AFAIK, returning or not the attributes from an object, depends on the token. I recommend you reading about CKO_PRIVATE_KEY on PKCS#11 standard to understand what can be happening. For example if token=card, CKA_PRIME_1 *musnt* be on the card, as far is not *needed* to do cryptographic operations.
El día 26 de enero de 2012 14:08, weizhong qiang <weizhongqi...@gmail.com> escribió: > hi, > Is there a fact that nss does not permit the reading of the attribute > CKA_PRIVATE_EXPONENT, CKA_PRIME_1, etc.? > Because with all of the eight attributes, it is possible to compose the > content of the private key, but the outputting of private key is not allowed > in nss? > > Thanks and Best Regards, > Weizhong Qiang > > On Jan 26, 2012, at 9:43 AM, helpcrypto helpcrypto wrote: > >> Is eny error shown at NSSUtilLogger.msg(ERROR, "Failed to read >> attribute %x from private key.", type); ? >> >> El día 25 de enero de 2012 17:04, weizhong qiang >> <weizhongqi...@gmail.com> escribió: >>> hi all, >>> I tried to get the attributes from a private key (see the following code >>> piece). But only the CKA_MODULUS and CKA_PUBLIC_EXPONENT can be got, others >>> (CKA_PRIVATE_EXPONENT etc.) can not be got. >>> Could you tell me how to solve it? >>> By the way, I generate rsa key pair without "sensitive" >>> (PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaParams, pubk, >>> PR_TRUE, PR_FALSE, NULL); ), so I suppose the private key is not protected >>> by password, and can be output? >>> >>> Best Regards, >>> Weizhong Qiang >>> >>> >>> >>> >>> /****************/ >>> static bool ReadPrivKeyAttribute(SECKEYPrivateKey* key, CK_ATTRIBUTE_TYPE >>> type, std::vector<uint8>* output) { >>> SECItem item; >>> SECStatus rv; >>> rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item); >>> if (rv != SECSuccess) { >>> NSSUtilLogger.msg(ERROR, "Failed to read attribute %x from private >>> key.", type); >>> return false; >>> } >>> output->assign(item.data, item.data + item.len); >>> SECITEM_FreeItem(&item, PR_FALSE); >>> return true; >>> } >>> >>> static bool ExportPrivateKey(SECKEYPrivateKey* key, std::vector<uint8>* >>> output) { >>> PrivateKeyInfoCodec private_key_info(true); >>> >>> // Manually read the component attributes of the private key and build up >>> // the PrivateKeyInfo. >>> if (!ReadPrivKeyAttribute(key, CKA_MODULUS, private_key_info.modulus()) >>> || >>> !ReadPrivKeyAttribute(key, CKA_PUBLIC_EXPONENT, >>> private_key_info.public_exponent()) || >>> !ReadPrivKeyAttribute(key, CKA_PRIVATE_EXPONENT, >>> private_key_info.private_exponent()) || >>> !ReadPrivKeyAttribute(key, CKA_PRIME_1, private_key_info.prime1()) || >>> !ReadPrivKeyAttribute(key, CKA_PRIME_2, private_key_info.prime2()) || >>> !ReadPrivKeyAttribute(key, CKA_EXPONENT_1, >>> private_key_info.exponent1()) || >>> !ReadPrivKeyAttribute(key, CKA_EXPONENT_2, >>> private_key_info.exponent2()) || >>> !ReadPrivKeyAttribute(key, CKA_COEFFICIENT, >>> private_key_info.coefficient())) { >>> return false; >>> } >>> >>> return private_key_info.Export(output); >>> } >>> >>> -- >>> dev-tech-crypto mailing list >>> dev-tech-crypto@lists.mozilla.org >>> https://lists.mozilla.org/listinfo/dev-tech-crypto >> -- >> dev-tech-crypto mailing list >> dev-tech-crypto@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-tech-crypto > > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto