EldoS | Feel safer!

Software components for data protection, secure storage and transfer

HSM Private Key but Certificate on disk

Also by EldoS: Rethync
The cross-platform framework that simplifies synchronizing data between mobile and desktop applications and servers and cloud storages
Posted: 11/15/2011 11:45:21
by Aarron Shaughnessy (Standard support level)
Joined: 11/11/2011
Posts: 14

Thanks very much for your help. I now have a valid signing via the HSM.

One last question. Is there any way to get back the Label name of the key from the HSM?

get_Keys().StrLabel is empty for all keys. I want to ofer up a list of key names, but all I have is get_keyIds() which isnt very user friendly.
Posted: 11/15/2011 11:52:10
by Ken Ivanov (EldoS Corp.)

StrLabel has no relation to key label; in fact it is a parameter of RSA-OAEP encryption algorithm. Please use the TElKeyMaterial.KeySubject to get the friendly name of the key as it is returned by the token.
Posted: 11/16/2011 08:07:37
by Aarron Shaughnessy (Standard support level)
Joined: 11/11/2011
Posts: 14

Nope. Still empty. In fact ElRSAKeyMaterial.KeyID and ElRSAKeyMaterial.KeySubject are both null.

You would expect the KeyID to be populated (seeing as get_keyIds() works).

Posted: 11/16/2011 08:23:30
by Ken Ivanov (EldoS Corp.)

Hmm, it's quite strange - if get_KeyIDs() does work, so should TElKeyMaterial.KeyID properties. Do original key objects (obtained directly through the TElPKCS11CertStorage.Keys[] property) also have these properties empty, or it's only the cloned objects which do?
Posted: 11/16/2011 09:56:04
by Aarron Shaughnessy (Standard support level)
Joined: 11/11/2011
Posts: 14

That is with the original TElPKCS11CertStorage.get_Keys() method (ther is no Keys[] array as far as I can see).
Posted: 11/16/2011 10:48:07
by Ken Ivanov (EldoS Corp.)

Indeed, the issue does exist. We are investigating it now. We will get back to you with the details as soon as we discover something.
Posted: 11/16/2011 11:14:12
by Ken Ivanov (EldoS Corp.)

The issue has been localized and is being fixed at the moment. You can expect the fix to be available with the future SecureBlackbox build update.

Thank you for pointing us at the problem.
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.



Topic viewed 3954 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!