On Jan 26, 2012, at 4:44 PM, helpcrypto helpcrypto wrote:
> AFAIK, returning or not the attributes from an object, depends on the token.
Everything I am operating is on the nss internal softoken.
> I recommend you reading about CKO_PRIVATE_KEY on PKCS#11 standard to
> understand what can be happening.
> For example if token=card, CKA_PRIME_1 *musnt* be on the card, as far
> is not *needed* to do cryptographic operations.
>
> El día 26 de enero de 2012 14:08, weizhong qiang
> <weizhongqi...@gmail.com> escribió:
>> hi,
>> Is there a fact that nss does not permit the reading of the attribute
>> CKA_PRIVATE_EXPONENT, CKA_PRIME_1, etc.?
>> Because with all of the eight attributes, it is possible to compose the
>> content of the private key, but the outputting of private key is not allowed
>> in nss?
>>
>> Thanks and Best Regards,
>> Weizhong Qiang
>>
>> On Jan 26, 2012, at 9:43 AM, helpcrypto helpcrypto wrote:
>>
>>> Is eny error shown at NSSUtilLogger.msg(ERROR, "Failed to read
>>> attribute %x from private key.", type); ?
>>>
>>> El día 25 de enero de 2012 17:04, weizhong qiang
>>> <weizhongqi...@gmail.com> escribió:
>>>> hi all,
>>>> I tried to get the attributes from a private key (see the following code
>>>> piece). But only the CKA_MODULUS and CKA_PUBLIC_EXPONENT can be got,
>>>> others (CKA_PRIVATE_EXPONENT etc.) can not be got.
>>>> Could you tell me how to solve it?
>>>> By the way, I generate rsa key pair without "sensitive"
>>>> (PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, &rsaParams, pubk,
>>>> PR_TRUE, PR_FALSE, NULL); ), so I suppose the private key is not protected
>>>> by password, and can be output?
>>>>
>>>> Best Regards,
>>>> Weizhong Qiang
>>>>
>>>>
>>>>
>>>>
>>>> /****************/
>>>> static bool ReadPrivKeyAttribute(SECKEYPrivateKey* key, CK_ATTRIBUTE_TYPE
>>>> type, std::vector<uint8>* output) {
>>>> SECItem item;
>>>> SECStatus rv;
>>>> rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, type, &item);
>>>> if (rv != SECSuccess) {
>>>> NSSUtilLogger.msg(ERROR, "Failed to read attribute %x from private
>>>> key.", type);
>>>> return false;
>>>> }
>>>> output->assign(item.data, item.data + item.len);
>>>> SECITEM_FreeItem(&item, PR_FALSE);
>>>> return true;
>>>> }
>>>>
>>>> static bool ExportPrivateKey(SECKEYPrivateKey* key, std::vector<uint8>*
>>>> output) {
>>>> PrivateKeyInfoCodec private_key_info(true);
>>>>
>>>> // Manually read the component attributes of the private key and build
>>>> up
>>>> // the PrivateKeyInfo.
>>>> if (!ReadPrivKeyAttribute(key, CKA_MODULUS, private_key_info.modulus())
>>>> ||
>>>> !ReadPrivKeyAttribute(key, CKA_PUBLIC_EXPONENT,
>>>> private_key_info.public_exponent()) ||
>>>> !ReadPrivKeyAttribute(key, CKA_PRIVATE_EXPONENT,
>>>> private_key_info.private_exponent()) ||
>>>> !ReadPrivKeyAttribute(key, CKA_PRIME_1, private_key_info.prime1()) ||
>>>> !ReadPrivKeyAttribute(key, CKA_PRIME_2, private_key_info.prime2()) ||
>>>> !ReadPrivKeyAttribute(key, CKA_EXPONENT_1,
>>>> private_key_info.exponent1()) ||
>>>> !ReadPrivKeyAttribute(key, CKA_EXPONENT_2,
>>>> private_key_info.exponent2()) ||
>>>> !ReadPrivKeyAttribute(key, CKA_COEFFICIENT,
>>>> private_key_info.coefficient())) {
>>>> return false;
>>>> }
>>>>
>>>> return private_key_info.Export(output);
>>>> }
>>>>
>>>> --
>>>> dev-tech-crypto mailing list
>>>> dev-tech-crypto@lists.mozilla.org
>>>> https://lists.mozilla.org/listinfo/dev-tech-crypto
>>> --
>>> dev-tech-crypto mailing list
>>> dev-tech-crypto@lists.mozilla.org
>>> https://lists.mozilla.org/listinfo/dev-tech-crypto
>>
>> --
>> dev-tech-crypto mailing list
>> dev-tech-crypto@lists.mozilla.org
>> https://lists.mozilla.org/listinfo/dev-tech-crypto
> --
> dev-tech-crypto mailing list
> dev-tech-crypto@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-tech-crypto
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
