我正在使用 IAIK 包装器将 pkcs11 请求发送到我的 Bull HSM。我的目标是生成一致的密钥(token = true)。问题是我总是有这个错误代码:
Exception in thread "main" iaik.pkcs.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_READ_ONLY
我不明白为什么它是只读的?为了初始化我的会话,我这样做(使用 RW_SESSION 选项):
import iaik.pkcs.pkcs11.Mechanism;
import iaik.pkcs.pkcs11.Module;
import iaik.pkcs.pkcs11.Session;
import iaik.pkcs.pkcs11.Token;
import iaik.pkcs.pkcs11.TokenException;
import iaik.pkcs.pkcs11.objects.AESSecretKey;
import iaik.pkcs.pkcs11.wrapper.PKCS11Constants;
...
static String libP11 = "nethsm.dll";
static String hsmPassword = "123456";
static int hsmSlotId = 1;
private static void initHSM() throws IOException, TokenException{
Module module = Module.getInstance(libP11);
module.initialize(null);
Token token = module.getSlotList(Module.SlotRequirement.TOKEN_PRESENT)[hsmSlotId - 1].getToken();
session = token.openSession(Token.SessionType.SERIAL_SESSION, Token.SessionReadWriteBehavior.RW_SESSION, null,
null);
session.login(Session.UserType.USER, hsmPassword.toCharArray());
}
我生成密钥的功能如下:
private static AESSecretKey generateAESKey(byte[] keyValue, String label, int keyLength, boolean token) throws TokenException {
Mechanism keyGenerationMechanism = Mechanism.get(PKCS11Constants.CKM_AES_KEY_GEN);
AESSecretKey secretKeyTemplate = new AESSecretKey();
secretKeyTemplate.getValueLen().setLongValue(new Long(keyLength));
secretKeyTemplate.getLabel().setCharArrayValue(label.toCharArray());
secretKeyTemplate.getToken().setBooleanValue(token);
secretKeyTemplate.getSensitive().setBooleanValue(Boolean.FALSE);
secretKeyTemplate.getExtractable().setBooleanValue(Boolean.TRUE);
secretKeyTemplate.getDerive().setBooleanValue(Boolean.TRUE);
secretKeyTemplate.getModifiable().setBooleanValue(Boolean.TRUE);
secretKeyTemplate.getEncrypt().setBooleanValue(Boolean.TRUE);
secretKeyTemplate.getDecrypt().setBooleanValue(Boolean.TRUE);
secretKeyTemplate.getUnwrap().setBooleanValue(Boolean.TRUE);
secretKeyTemplate.getWrap().setBooleanValue(Boolean.TRUE);
secretKeyTemplate.getSign().setBooleanValue(Boolean.TRUE);
secretKeyTemplate.getVerify().setBooleanValue(Boolean.TRUE);
secretKeyTemplate.getValue().setByteArrayValue(keyValue);
return (AESSecretKey) session.generateKey(keyGenerationMechanism, secretKeyTemplate);
}
请问有什么解决办法吗?