问题
Good day!
I'm trying to create public key ObjectHandle based on hex string that comes from client via post request.
I'm doing it according to the documentation, but it returns me CKR_ATTRIBUTE_TYPE_INVALID exeption.
Full exeption message: Net.Pkcs11Interop.Common.Pkcs11Exception: 'Method C_CreateObject returned CKR_ATTRIBUTE_VALUE_INVALID'
Inner exeption is null
Can you please help me to figure out what i'm doing wrong?
Here is my code:
using (Pkcs11 pkcs11 = new Pkcs11(Settings.RutokenEcpDllDefaultPath, AppType.MultiThreaded))
{
Slot slot = GetSlot(pkcs11);
// This public key comes from client
// But i put it here to show value. Maybe value is a reason. I'm not sure,
// but i hope you will help me
var hexString = "1c:ec:2d:4a:b3:51:51:07:f7:c4:f6:d9:09:a3:06:73:c2:06:42:7f:b2:11:fd:be:ad:12:5c:22:b9:df:cb:e5:08:7c:7c:48:a6:af:92:67:d3:56:63:29:0c:9e:1a:4a:0e:d1:08:d8:7a:28:61:bd:da:ed:be:aa:49:84:f2:64";
hexString = hexString.Replace(":", string.Empty);
var publicKeyValue = ConvertUtils.HexStringToBytes(hexString);
using (Session session = slot.OpenSession(SessionType.ReadWrite))
{
session.Login(CKU.CKU_USER, Settings.TokenPin);
List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>();
objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_PUBLIC_KEY));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_GOSTR3410));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, "Verification Key"));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_VERIFY, true));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_VALUE, publicKeyValue));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, false));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_GOSTR3410_PARAMS, new byte[] { 0x06, 0x07, 0x2a, 0x85, 0x03, 0x02, 0x02, 0x23, 0x00 }));
// Create object
ObjectHandle objectHandle = session.CreateObject(objectAttributes);
}
}
回答1:
GOST Public Key can't be imported onto ruToken - see docs note in the box.
Just change
objectAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, **true**));
to
objectAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, **false**));
Public key as a token object can only be 'created' as a result of C_GenerateKeyPair call.
回答2:
By returning CKR_ATTRIBUTE_VALUE_INVALID your PKCS#11 library tells you that your template specifies an invalid value for a valid attribute(s).
Unfortunately PKCS#11 API does not provide details which attribute caused the error but many PKCS#11 libraries support some kind of internal logging mechanism which may reveal the real cause of error. Exact steps needed to enable logging should be present in the documentation provided by the PKCS#11 library vendor.
来源:https://stackoverflow.com/questions/52809655/im-trying-to-create-gostr3410-public-key-ckr-attribute-type-invalid-exeption