A SERVICE OF

logo

Open as PDF
next previous
Chapter 4 Using Crypto-C 147
Using Cryptographic Hardware
Advanced PKCS #11
This chapter earlier described
internalKey
as the collection of three items: CKA_CLASS,
CKA_TYPE and the digest of the modulus. A more rigorous description would be
CKA_CLASS, CKA_TYPE and CKA_ID. When Crypto-C generates a key pair, it uses the
SHA-1 digest of the modulus as the
CKA_ID.
For an RSA private key, it would be this.
Suppose you have a generated key pair already, it has a
CKA_ID already set, and you
want Crypto-C to be able to use it. Just create a buffer that looks like the previous
example, making sure you use the right value for the class and type. Then the next
part of the buffer will be your
CKA_ID. Now create a KI_TOKEN_INFO struct with the
manufacturer's ID and the new buffer you created as the internal key. Crypto-C will
find it.
When Crypto-C asks for the key with the appropriate attributes, it receives in return a
key handle. This handle is valid only during the active session. If you get a key handle
for a particular key one day, the next day the handle for that very same key may be
different. Suppose you have that handle for the active session. You could give Crypto-
C the previously defined
internalKey
and Crypto-C would ask the token to return a
handle for that key. In other words, you searched for the key once, got a handle, and
now Crypto-C will search again. And it will probably get a new handle.
You could also pass in
CKO_VENDOR_DEFINED | CKO_PRIVATE_KEY for the class,
CKK_RSA for the type, and then the rest would be the handle. It might look like this.
In this case, Crypto-C will recognize the most significant bit of the class set (the 8 in
the 80000003) and know that the value which would normally be the
CKA_ID is
actually the key handle. It would then use that key handle. That is what
VENDOR_DEFINED means, the class is vendor-defined. We are the vendor, so we are
defining it to mean "private key class key handle," not just "private key."
CKA_CLASS CKA_TYPE CKA_ID
CKO_PRIVATE_KEY CKK_RSA <digest>
00 00 00 03 00 00 00 00 66 a9 47 2d 80 5a. . .
80 00 00 03 00 00 00 00 00 00 00 02