3
我正在使用帶有PKCS11接口的SafeNet(Alladin)eToken到C#。 我需要將不帶eToken的RSA密鑰導入eToken。Alladin eToken失敗,導入RSA密鑰
的RSA密鑰的創建是通過做:
RSACryptoServiceProvider RSA = new RSACryptoServiceProvider();
RSAParameters publicKey = RSA.ExportParameters(false);
RSAParameters privateKey = RSA.ExportParameters(true);
eTokenHelper.WritePrivateKeyToToken(session, privateKey, "private");
及以上WritePrivateKeyToToken的實現是:
public static void WritePrivateKeyToToken(PKCS11.Session session, System.Security.Cryptography.RSAParameters publicParams, string label)
{
List<PKCS11.Attribute> attList = new List<PKCS11.Attribute>{};
attList.Add(new PKCS11.Attribute(PKCS11.CKA_CLASS, PKCS11.CKO_PRIVATE_KEY));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_KEY_TYPE, PKCS11.CKK_RSA));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_PRIVATE, true));
//attList.Add(new PKCS11.Attribute(PKCS11.CKA_SUBJECT, cert.SubjectName.RawData));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_ID, 0xa1));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_LABEL, label));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_TOKEN, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_MODULUS, publicParams.Modulus));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_PUBLIC_EXPONENT, publicParams.Exponent));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_PRIVATE_EXPONENT, publicParams.D));
// attList.Add(new ObjectAttribute(PKCS11.CKH_CLOCK, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_MODIFIABLE, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_LOCAL, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_EXTRACTABLE, false));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_NEVER_EXTRACTABLE, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_SENSITIVE, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_ALWAYS_SENSITIVE, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_DERIVE, false));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_LOCAL, false));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_DECRYPT, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_SIGN, true));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_SIGN_RECOVER, false));
attList.Add(new PKCS11.Attribute(PKCS11.CKA_UNWRAP, false));
PKCS11.Object.Create(session, attList.ToArray());
}
當我運行這段代碼,我得到的代碼
異常public const int CKR_TEMPLATE_INCONSISTENT = 0x000000D1;
(例外情況出現在最後一行:Create())。
我會感謝任何幫助,瞭解我做錯了什麼。
感謝, 羅南
吉日,謝謝你的答案......從過去的時間長的距離,你能弄清楚爲什麼我得到'公共const int的CKR_TEMPLATE_INCOMPLETE = 0x000000D0; '用你的代碼?任何幫助將不勝感激! – Eli