On 2010/05/31 02:02 PDT, Sebastian Mayer wrote:
> Hi All,
>
> I'm having some difficulties in creating a simple AES key as follows:
>
> CK_OBJECT_HANDLE hKey;
> CK_OBJECT_CLASS keyClass = CKO_SECRET_KEY;
> CK_KEY_TYPE keyType = CKK_AES;
>
> CK_BYTE keyValue[] = {
> 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef,
> 0x01, 0x23, 0x45, 0x67, 0x89, 0xab, 0xcd, 0xef
> };
>
> CK_ATTRIBUTE keyTemplate[] = {
> {CKA_CLASS, &keyClass, sizeof(keyClass)},
> {CKA_KEY_TYPE, &keyType, sizeof(keyType)},
> {CKA_TOKEN, &false, sizeof(false)},
> {CKA_ENCRYPT, &true, sizeof (true) },
> {CKA_VALUE, keyValue, sizeof(keyValue)}
> };
>
> printf("C_CreateObject\n");
> rv = pFunctionList->C_CreateObject(hSession, keyTemplate, 5, &hKey);
> if (rv != CKR_OK) {
> printf("error: %lx\n", rv);
> }
>
>
>
> I'm getting the error CKR_ATTRIBUTE_VALUE_INVALID, but I don't know what
> attribute it could be whose value is not valid.
>
> What did I overlook here?
In FIPS mode, you are not allowed to create symmetric (secret) key objects
by specifying the value in plain text like this. Secret key objects must
be created by unwrapping or deriving, or by generation within the token.
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
