Create signature with CKM_CMS_SIG mechanism
58 views
Skip to first unread message
Yaşar Arabacı
Jan 18, 2020, 6:18:34 AM1/18/20
to Pkcs11Interop
Hi,
I am trying to create a signature using CKM_CMS_SIG mechanism.
Here is the relevant part of my applications;
var cert_id = session.GetAttributeValue(certinfo.first, new List<CKA>() { CKA.CKA_ID }).FirstOrDefault();
var f = session.Factories.ObjectAttributeFactory;
List<IObjectAttribute> attrs = new List<IObjectAttribute>()
{
f.Create(CKA.CKA_TOKEN, true),
f.Create(CKA.CKA_PRIVATE, true),
f.Create(CKA.CKA_CLASS, CKO.CKO_PRIVATE_KEY),
f.Create(CKA.CKA_SIGN, true),
f.Create(CKA.CKA_ID, cert_id.GetValueAsByteArray())
};
var private_key = session.FindAllObjects(attrs).FirstOrDefault();
var mechanismParams = session.Factories.MechanismParamsFactory.CreateCkCmsSigParams(
certinfo.first, null, null, "plain/text", null, null);
var mechanism = session.Factories.MechanismFactory.Create(CKM.CKM_CMS_SIG, mechanismParams);
byte[] signed_data = session.Sign(mechanism, private_key, data);
In the above code, `certinfo.first` holds an object handle for a `CKO_CERTIFICATE` object. I am using its's CKA_ID attribute to get an handle on matching private key object. Then, I am creating a minimal CKM_CMS_SIG mechanism to get an CMS signature. However, I am getting CKR_KEY_TYPE_INCONSISTENT error from `C_SignInit` method, even though private key's CKA_SIGN attribute is true. Morever, using another signing mechism with same handle seems to work.
What is the correct approach to create a CMS signature with a PKCS11 token?
Reply all
Reply to author
Forward
0 new messages