-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't get keys from HSM #1
Comments
What are the values of |
The first value is false and there is no definition for KeyType in Info. When I checked HSMs content via Pkcs11Admin tool, I can see just 2 cer files there, both are public certificate. As the manufacturer said "you will see private key and certificate individually". I unterstood that from this sentence,public and private keys stored seperated. |
Do you see any objects in Pkcs11Admin on |
Yes, I can see all objects, private keys and public keys. |
It is important to understand that Pkcs11Interop.X509Store uses the value of |
ID colum values are same but label column values are not same. Public certificate has 4 character more, "_CER". Bytheway how can we open session and login with Pkcs11Interop.X509Store? When I create an instance of Pkcs11Interop.X509Store, there is only pin parameter. |
Change label on certificate object to match private key object and that's it.
Pkcs11Interop.X509Store does not expose sessions to public API. It manages them for you. |
I think I am missing something. I want to take a picture of the situation:
|
I get able to change certificate label but now here is a different exception like:
|
Thanks for the report. It's fixed in 073fb41. You can try with the code from current master branch. |
Thanks for update. But I couldn't get that how can I try. Should I get master branch and build it for myself? |
Yes. That would be the fastest way to try it out. |
Ok thanks, I will try. Bytheway do yo have any plan to to add XML sign functions into Pkcs11Interop project? |
IMO you can safely rename the certificate. PKCS#11 object label (
Third parameter of
Label of your certificate object did not match label of your private key object. That's why the pairing was unsuccessful and you received only certificate without associated private key.
Your understanding is correct and the exception should be fixed now. |
Currently no. Pkcs11Interop is low-level PKCS#11 wrapper and I like it that way. XML signing is high-level operation and such operations will be implemented/supported only in Pkcs11Interop.X509Store project. |
@aaktash any update on this? Have you managed to resolve the issues? |
I need to get private key to use as SignedXml.SigningKey. We use HSM to store keys and I used Pkcs11Interop.X509Store to get certifates:
var store = new Pkcs11X509Store(pkcs11LibraryPath, new ConstPinProvider("Pin"));
Pkcs11X509Certificate cert = store.Slots[0].Token.Certificates[0];
RSA rsaPrivateKey = cert.GetRSAPrivateKey();
But GetRSAPrivateKey() returns null.
When I use Pkcs11Interop to get private key,I am able to get the key and use it in signing.
But I can't use ObjectHandle in SignedXml functions.
Is there any way to use Private key as SignedXml.SigningKey?Do I have to implement custom class inherited from RSA as you adviced there?
The text was updated successfully, but these errors were encountered: