On Jan 26, 2012, at 4:44 PM, helpcrypto helpcrypto wrote: > AFAIK, returning or not the attributes from an object, depends on the token.
Everything I am operating is on the nss internal softoken. > I recommend you reading about CKO_PRIVATE_KEY on PKCS#11 standard to > understand what can be happening. > For example if token=card, CKA_PRIME_1 *musnt* be on the card, as far > is not *needed* to do cryptographic operations. > > El día 26 de enero de 2012 14:08, weizhong qiang > <weizhongqi...@gmail.com> escribió: >> hi, >> Is there a fact that nss does not permit the reading of the attribute >> CKA_PRIVATE_EXPONENT, CKA_PRIME_1, etc.? >> Because with all of the eight attributes, it is possible to compose the >> content of the private key, but the outputting of private key is not allowed >> in nss? >> >> Thanks and Best Regards, >> Weizhong Qiang >> >> On Jan 26, 2012, at 9:43 AM, helpcrypto helpcrypto wrote: >> >>> Is eny error shown at NSSUtilLogger.msg(ERROR, "Failed to read >>> attribute %x from private key.", type); ? >>> >>> El día 25 de enero de 2012 17:04, weizhong qiang >>> <weizhongqi...@gmail.com> escribió: >>>> hi all, >>>> I tried to get the attributes from a private key (see the following code >>>> piece). But only the CKA_MODULUS and CKA_PUBLIC_EXPONENT can be got, >>>> others (CKA_PRIVATE_EXPONENT etc.) can not be got. >>>> Could you tell me how to solve it? >>>> By the way, I generate rsa key pair without "sensitive" >>>> (PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaParams, pubk, >>>> PR_TRUE, PR_FALSE, NULL); ), so I suppose the private key is not protected >>>> by password, and can be output? >>>> >>>> Best Regards, >>>> Weizhong Qiang >>>> >>>> >>>> >>>> >>>> /****************/ >>>> static bool ReadPrivKeyAttribute(SECKEYPrivateKey* key, CK_ATTRIBUTE_TYPE >>>> type, std::vector<uint8>* output) { >>>> SECItem item; >>>> SECStatus rv; >>>> rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item); >>>> if (rv != SECSuccess) { >>>> NSSUtilLogger.msg(ERROR, "Failed to read attribute %x from private >>>> key.", type); >>>> return false; >>>> } >>>> output->assign(item.data, item.data + item.len); >>>> SECITEM_FreeItem(&item, PR_FALSE); >>>> return true; >>>> } >>>> >>>> static bool ExportPrivateKey(SECKEYPrivateKey* key, std::vector<uint8>* >>>> output) { >>>> PrivateKeyInfoCodec private_key_info(true); >>>> >>>> // Manually read the component attributes of the private key and build >>>> up >>>> // the PrivateKeyInfo. >>>> if (!ReadPrivKeyAttribute(key, CKA_MODULUS, private_key_info.modulus()) >>>> || >>>> !ReadPrivKeyAttribute(key, CKA_PUBLIC_EXPONENT, >>>> private_key_info.public_exponent()) || >>>> !ReadPrivKeyAttribute(key, CKA_PRIVATE_EXPONENT, >>>> private_key_info.private_exponent()) || >>>> !ReadPrivKeyAttribute(key, CKA_PRIME_1, private_key_info.prime1()) || >>>> !ReadPrivKeyAttribute(key, CKA_PRIME_2, private_key_info.prime2()) || >>>> !ReadPrivKeyAttribute(key, CKA_EXPONENT_1, >>>> private_key_info.exponent1()) || >>>> !ReadPrivKeyAttribute(key, CKA_EXPONENT_2, >>>> private_key_info.exponent2()) || >>>> !ReadPrivKeyAttribute(key, CKA_COEFFICIENT, >>>> private_key_info.coefficient())) { >>>> return false; >>>> } >>>> >>>> return private_key_info.Export(output); >>>> } >>>> >>>> -- >>>> dev-tech-crypto mailing list >>>> dev-tech-crypto@lists.mozilla.org >>>> https://lists.mozilla.org/listinfo/dev-tech-crypto >>> -- >>> dev-tech-crypto mailing list >>> dev-tech-crypto@lists.mozilla.org >>> https://lists.mozilla.org/listinfo/dev-tech-crypto >> >> -- >> dev-tech-crypto mailing list >> dev-tech-crypto@lists.mozilla.org >> https://lists.mozilla.org/listinfo/dev-tech-crypto > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto