PKCS # 11 Create AES Key

Question

PKCS # 11 Create AES Key

Hei, The question is not Ncryptoki, but I didn’t know anywhere else to ask .. so if anyone can help, please help me. Im tryng to generate an AES key and has the code that I have right now:

CK_MECHANISM keyGenMech = new CK_MECHANISM(CKM.AES_KEY_GEN); CK_ATTRIBUTE[] template = { new CK_ATTRIBUTE(CKA.CLASS, CKO.SECRET_KEY), new CK_ATTRIBUTE(CKA.TOKEN, CK_BBOOL.TRUE), new CK_ATTRIBUTE(CKA.SENSITIVE, CK_BBOOL.TRUE), new CK_ATTRIBUTE(CKA.VALUE_LEN, 32), new CK_ATTRIBUTE(CKA.KEY_TYPE, CKK.AES), new CK_ATTRIBUTE(CKA.LABEL, "testAES".getBytes()), new CK_ATTRIBUTE(CKA.PRIVATE, new CK_BBOOL(bPrivate)) }; CryptokiEx.C_GenerateKey(session, keyGenMech, template, template.length, wrappingKey);

But this gives me an error:

 C_GenerateKey rv=0x62 - key size range

Can someone give me some idea where to go from here to solve this problem.

EDIT: For information only - I have SafeNet HSM and im using the PKCS # 11 java shell called jprov that comes with SafeNet ProtectToolkit.

+6

cryptography pkcs # 11 hsm

t678 Jul 11 '11 at 19:53

source share

1 answer

t678 · Answer 1 · 2011-07-12T05:38:01+0000

I found the answer, new CK_ATTRIBUTE(CKA.VALUE_LEN, 32), 32 in this case should be CK_ULONG, so when I do this:

 LongRef l = new LongRef((long)32); CK_ATTRIBUTE[] template = { new CK_ATTRIBUTE(CKA.CLASS, CKO.SECRET_KEY), new CK_ATTRIBUTE(CKA.TOKEN, CK_BBOOL.TRUE), new CK_ATTRIBUTE(CKA.SENSITIVE, CK_BBOOL.TRUE), new CK_ATTRIBUTE(CKA.VALUE_LEN, l.value), //new CK_ATTRIBUTE(CKA.VALUE, key), new CK_ATTRIBUTE(CKA.KEY_TYPE, CKK.AES), new CK_ATTRIBUTE(CKA.LABEL, "testAES".getBytes()), new CK_ATTRIBUTE(CKA.PRIVATE, new CK_BBOOL(bPrivate)) };

Where is LongRef :

 public class LongRef { public long value; public LongRef(long l) { //compiled code throw new RuntimeException("Compiled Code"); } }

Hope this helps someone.

PKCS # 11 Create AES Key

More articles: