EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PKCS#11 - Is it possible to create SecretKey Objects programmatically?

Posted: 05/03/2008 10:14:43
by Gonzalo Tomas (Basic support level)
Joined: 05/03/2008
Posts: 2

I have downloaded SecureBlackbox evaluation edition, because I am working on a project where Ihave to access and use different cryptocards/tokens. The environment I am using is VS.NET 2005 and the code is written in C#. If I can resolve the issues that I describe bellow, I am considering buying 1 or 2 licenses of SecureBlackbox PKI or SecureBalckbox Data Security.

So far I have been able to access the cryptocards (several at the same time) and create Data Objects on them, but I have not been able to create SecretKey Objects, which I need for cryptographic purposes. I have not found samples in the documentation to do this and I am wondering if it is possible, because the TElPKCS11SecretKeyObject class does not accept as input values like SecretKey type, keylenght or the key itself, which I consider necessary to create a Secret Key. Could you clarify this to me? Could I create SecretKey objects programmatically or I have to create them previously with a different application? Does this apply to Private/Public Keys too?

The other thing that I noticed is that the Data Objects that I was able to create are fully visible (value content) even thought I have created them with the property "private_" set to True. I want to protect the content of the Data Objects until the user/application logins to the cryptocard. How do I achieve this?

For your information I am using SecureBlackbox version 6.0, .NET Edition, the cryptocards are JavaCard JCOP21 v2.2 and Siemens CardOS 4.3b both with PKI applet and the middleware is from Charismathics Gmbh (version 4.3).

Thanks in advance.
Posted: 05/03/2008 11:42:49
by Eugene Mayevski (Team)

Creation of PKCS#11 objects is limited in SecureBlackbox 6. We will extend support for cryptography hardware in SecureBlackbox 7 which is planned for late autumn or winter.
So far you can only call PKCS#11 functions directly, but this requires deep knowledge of PKCS#11 and PKI in general.

Sincerely yours
Eugene Mayevski
Posted: 05/03/2008 18:01:52
by Gonzalo Tomas (Basic support level)
Joined: 05/03/2008
Posts: 2

Hi Eugene,

First of all, thanks for your fast reply!

It looks like that I will have wait until the next version of Secureblackbox to have complete access to the cryptocards. Meantime, do you have any suggestion to add support to PKCS#11 cryptocards on to my C# application?

Best regards,

Posted: 05/04/2008 01:41:00
by Eugene Mayevski (Team)

No suggestions other than wait because PKSC#11 is quite low-level interface and despite our experience we have to do plenty of work. For somebody without specialization in cryptography this will take months.

Sincerely yours
Eugene Mayevski



Topic viewed 1988 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS business operates as a division of /n software, inc. For more information, please read the announcement.

Got it!