1. 首頁
  2. 問答
  3. Ncryptoki錯誤號208/209(導入證書)

Ncryptoki錯誤號208/209(導入證書)

2017-05-17 58 views
0

我在使用NCryptoki將證書導入Alladin eToken時遇到問題。Ncryptoki錯誤號208/209(導入證書)

X509Certificate2 cert = new X509Certificate2(test.cer); 
byte[] id = Encoding.ASCII.GetBytes("MyKeyPairID"); 
CryptokiCollection template = new CryptokiCollection(); 
template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_CERTIFICATE)); 
template.Add(new ObjectAttribute(ObjectAttribute.CKA_CERTIFICATE_TYPE, Certificate.CKC_X_509)); 
template.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true)); 
template.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, false)); 
template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "MyLabel")); 
template.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, id)); 
template.Add(new ObjectAttribute(ObjectAttribute.CKA_SUBJECT, cert.SubjectName.RawData)); 
template.Add(new ObjectAttribute(ObjectAttribute.CKA_ISSUER, cert.Issuer)); 
template.Add(new ObjectAttribute(ObjectAttribute.CKA_SERIAL_NUMBER, cert.GetRawCertData())); 
template.Add(new ObjectAttribute(ObjectAttribute.CKA_VALUE, cert.RawData)); 
CryptokiObject certificate = session.Objects.Create(template);

我得到錯誤209(0xD1)CKR_TEMPLATE_INCONSISTENT。如果我刪除這一行:

template.Add(new ObjectAttribute(ObjectAttribute.CKA_VALUE, cert.RawData));

我得到錯誤208(0xD0)CKR_TEMPLATE_INCOMPLETE

來源

2017-05-17 cryptographyquestions

回答

0

看起來你正在爲CKA_SUBJECT,CKA_ISSUERCKA_SERIAL_NUMBER屬性設置錯誤的值。

在與Pkcs11InteropBouncyCastle庫中的代碼通常是爲我工作:

/// <summary> 
/// Imports certificate into the PKCS#11 compatible device 
/// </summary> 
/// <param name="session">Session with user logged in</param> 
/// <param name="certificate">Certificate that should be imported</param> 
/// <param name="ckaLabel">Value of CKA_LABEL attribute</param> 
/// <param name="ckaId">Value of CKA_ID attribute</param> 
/// <returns>Handle of created certificate object</returns> 
public static ObjectHandle ImportCertificate(Session session, byte[] certificate, string ckaLabel, byte[] ckaId) 
{ 
    // Parse certificate 
    X509CertificateParser x509CertificateParser = new X509CertificateParser(); 
    X509Certificate x509Certificate = x509CertificateParser.ReadCertificate(certificate); 

    // Define attributes of new certificate object 
    List<ObjectAttribute> certificateAttributes = new List<ObjectAttribute>(); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE)); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true)); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, false)); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_MODIFIABLE, true)); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, ckaLabel)); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_CERTIFICATE_TYPE, CKC.CKC_X_509)); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_TRUSTED, false)); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_SUBJECT, x509Certificate.SubjectDN.GetDerEncoded())); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId)); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_ISSUER, x509Certificate.IssuerDN.GetDerEncoded())); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_SERIAL_NUMBER, new DerInteger(x509Certificate.SerialNumber).GetDerEncoded())); 
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_VALUE, x509Certificate.GetEncoded())); 

    // Create certificate object 
    return session.CreateObject(certificateAttributes); 
}

來源

2017-05-17 07:44:37 jariq

相關問題

 相關問題