using PKCS#11 library so maybe someone with more experience can clear things up.
I want to do the following:
I know how to generate symmetric key, but how to upload existing RSA public key?
Is this even possible using PKCS#11 library?
There seems to be similar question at Wrap a secret key with a public key using PKCS#11 but it uses RSA key pair that is generated on HSM. I need to upload RSA public key to HSM myself.
We can use C_CreateObject function of PKCS#11 to import a public key to HSM. This can be found from
RSA PKCS#11 Functions -> Object Management Functions -> C_CreateObject
There is also an example of load public key. But it requires the support of token to load the public key from cryptoki library.
CK_SESSION_HANDLE hSession;
CK_OBJECT_HANDLE hKey;
CK_OBJECT_CLASS keyClass = CKO_PUBLIC_KEY;
CK_KEY_TYPE keyType = CKK_RSA;
CK_BYTE modulus[] = {... };
CK_BYTE exponent[] = {... };
CK_ATTRIBUTE keyTemplate[] = {
{CKA_CLASS, &keyClass, sizeof(keyClass)}
,
{CKA_KEY_TYPE, &keyType, sizeof(keyType)}
,
{CKA_WRAP, &true, sizeof(true)}
,
{CKA_MODULUS, modulus, sizeof(modulus)}
,
{CKA_PUBLIC_EXPONENT, exponent, sizeof(exponent)}
};
CK_RV rv;
/* Create an RSA public key object */
rv = C_CreateObject(hSession, &keyTemplate, 5, &hKey);
if (rv == CKR_OK) {
.
.
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.