hi all,
I tried to get the attributes from a private key (see the following code
piece). But only the CKA_MODULUS and CKA_PUBLIC_EXPONENT can be got, others
(CKA_PRIVATE_EXPONENT etc.) can not be got.
Could you tell me how to solve it?
By the way, I generate rsa key pair without "sensitive"
(PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaParams, pubk,
PR_TRUE, PR_FALSE, NULL); ), so I suppose the private key is not protected by
password, and can be output?
Best Regards,
Weizhong Qiang
/****************/
static bool ReadPrivKeyAttribute(SECKEYPrivateKey* key, CK_ATTRIBUTE_TYPE
type, std::vector<uint8>* output) {
SECItem item;
SECStatus rv;
rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item);
if (rv != SECSuccess) {
NSSUtilLogger.msg(ERROR, "Failed to read attribute %x from private key.",
type);
return false;
}
output->assign(item.data, item.data + item.len);
SECITEM_FreeItem(&item, PR_FALSE);
return true;
}
static bool ExportPrivateKey(SECKEYPrivateKey* key, std::vector<uint8>*
output) {
PrivateKeyInfoCodec private_key_info(true);
// Manually read the component attributes of the private key and build up
// the PrivateKeyInfo.
if (!ReadPrivKeyAttribute(key, CKA_MODULUS, private_key_info.modulus()) ||
!ReadPrivKeyAttribute(key, CKA_PUBLIC_EXPONENT,
private_key_info.public_exponent()) ||
!ReadPrivKeyAttribute(key, CKA_PRIVATE_EXPONENT,
private_key_info.private_exponent()) ||
!ReadPrivKeyAttribute(key, CKA_PRIME_1, private_key_info.prime1()) ||
!ReadPrivKeyAttribute(key, CKA_PRIME_2, private_key_info.prime2()) ||
!ReadPrivKeyAttribute(key, CKA_EXPONENT_1, private_key_info.exponent1())
||
!ReadPrivKeyAttribute(key, CKA_EXPONENT_2, private_key_info.exponent2())
||
!ReadPrivKeyAttribute(key, CKA_COEFFICIENT,
private_key_info.coefficient())) {
return false;
}
return private_key_info.Export(output);
}
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
