AFAIK, returning or not the attributes from an object, depends on the token.
I recommend you reading about CKO_PRIVATE_KEY on PKCS#11 standard to
understand what can be happening.
For example if token=card, CKA_PRIME_1 *musnt* be on the card, as far
is not *needed* to do cryptographic operations.
El día 26 de enero de 2012 14:08, weizhong qiang
<weizhongqi...@gmail.com> escribió:
> hi,
> Is there a fact that nss does not permit the reading of the attribute
> CKA_PRIVATE_EXPONENT, CKA_PRIME_1, etc.?
> Because with all of the eight attributes, it is possible to compose the
> content of the private key, but the outputting of private key is not allowed
> in nss?
>
> Thanks and Best Regards,
> Weizhong Qiang
>
> On Jan 26, 2012, at 9:43 AM, helpcrypto helpcrypto wrote:
>
>> Is eny error shown at NSSUtilLogger.msg(ERROR, "Failed to read
>> attribute %x from private key.", type); ?
>>
>> El día 25 de enero de 2012 17:04, weizhong qiang
>> <weizhongqi...@gmail.com> escribió:
>>> hi all,
>>> I tried to get the attributes from a private key (see the following code
>>> piece). But only the CKA_MODULUS and CKA_PUBLIC_EXPONENT can be got, others
>>> (CKA_PRIVATE_EXPONENT etc.) can not be got.
>>> Could you tell me how to solve it?
>>> By the way, I generate rsa key pair without "sensitive"
>>> (PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaParams, pubk,
>>> PR_TRUE, PR_FALSE, NULL); ), so I suppose the private key is not protected
>>> by password, and can be output?
>>>
>>> Best Regards,
>>> Weizhong Qiang
>>>
>>>
>>>
>>>
>>> /****************/
>>> static bool ReadPrivKeyAttribute(SECKEYPrivateKey* key, CK_ATTRIBUTE_TYPE
>>> type, std::vector<uint8>* output) {
>>> SECItem item;
>>> SECStatus rv;
>>> rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item);
>>> if (rv != SECSuccess) {
>>> NSSUtilLogger.msg(ERROR, "Failed to read attribute %x from private
>>> key.", type);
>>> return false;
>>> }
>>> output->assign(item.data, item.data + item.len);
>>> SECITEM_FreeItem(&item, PR_FALSE);
>>> return true;
>>> }
>>>
>>> static bool ExportPrivateKey(SECKEYPrivateKey* key, std::vector<uint8>*
>>> output) {
>>> PrivateKeyInfoCodec private_key_info(true);
>>>
>>> // Manually read the component attributes of the private key and build up
>>> // the PrivateKeyInfo.
>>> if (!ReadPrivKeyAttribute(key, CKA_MODULUS, private_key_info.modulus())
>>> ||
>>> !ReadPrivKeyAttribute(key, CKA_PUBLIC_EXPONENT,
>>> private_key_info.public_exponent()) ||
>>> !ReadPrivKeyAttribute(key, CKA_PRIVATE_EXPONENT,
>>> private_key_info.private_exponent()) ||
>>> !ReadPrivKeyAttribute(key, CKA_PRIME_1, private_key_info.prime1()) ||
>>> !ReadPrivKeyAttribute(key, CKA_PRIME_2, private_key_info.prime2()) ||
>>> !ReadPrivKeyAttribute(key, CKA_EXPONENT_1,
>>> private_key_info.exponent1()) ||
>>> !ReadPrivKeyAttribute(key, CKA_EXPONENT_2,
>>> private_key_info.exponent2()) ||
>>> !ReadPrivKeyAttribute(key, CKA_COEFFICIENT,
>>> private_key_info.coefficient())) {
>>> return false;
>>> }
>>>
>>> return private_key_info.Export(output);
>>> }
>>>
>>> --
>>> dev-tech-crypto mailing list
>>> dev-tech-crypto@lists.mozilla.org
>>> https://lists.mozilla.org/listinfo/dev-tech-crypto
>> --
>> dev-tech-crypto mailing list
>> dev-tech-crypto@lists.mozilla.org
>> https://lists.mozilla.org/listinfo/dev-tech-crypto
>
> --
> dev-tech-crypto mailing list
> dev-tech-crypto@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-tech-crypto
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
