pkcs#11 - 对称密钥的解包抛出 Pkcs11Exception / CKR_GENERAL_ERROR
问题描述
我正在尝试将Wrap / Unwrap 示例从 RSA 密钥对转换为单个 AES 密钥:
// Open RW session
using (ISession session = slot.OpenSession(SessionType.ReadWrite))
{
string userPin = "1234";
// Login as normal user
session.Login(CKU.CKU_USER, userPin);
// Generate symetric secret key
IObjectHandle secretKey = Helpers.GenerateKey(session);
// Generate symetric key
IObjectHandle publicKey = Helpers.GenerateKey(session);
// Specify wrapping mechanism
IMechanism mechanism = session.Factories.MechanismFactory.Create(CKM.CKM_AES_KEY_WRAP);
// Wrap key
byte[] wrappedKey = session.WrapKey(mechanism, publicKey, secretKey);
// Define attributes for unwrapped key
List<IObjectAttribute> objectAttributes = new List<IObjectAttribute>();
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_KEY_TYPE, CKK.CKK_AES));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ENCRYPT, true));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_DECRYPT, true));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_DERIVE, true));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_EXTRACTABLE, true));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, "UnWrapperTest"));
// Unwrap key
IObjectHandle unwrappedKey = session.UnwrapKey(mechanism, secretKey, wrappedKey, objectAttributes);
}
}
和
public static IObjectHandle GenerateKey(ISession session)
{
// Prepare attribute template of new key
List<IObjectAttribute> objectAttributes = new List<IObjectAttribute>();
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_KEY_TYPE, CKK.CKK_AES));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ENCRYPT, true));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_DECRYPT, true));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_DERIVE, true));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_EXTRACTABLE, true));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_VALUE_LEN, 32));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, "WrapperTest"));
// Specify key generation mechanism
IMechanism mechanism = session.Factories.MechanismFactory.Create(CKM.CKM_AES_KEY_GEN);
// Generate key
return session.GenerateKey(mechanism, objectAttributes);
}
但是该行IObjectHandle unwrappedKey = session.UnwrapKey(mechanism, secretKey, wrappedKey, objectAttributes);总是抛出Net.Pkcs11Interop.Common.Pkcs11Exception: 'Method C_UnwrapKey returned CKR_GENERAL_ERROR'异常。
作为“HSM”,我在 Windows 上使用 SoftHSM2。
我究竟做错了什么?
披露:我也在GitHub中交叉发布这个问题
解决方案
发现问题:
IObjectHandle unwrappedKey = session.UnwrapKey(mechanism, secretKey, wrappedKey, objectAttributes);
应该读
IObjectHandle unwrappedKey = session.UnwrapKey(mechanism, publicKey, wrappedKey, objectAttributes);
推荐阅读
- c++ - Member Data of Class not updating
- python - Python2:匹配所有名称的正则表达式模式
- python - 在 Django 创建的网站上运行简单的 Python 代码
- java - 如何从字符串请求生成序列?
- php - PHP CSV 上传到 MySQL 没有做任何事情
- python - 如何计算为浮点数存储的二进制近似值的真实十进制值
- python-3.x - 名称“Atno_to_Symbol”未定义
- r - 当我更改菜单项时,在 R 中改变身体
- bash - How do you load bash_profile for bash commands run from perl script?
- redux - Redux observable retry on timeout