如何创建一个EC密钥对?
如何创建一个EC密钥对?
提问于 2022-09-02 19:14:49
我试图使用Pkcs#11互操作库(5.1.2)创建一个EC密钥对,但是每次我尝试生成一个密钥对时,它都返回CKR_TEMPLATE_INCOMPLETE或CKR_DOMAIN_PARAMS_INVALID。我正在使用SC650智能卡来生成密钥。以及BouncyCastle (1.8.9)生成一条EC曲线。下面的代码片段来自Pkcs#11库中的一个示例,该示例刚刚修改。
public void GenerateKP()
{
using (IPkcs11Library pkcs11lib = _factory.Pkcs11LibraryFactory.LoadPkcs11Library(_factory, FILE_PATH, AppType.MultiThreaded))
{
ISlot slot = GetUsableSlot(pkcs11lib);
using(ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Must Der Encoding of the EcParameters
X9ECParameters curve = NistNamedCurves.GetByName("P-256");
X962Parameters x962 = new X962Parameters(curve);
byte[] paramBytes = curve.GetDerEncoded();
byte[] ckaId = session.GenerateRandom(20);
session.Login(CKU.CKU_USER, TOKEN_CODE);
// ECC Public Key Template
List<IObjectAttribute> publicKeyAttributes = new List<IObjectAttribute>();
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIVATE, false));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, "EC P-256 public key"));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ID, ckaId));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_VERIFY, true));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_VERIFY_RECOVER, true));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_WRAP, true));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_MODULUS_BITS, 1024));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PUBLIC_EXPONENT, new byte[] { 0x01, 0x00, 0x01 }));
//publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_EC_PARAMS, paramBytes));
// ECC Private Key Template
List<IObjectAttribute> privateKeyAttributes = new List<IObjectAttribute>();
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIVATE, true));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, "EC P-256 private key"));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_KEY_TYPE, CKK.CKK_EC));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ID, ckaId));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_SENSITIVE, true));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_EC_PARAMS, paramBytes));
IMechanism mechanism = session.Factories.MechanismFactory.Create(CKM.CKM_ECDSA_KEY_PAIR_GEN);
IObjectHandle pubKeyHandle = null;
IObjectHandle privateHandle = null;
session.GenerateKeyPair(mechanism, publicKeyAttributes, privateKeyAttributes, out pubKeyHandle, out privateHandle);
}
}
}回答 1
Stack Overflow用户
发布于 2022-10-04 06:25:25
您应该从您的EC公钥模板中删除一些属性,因为它们将用于RSA密钥对。这些属性是:
- CKA_VERIFY_RECOVER
- CKA_MODULUS_BITS
- CKA_PUBLIC_EXPONENT
- CKA_WRAP
从公钥模板中取消注释CKA_EC_PARAMS属性。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/73587070
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号