Alladin eToken失敗，導入RSA密鑰

Question

我正在使用帶有PKCS11接口的SafeNet（Alladin）eToken到C＃。 我需要將不帶eToken的RSA密鑰導入eToken。

的RSA密鑰的創建是通過做：

RSACryptoServiceProvider RSA = new RSACryptoServiceProvider(); 
RSAParameters publicKey = RSA.ExportParameters(false); 
RSAParameters privateKey = RSA.ExportParameters(true); 
eTokenHelper.WritePrivateKeyToToken(session, privateKey, "private"); 

及以上WritePrivateKeyToToken的實現是：

public static void WritePrivateKeyToToken(PKCS11.Session session, System.Security.Cryptography.RSAParameters publicParams, string label) 
    { 

     List<PKCS11.Attribute> attList = new List<PKCS11.Attribute>{}; 


     attList.Add(new PKCS11.Attribute(PKCS11.CKA_CLASS, PKCS11.CKO_PRIVATE_KEY)); 
     attList.Add(new PKCS11.Attribute(PKCS11.CKA_KEY_TYPE, PKCS11.CKK_RSA)); 
     attList.Add(new PKCS11.Attribute(PKCS11.CKA_PRIVATE, true)); 
     //attList.Add(new PKCS11.Attribute(PKCS11.CKA_SUBJECT, cert.SubjectName.RawData)); 
     attList.Add(new PKCS11.Attribute(PKCS11.CKA_ID, 0xa1)); 
     attList.Add(new PKCS11.Attribute(PKCS11.CKA_LABEL, label)); 
     attList.Add(new PKCS11.Attribute(PKCS11.CKA_TOKEN, true)); 
     attList.Add(new PKCS11.Attribute(PKCS11.CKA_MODULUS, publicParams.Modulus)); 
     attList.Add(new PKCS11.Attribute(PKCS11.CKA_PUBLIC_EXPONENT, publicParams.Exponent)); 
     attList.Add(new PKCS11.Attribute(PKCS11.CKA_PRIVATE_EXPONENT, publicParams.D)); 
     // attList.Add(new ObjectAttribute(PKCS11.CKH_CLOCK, true)); 
     attList.Add(new PKCS11.Attribute(PKCS11.CKA_MODIFIABLE, true)); 
     attList.Add(new PKCS11.Attribute(PKCS11.CKA_LOCAL, true)); 
     attList.Add(new PKCS11.Attribute(PKCS11.CKA_EXTRACTABLE, false)); 
     attList.Add(new PKCS11.Attribute(PKCS11.CKA_NEVER_EXTRACTABLE, true)); 
     attList.Add(new PKCS11.Attribute(PKCS11.CKA_SENSITIVE, true)); 
     attList.Add(new PKCS11.Attribute(PKCS11.CKA_ALWAYS_SENSITIVE, true)); 
     attList.Add(new PKCS11.Attribute(PKCS11.CKA_DERIVE, false)); 
     attList.Add(new PKCS11.Attribute(PKCS11.CKA_LOCAL, false)); 
     attList.Add(new PKCS11.Attribute(PKCS11.CKA_DECRYPT, true)); 
     attList.Add(new PKCS11.Attribute(PKCS11.CKA_SIGN, true)); 
     attList.Add(new PKCS11.Attribute(PKCS11.CKA_SIGN_RECOVER, false)); 
     attList.Add(new PKCS11.Attribute(PKCS11.CKA_UNWRAP, false)); 

     PKCS11.Object.Create(session, attList.ToArray()); 
    } 

當我運行這段代碼，我得到的代碼

異常

public const int CKR_TEMPLATE_INCONSISTENT = 0x000000D1; 

（例外情況出現在最後一行：Create（））。

我會感謝任何幫助，瞭解我做錯了什麼。

感謝， 羅南

Answer 1

我有一些問題。順便說一句，您在代碼中設置了一次分配PKCS11.CKA_LOCAL兩次。這不是正確的。不要設置屬性PKCS11.CKA_LOCAL - 它會自動設置。如果設置爲PKCS11.SENSITIVE，則無法設置CKA_EXTRACTABLE，CKA_NEVER_EXTRACTABLE和CKA_ALWAYS_SENSITIVE。

此代碼應工作：

List<PKCS11.Attribute> attList = new List<PKCS11.Attribute>{}; 

    attList.Add(new PKCS11.Attribute(PKCS11.CKA_CLASS, PKCS11.CKO_PRIVATE_KEY)); 
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_KEY_TYPE, PKCS11.CKK_RSA)); 
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_PRIVATE, true)); 
    //attList.Add(new PKCS11.Attribute(PKCS11.CKA_SUBJECT, cert.SubjectName.RawData)); 
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_ID, 0xa1)); 
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_LABEL, label)); 
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_TOKEN, true)); 
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_MODULUS, publicParams.Modulus)); 
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_PUBLIC_EXPONENT, publicParams.Exponent)); 
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_PRIVATE_EXPONENT, publicParams.D)); 
    // attList.Add(new ObjectAttribute(PKCS11.CKH_CLOCK, true)); 
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_MODIFIABLE, true)); 
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_SENSITIVE, true)); 
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_DERIVE, false)); 
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_DECRYPT, true)); 
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_SIGN, true)); 
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_SIGN_RECOVER, false)); 
    attList.Add(new PKCS11.Attribute(PKCS11.CKA_UNWRAP, false)); 

    PKCS11.Object.Create(session, attList.ToArray());