Is eny error shown at NSSUtilLogger.msg(ERROR, "Failed to read attribute %x from private key.", type); ?
El día 25 de enero de 2012 17:04, weizhong qiang <weizhongqi...@gmail.com> escribió: > hi all, > I tried to get the attributes from a private key (see the following code > piece). But only the CKA_MODULUS and CKA_PUBLIC_EXPONENT can be got, others > (CKA_PRIVATE_EXPONENT etc.) can not be got. > Could you tell me how to solve it? > By the way, I generate rsa key pair without "sensitive" > (PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaParams, pubk, > PR_TRUE, PR_FALSE, NULL); ), so I suppose the private key is not protected by > password, and can be output? > > Best Regards, > Weizhong Qiang > > > > > /****************/ > static bool ReadPrivKeyAttribute(SECKEYPrivateKey* key, CK_ATTRIBUTE_TYPE > type, std::vector<uint8>* output) { > SECItem item; > SECStatus rv; > rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item); > if (rv != SECSuccess) { > NSSUtilLogger.msg(ERROR, "Failed to read attribute %x from private > key.", type); > return false; > } > output->assign(item.data, item.data + item.len); > SECITEM_FreeItem(&item, PR_FALSE); > return true; > } > > static bool ExportPrivateKey(SECKEYPrivateKey* key, std::vector<uint8>* > output) { > PrivateKeyInfoCodec private_key_info(true); > > // Manually read the component attributes of the private key and build up > // the PrivateKeyInfo. > if (!ReadPrivKeyAttribute(key, CKA_MODULUS, private_key_info.modulus()) || > !ReadPrivKeyAttribute(key, CKA_PUBLIC_EXPONENT, > private_key_info.public_exponent()) || > !ReadPrivKeyAttribute(key, CKA_PRIVATE_EXPONENT, > private_key_info.private_exponent()) || > !ReadPrivKeyAttribute(key, CKA_PRIME_1, private_key_info.prime1()) || > !ReadPrivKeyAttribute(key, CKA_PRIME_2, private_key_info.prime2()) || > !ReadPrivKeyAttribute(key, CKA_EXPONENT_1, private_key_info.exponent1()) > || > !ReadPrivKeyAttribute(key, CKA_EXPONENT_2, private_key_info.exponent2()) > || > !ReadPrivKeyAttribute(key, CKA_COEFFICIENT, > private_key_info.coefficient())) { > return false; > } > > return private_key_info.Export(output); > } > > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto