EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Using PKCS#11 key material in certificate request

Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.
#34782
Posted: 10/15/2015 03:19:15
by Tomasz Sawicki (Standard support level)
Joined: 06/14/2007
Posts: 19

When using the following code, the generated request contains another public key than the one generated by keyMaterial.Generate. What am I doing wrong?

Code
int Algorithm = SBConstants.Unit.SB_CERT_ALGORITHM_ID_RSA_ENCRYPTION;
int Hash = SBConstants.Unit.SB_CERT_ALGORITHM_SHA1_RSA_ENCRYPTION;
int KeySize = 2048;

TElRSAKeyMaterial keyMaterial = new TElRSAKeyMaterial(Session.CryptoProvider); //from PKCS#11 token
keyMaterial.Generate(KeySize);

TElCertificateRequest FRequest = new TElCertificateRequest();

//set CSR fields
(...)

FRequest.SetKeyMaterial(keyMaterial);
FRequest.Generate(Algorithm, KeySize, Hash);
#34783
Posted: 10/15/2015 03:24:26
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

You should set TElCertificateRequest.PreserveKeyMaterial to 'true' before FRequest.Generate is called: https://www.eldos.com/documentation/sb...erial.html
#34784
Posted: 10/15/2015 03:34:42
by Tomasz Sawicki (Standard support level)
Joined: 06/14/2007
Posts: 19

Thanks. It's working now.
I suggest to add this remark to TElCertificateRequest.SetKeyMaterial documentation.
#34785
Posted: 10/15/2015 04:23:49
by Eugene Mayevski (EldoS Corp.)

We've updated documentation, thank you. Updated docs will go to SBB 14 release.


Sincerely yours
Eugene Mayevski

Reply

Statistics

Topic viewed 2213 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!