EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PKCS11 store private keys go missing on second run

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#18298
Posted: 11/25/2011 11:43:00
by Aarron Shaughnessy (Standard support level)
Joined: 11/11/2011
Posts: 14

I now have a working routine that attaches an HSM private key (via PKCS#11) to a certificate (loaded from a DER), and then signs some data with it. However when I call the routine for a second time, the private keys have all dissapeared (although the public keys are still visible).

i.e On the first run through TElPKCS11CertStorage.KeyCount is 12, on the second its only 6.

The routine is run identically (this is currently just a test app with fixed parameters). The session login occurs identically.

My routine holds the TElPKCS11SessionInfo open for the entire signing period before calling the TElPKCS11SessionInfo.Close(), and finally the TElPKCS11CertStorage.Close().

Can you think of any reason why the keys (only the private ones) have dissapeared ?

Many thanks
#18299
Posted: 11/25/2011 12:01:05
by Ken Ivanov (EldoS Corp.)

Apparently, some user authorization issue takes place here. On the second run the driver and/or token treat the user as if they have not logged in, and consequently only return public keys.

There are many potential reasons for the issue. The first thing to check is to ensure that every Login() call has the corresponding Logout() call.
#18307
Posted: 11/28/2011 03:51:02
by Aarron Shaughnessy (Standard support level)
Joined: 11/11/2011
Posts: 14

Logout() is was. Thank you very much.
#18311
Posted: 11/28/2011 06:11:08
by Aarron Shaughnessy (Standard support level)
Joined: 11/11/2011
Posts: 14

I may as well keep all the silly questions in one thread;

Now my app is correctly signing on my windows 7 32bit machine, I have moved over to perform a test on a 64 bit machine (server 2008).

Unfortunately the SBUtils.Unit.SetLicenseKey(string) now throws a ElLicenceError exception.

Im only using the trial key found in LicenseKey.der (but the one in the PKI signing sample application doesnt work either).

Ive installed the same copy of SBB on both (8.2), and compiled the test app identically (.Net 4 , AnyCPU).

Any help appreciated
#18312
Posted: 11/28/2011 06:14:35
by Ken Ivanov (EldoS Corp.)

Could you please let us know the exact error message you get?
#18313
Posted: 11/28/2011 06:17:43
by Aarron Shaughnessy (Standard support level)
Joined: 11/11/2011
Posts: 14

"Provided license key is invalid or is valid for version of SecureBlackbox, other than current one. Please check that the license key is pasted correctly and your license covers current SecureBlackbox version."

Hope this helps
#18314
Posted: 11/28/2011 06:28:35
by Ken Ivanov (EldoS Corp.)

Thank you. There is actually only one general reason for the issue you are facing - you are passing a version X license key to version Y components. The x64 machine is likely to had had some other version of SecureBlackbox (e.g. 7 or 9) installed before you have installed SBB 8 on it, and that older/newer version is now causing version conflict. Please re-check that all the SecureBlackbox assemblies referenced from your project are of the same 8.2 version.
#18318
Posted: 11/28/2011 10:28:04
by Aarron Shaughnessy (Standard support level)
Joined: 11/11/2011
Posts: 14

Thanks. It was the 32 bit PC in error, having an old copy of 8.2 installed. Ive downloaded 9.1 but clearly hadnt installed it.

So I uninstalled both, redownloaded from http://www.eldos.com/files/sbb_current/secbboxnet.zip , which installs fine on the 2008x64 but wont install on my Win7x86.

It gets to "Installing to GAC" then "c\Progra~1\EldoS\Secure~1.NET\REGWRI~1.exe" failes with "The version of this file is not compatable with the version of windows you're running. ..."

Im guessing the installer is trying to run RegWrite64.exe on my 32bit OS and failing.

Ive tried a couple of times, including clearing out the Eldos folder, but to no avail.

Aarron
#18320
Posted: 11/29/2011 03:24:56
by Ken Ivanov (EldoS Corp.)

The type of OS is automatically detected by the installer, so it should not normally invoke RegWrite64 on 32 bit systems. Apparently the installer is confused by something that makes it consider your 32 bit system to be a 64 bit one. Could you please send us the INSTALL.LOG file created in the installation directory during the installation? It might help to shed some light on the issue. You can either post it here (remember to zip it first in this case), or create a Helpdesk ticket and upload the log there.
#18334
Posted: 11/30/2011 05:41:21
by Aarron Shaughnessy (Standard support level)
Joined: 11/11/2011
Posts: 14

For completeness (i.e people using the forum search). The Eldos installer checks both the "ProgramW6432" environment variable and the existance of the %windir%\SysWow64 folder to confirm if the platform is 64 bit.

I had the latter due to some other software having installed a dll there. Renaming the directory momenteraly allowed normal installation.
Also by EldoS: BizCrypto
Components for BizTalk® and SQL Server® Integration Services that let you securely store and transfer information in your business automation solutions.

Reply

Statistics

Topic viewed 2091 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!