General Error when data length is more than 216 characters

17 views
Skip to first unread message

vizd...@gmail.com

unread,
May 14, 2019, 3:46:46 PM5/14/19
to Pkcs11Interop
Hello Pkcs11Interop Team,
I am testing with SoftHSM2. I have created asymmetric keys through Pkcs11Admin and I am trying to use those keys in my test app.
I am using CKM_RSA_PKCS_OAEP for encryption. If the source data length is <= 216 bytes, it works fine. If more then is gives this exception

Exception: Method C_Encrypt returned CKR_GENERAL_ERROR
Pkcs11Interop
at Net.Pkcs11Interop.HighLevelAPI41.Session.Encrypt(Mechanism mechanism, ObjectHandle keyHandle, Byte[] data)


Following is the code snippet:

public byte[] Encrypt(string pin, string keyLabel, string _sourceData)
{
if (this._disposed)
throw new ObjectDisposedException(this.GetType().FullName);

if (_authenticatedSession == null)
{
_authenticatedSession = _slot.OpenSession(SessionType.ReadOnly);
}

byte[] encryptedData = null;
try
{
_authenticatedSession.Login(CKU.CKU_USER, pin);

//find our demo key
ObjectHandle generatedKey = FindKey(_authenticatedSession, keyLabel, CKO.CKO_PUBLIC_KEY);

byte[] sourceData = ConvertUtils.Utf8StringToBytes(_sourceData);

// Encrypt data
// Specify mechanism parameters
CkRsaPkcsOaepParams mechanismParams = new CkRsaPkcsOaepParams((ulong)CKM.CKM_SHA_1, (ulong)CKG.CKG_MGF1_SHA1, (ulong)CKZ.CKZ_DATA_SPECIFIED, null);

// Specify encryption mechanism with parameters
Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS_OAEP, mechanismParams);

encryptedData = _authenticatedSession.Encrypt(mechanism, generatedKey, sourceData);

}
catch (Exception)
{
throw;
}
finally
{
_authenticatedSession.Logout();
_authenticatedSession.Dispose();
_authenticatedSession = null;
}

return encryptedData;
}

private ObjectHandle FindKey(Session session, string keyName, CKO cko)
{
List<ObjectAttribute> objectAttributes = new List<ObjectAttribute>
{
new ObjectAttribute(CKA.CKA_CLASS, cko)
,new ObjectAttribute(CKA.CKA_LABEL, keyName)
};

session.FindObjectsInit(objectAttributes);
List<ObjectHandle> foundObjects = session.FindObjects(1);
session.FindObjectsFinal();
return foundObjects != null && foundObjects.Count > 0 ? foundObjects[0] : null;
}


What am I missing? Your help is greatly appreciated.

Thanks
Vishal Singh

Jaroslav Imrich

unread,
May 14, 2019, 5:41:13 PM5/14/19
to Pkcs11Interop, vizd...@gmail.com
Hello Vishal Singh,

amount of data you can encrypt with RSA keys is limited. See my older answer to similar question at https://stackoverflow.com/a/22783225/3325704

Kind Regards

Jaroslav Imrich


--
You received this message because you are subscribed to the Google Groups "Pkcs11Interop" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pkcs11intero...@googlegroups.com.
To post to this group, send email to pkcs11...@googlegroups.com.
Visit this group at https://groups.google.com/group/pkcs11interop.
To view this discussion on the web visit https://groups.google.com/d/msgid/pkcs11interop/e4e90c54-1da2-4f7a-905e-ca3f75cfd4e1%40googlegroups.com.

vizd...@gmail.com

unread,
May 15, 2019, 9:10:59 AM5/15/19
to Pkcs11Interop
> To unsubscribe from this group and stop receiving emails from it, send an email to pkcs11...@googlegroups.com.
>
> To post to this group, send email to pkcs11...@googlegroups.com.
>
> Visit this group at https://groups.google.com/group/pkcs11interop.
>
> To view this discussion on the web visit https://groups.google.com/d/msgid/pkcs11interop/e4e90c54-1da2-4f7a-905e-ca3f75cfd4e1%40googlegroups.com.


Thank you Jaroslav, that helped a lot. And thanks for making such an API.
Reply all
Reply to author
Forward
0 new messages