Comments (6)
Similar issue has been discussed recently in our mailing-list. My guess was that PKCS#11 library might be indicating that the base key type is not usable for this type of derivation. Which HSM / PKCS#11 implementation are you using?
We will need to determine whether the problem is in Pkcs11Interop or in unmanaged PKCS#11 library provided by the device vendor so please use pkcs11-logger to capture all unmanaged PKCS#11 calls made by your application and share the logs with me.
from pkcs11interop.
Hi Jariq,
It is indeed the same problem, I'm using safenet HSM.
Will do that, but have you ever encountered this question or problem before as per your knowledge?
Thank you kindly for your response.
from pkcs11interop.
Hi Jariq,
Please find the log:
0x000021ec : 0x000023d4 : ****************************** 2016-04-14 11:15:46 ***
0x000021ec : 0x000023d4 : Calling C_FindObjectsInit
0x000021ec : 0x000023d4 : Input
0x000021ec : 0x000023d4 : hSession: 262146
0x000021ec : 0x000023d4 : pTemplate: 00000000016F3840
0x000021ec : 0x000023d4 : ulCount: 1
0x000021ec : 0x000023d4 : *** Begin attribute template ***
0x000021ec : 0x000023d4 : Attribute 0
0x000021ec : 0x000023d4 : Attribute: 3 (CKA_LABEL)
0x000021ec : 0x000023d4 : pValue: 00000000016F3800
0x000021ec : 0x000023d4 : ulValueLen: 16
0x000021ec : 0x000023d4 : *pValue: HEX(546573744B6579446573334F70656E32) --> sample key, it works fine in getting the data, set the attribute as not sensitive.
0x000021ec : 0x000023d4 : *** End attribute template ***
0x000021ec : 0x000023d4 : Returning 0 (CKR_OK)
0x000021ec : 0x000023d4 : ****************************** 2016-04-14 11:15:46 ***
0x000021ec : 0x000023d4 : Calling C_FindObjects
0x000021ec : 0x000023d4 : Input
0x000021ec : 0x000023d4 : hSession: 262146
0x000021ec : 0x000023d4 : phObject: 0000000005DB4048
0x000021ec : 0x000023d4 : ulMaxObjectCount: 2
0x000021ec : 0x000023d4 : pulObjectCount: 000000000322DD20
0x000021ec : 0x000023d4 : *pulObjectCount: 0
0x000021ec : 0x000023d4 : *phObject[0]: 0
0x000021ec : 0x000023d4 : *phObject[1]: 0
0x000021ec : 0x000023d4 : Output
0x000021ec : 0x000023d4 : phObject: 0000000005DB4048
0x000021ec : 0x000023d4 : ulMaxObjectCount: 2
0x000021ec : 0x000023d4 : pulObjectCount: 000000000322DD20
0x000021ec : 0x000023d4 : *pulObjectCount: 1
0x000021ec : 0x000023d4 : *phObject[0]: 17
0x000021ec : 0x000023d4 : *phObject[1]: 0
0x000021ec : 0x000023d4 : Returning 0 (CKR_OK)
0x000021ec : 0x000023d4 : ****************************** 2016-04-14 11:15:46 ***
0x000021ec : 0x000023d4 : Calling C_FindObjectsFinal
0x000021ec : 0x000023d4 : Input
0x000021ec : 0x000023d4 : hSession: 262146
0x000021ec : 0x000023d4 : Returning 0 (CKR_OK)
0x000021ec : 0x000023d4 : ****************************** 2016-04-14 11:15:54 ***
0x000021ec : 0x000023d4 : Calling C_DeriveKey
0x000021ec : 0x000023d4 : Input
0x000021ec : 0x000023d4 : hSession: 262146
0x000021ec : 0x000023d4 : pMechanism: 000000000322DCD8
0x000021ec : 0x000023d4 : mechanism: 869 (CKM_EXTRACT_KEY_FROM_KEY)
0x000021ec : 0x000023d4 : pParameter: 00000000017079A0
0x000021ec : 0x000023d4 : *pParameter: HEX(08000000)
0x000021ec : 0x000023d4 : ulParameterLen: 0000000000000004
0x000021ec : 0x000023d4 : hBaseKey: 17
0x000021ec : 0x000023d4 : pTemplate: 0000000000000000
0x000021ec : 0x000023d4 : ulAttributeCount: 0
0x000021ec : 0x000023d4 : phKey: 000000000322DCC0
0x000021ec : 0x000023d4 : *phKey: 0
0x000021ec : 0x000023d4 : Returning 96 (CKR_KEY_HANDLE_INVALID)
Please let me know if you find anything useful from the log,
Thank you as always.
from pkcs11interop.
Will do that, but have you ever encountered this question or problem before as per your knowledge?
No I have not. You and poster from previously linked discussion in mailing-list are the first guys I know who are using CKM_EXTRACT_KEY_FROM_KEY mechanism.
Please find the log:
I don't see any obvious error in the log so I guess your best bet is to contact SafeNet support. I would be grateful if you could share the result here.
from pkcs11interop.
Hi Jariq,
Apparently we need to set the configuration to be pure PKCS#11 instead of using FIPS or others.
After setting of the security of the token, we manage to perform the CKM_EXTRACT_KEY_FROM_KEY just fine.
Thank you for your help,
from pkcs11interop.
Thanks for sharing the solution!
from pkcs11interop.
Related Issues (20)
- Private key is not in certificate
- Method C_OpenSession returned CKR_CRYPTOKI_NOT_INITIALIZED
- Pkcs11Interop is not supported on this platform HOT 25
- Missing attribute CKA_NAME_HASH_ALGORITHM
- problem in Pkcs11Interop with new dll from epass 2003
- CKR_OPERATION_NOT_INITIALIZED in multithreaded application
- Missing param represents object handle
- Method C_Login returned CKR_SESSION_HANDLE_INVALID
- Incorrect CK_VERSION string value
- Get Key Value From HSM
- Not able to use C_Sign with yubikey PIV slot with CKA_ALWAYS_AUTHENTICATE HOT 5
- Linux : NativeULong as System.UInt32 causes error while accessing CK_GCM_PARAMS structure from PKCS11 standards HOT 2
- mac os compile problem MAUI .net core 7.0 how to fix ?
- SafeNet Data Objects HOT 7
- ComputeDigest/CreateDigestInfo - with newest Pkcs11Interop - how to ?
- C_Sign returned CKR_OPERATION_NOT_INITIALIZED in multithreaded application
- C_Encrypt with AES mechanism always returns with CKR_GENERAL_ERROR HOT 1
- C_FindObjects does return with nothing while running application in docker
- C_FindObjects does return with nothing while running application in docker HOT 3
- session.Decrypt returning garbage characters appended in PKCS#11 Multipart Decryption with Pkcs11Interop v 4.x.x
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pkcs11interop.