1

How to make attribute template for PBKDF2 key generation in pkcs11interop.

Below is my trial code :

byte[] randomSalt = session.GenerateRandom(20);

objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKZ.CKZ_SALT_SPECIFIED));    
objectAttributes.Add(new ObjectAttribute(CKA.CKA_VALUE, randomSalt));    
objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, 1000));
objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, 0x00000004));    
objectAttributes.Add(new ObjectAttribute(CKA.CKA_VALUE, new byte[] { }));    
objectAttributes.Add(new ObjectAttribute(CKA.CKA_VALUE, Encoding.UTF8.GetBytes("password")));

Mechanism mechanism = new Mechanism(CKM.CKM_PKCS5_PBKD2); objectHandle objectHandle = session.GenerateKey(mechanism, objectAttributes);

With this I am getting CKR_MECHANISM_INVALID exception

4

1 回答 1

1

第一个问题是您试图通过-s 列表而不是类实例向CKM_PKCS5_PBKD2机制提供参数。有关更多信息,请查看PKCS#11 v2.20 规范的第 12.26.9 章。ObjectAttributeCkPkcs5Pbkd2Params

第二个问题是您的非托管 PKCS#11 库很可能根本不支持CKM_PKCS5_PBKD2机制,因为通过返回CKR_MECHANISM_INVALID错误,您的非托管 PKCS#11 库告诉您"An invalid mechanism was specified to the cryptographic operation"。您可以使用GetMechanismInfo()方法检查是否支持该机制:

if (!slot.GetMechanismList().Contains(CKM.CKM_PKCS5_PBKD2))
    throw new Exception("Unmanaged PKCS#11 library does not support CKM_PKCS5_PBKD2 mechanism");
于 2018-03-22T23:10:08.757 回答