search

PeculiarVentures / pvpkcs11

pvpkcs11 consists of a input validation library and a set of PKCS#11 implementations that wrap operating system and browser cryptographic implementations.
MIT License
32 stars 7 forks source link

NCRYPT_UI_POLICY #53

Open microshine opened 2 years ago

microshine commented 2 years ago

This code works for EC and RSA private keys on C_CopyObject method calling. If CKA_PIN_FLAGS presents and greater than 0 it uses NCRYPT_UI_POLICY for key container creation, otherwise the key will be created without the NCRYPT_UI_POLICY policy.

CK_SESSION_HANDLE hSession;
CK_OBJECT_HANDLE hKey, hNewKey;
CK_BBOOL bTrue = CK_TRUE;
CK_BBOOL bFalse = CK_TRUE;

char *creationTitle = "Creation Title";
char *description = "Key description";
char *friendlyName = "Key name";
CK_ULONG flags = NCRYPT_UI_PROTECT_KEY_FLAG;

CK_ATTRIBUTE copyTemplate[] = {
    {CKA_TOKEN, &bTrue, sizeof(CK_TRUE)},
    {CKA_PIN_CREATION_TITLE, creationTitle, strlen(creationTitle)},
    {CKA_PIN_DESCRIPTION, description, strlen(description)},
    {CKA_PIN_FRIENDLY_NAME, friendlyName, strlen(friendlyName)},
    {CKA_PIN_FLAGS, &flags, sizeof(CK_ULONG)},
};

/* Create a copy which is a token object */
CK_RV rv = C_CopyObject(hSession, hKey, &copyTemplate, 5, &hNewKey);

Key generation with NCRYPT_UI_PROTECT_KEY_FLAG flag image

Key generation with NCRYPT_UI_FORCE_HIGH_PROTECTION_FLAG flag image