hi,
Is there a fact that nss does not permit the reading of the attribute
CKA_PRIVATE_EXPONENT, CKA_PRIME_1, etc.?
Because with all of the eight attributes, it is possible to compose the content
of the private key, but the outputting of private key is not allowed in nss?
Thanks and Best Regards,
Weizhong Qiang
On Jan 26, 2012, at 9:43 AM, helpcrypto helpcrypto wrote:
> Is eny error shown at NSSUtilLogger.msg(ERROR, "Failed to read
> attribute %x from private key.", type); ?
>
> El día 25 de enero de 2012 17:04, weizhong qiang
> <weizhongqi...@gmail.com> escribió:
>> hi all,
>> I tried to get the attributes from a private key (see the following code
>> piece). But only the CKA_MODULUS and CKA_PUBLIC_EXPONENT can be got, others
>> (CKA_PRIVATE_EXPONENT etc.) can not be got.
>> Could you tell me how to solve it?
>> By the way, I generate rsa key pair without "sensitive"
>> (PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaParams, pubk,
>> PR_TRUE, PR_FALSE, NULL); ), so I suppose the private key is not protected
>> by password, and can be output?
>>
>> Best Regards,
>> Weizhong Qiang
>>
>>
>>
>>
>> /****************/
>> static bool ReadPrivKeyAttribute(SECKEYPrivateKey* key, CK_ATTRIBUTE_TYPE
>> type, std::vector<uint8>* output) {
>> SECItem item;
>> SECStatus rv;
>> rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item);
>> if (rv != SECSuccess) {
>> NSSUtilLogger.msg(ERROR, "Failed to read attribute %x from private
>> key.", type);
>> return false;
>> }
>> output->assign(item.data, item.data + item.len);
>> SECITEM_FreeItem(&item, PR_FALSE);
>> return true;
>> }
>>
>> static bool ExportPrivateKey(SECKEYPrivateKey* key, std::vector<uint8>*
>> output) {
>> PrivateKeyInfoCodec private_key_info(true);
>>
>> // Manually read the component attributes of the private key and build up
>> // the PrivateKeyInfo.
>> if (!ReadPrivKeyAttribute(key, CKA_MODULUS, private_key_info.modulus()) ||
>> !ReadPrivKeyAttribute(key, CKA_PUBLIC_EXPONENT,
>> private_key_info.public_exponent()) ||
>> !ReadPrivKeyAttribute(key, CKA_PRIVATE_EXPONENT,
>> private_key_info.private_exponent()) ||
>> !ReadPrivKeyAttribute(key, CKA_PRIME_1, private_key_info.prime1()) ||
>> !ReadPrivKeyAttribute(key, CKA_PRIME_2, private_key_info.prime2()) ||
>> !ReadPrivKeyAttribute(key, CKA_EXPONENT_1,
>> private_key_info.exponent1()) ||
>> !ReadPrivKeyAttribute(key, CKA_EXPONENT_2,
>> private_key_info.exponent2()) ||
>> !ReadPrivKeyAttribute(key, CKA_COEFFICIENT,
>> private_key_info.coefficient())) {
>> return false;
>> }
>>
>> return private_key_info.Export(output);
>> }
>>
>> --
>> dev-tech-crypto mailing list
>> dev-tech-crypto@lists.mozilla.org
>> https://lists.mozilla.org/listinfo/dev-tech-crypto
> --
> dev-tech-crypto mailing list
> dev-tech-crypto@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-tech-crypto
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
