Closed Kraust closed 6 years ago
Correct, you can get all the information from the key necessary for other formats, but we do not have a helper to DER-encode it in pycryptoki itself. If you have Gemalto's LunaClient installed, there is a utility "cmu" that can export public keys in DER format.
It was actually ckdemo that motivated me to ask this question (as it does a similar thing to what I am trying to do), but yes I have access to cmu - do you know how to do this through cmu? The documentation I have is pretty bad, I was assuming cmu export did this but couldn't get anything out of it beyond x509 certificates.
Also I know this is probably the wrong place to ask, but do you know of any resources on how to generate the public key from the different attributes through python? My searches have come up pretty barren.
cmu export{ [-handle=<handle#>] | [-label=<label>] } -outputfile=<filename> [-binary] [-key] [-certdelete] [-password=<password>] [-slot=<slot#>]
If you're exporting a public key, include the '-key' flag. I know we've updated the CMU docs in later releases as they were pretty scant on info. Default format is PEM (I believe that if you specify -binary
it outputs in DER format -- or you could use openssl to convert from PEM -> DER).
As for generating a public key in an HSM from attributes (using pycryptoki):
Create a template, then create an object:
template = {CKA_CLASS: CKO_PUBLIC_KEY,
CKA_KEY_TYPE: CKK_RSA, # Key type
CKA_LABEL: b"RSA 2048 verifying key", # Label
CKA_PRIVATE: True,
CKA_MODULUS: [0xe2, 0x32 ... ], # list of hex data
CKA_PUBLIC_EXPONENT: [0x01, 0x00, 0x01], # Or other hex data
CKA_VERIFY: True}
pub_key = c_create_object_ex(session, template)
Are you doing EC keys? Because if so, you'd need to get some of the data (the CKA_EC_POINT in particular) from the private key.
I noticed that you can get the prime, subprime, base, and value of a DSA key using
c_get_attribute_value_ex
but there doesn't seem to be a helper function to export these to a public key in either der or pem format.