Closed rcohnuil closed 2 years ago
cert.GetRSAPrivateKey();
I did check cert.GetRSAPrivateKey()
but it returned null
No idea then 🤷🏻♂️ But Pkcs11Interop.X509Store uses SourceLink so you should be able to step through its code and debug the problem yourself. For more info see: https://devblogs.microsoft.com/dotnet/improving-debug-time-productivity-with-source-link/
One more thing came to my mind. Did you login into HSM via IPinProvider
? Because private key objects are visible only to authenticated users.
Yes I did. As I'm using an existing token, I skipped InitializeTokens()
and added a new method to call session.Login(...)
via an opened session from a slot with the token present.
I found the problem: I didn't use the right token's label. After I corrected that, cert.GetRSAPrivateKey()
no longer returns null.
OK, thanks for letting me know.
Hi,
I need to use a RA certificate stored in a Luna HSM to add 2nd signature and the RA cert to CSRs generated from a client app.
After running OpenSSL commands to process the RA cert in .pfx format, I got the private key in PKCS8 format, then imported both the RA cert and private key into the HSM.
Using the X509CertificateParser, X509Certificate, AsymmetricKeyParameter and RsaKeyParameter from BouncyCastle, I derived the public key.
I did look at https://github.com/Pkcs11Interop/Pkcs11Interop.X509Store/issues/1 and double checked that CKA_LABEL and CKA_ID have the same values for all 3 objects (private key, public key and certificate). In Pkcs11Admin, I did see all 3 objects after I logged into my HSM via menu Token > Login > User login.
Next , I tried the following code with a Luna HSM...
var store = new Pkcs11X509Store(LunaHsmManager.LibraryPath, LunaHsmManager.PinProvider); Pkcs11X509Certificate cert = store.Slots[0].Token.Certificates[0];
I was able to retrieve the cert and public key. The cert.Info.KeyType value is RSA, but cert.HasPrivateKeyObject still shows FALSE.
What am I missing?
Thanks