[osol-code] Problem on CKM_AES_KEY_GEN in pkcs11_softtoken.so

Darren J Moffat darrenm at opensolaris.org
Wed Jan 23 02:40:20 PST 2008 

alick wrote:
> Thank you!
> What is the meaning of storing/managing the
> key outside of the PKCS#11 token?
> Is it the case that I want to get a key from a key generator and keep the key in my application? 
 > So it may be better not to use the C_GenerateKey()?

Without knowing what your application is and what you are encrypting it 
is impossible for me to answer this.

The best I can do is give you some examples.

Lets use the SSL/TLS protocol as an example.

The long term RSA private key used in TLS is very sensitive information 
and ideally it was generated using C_GenerateKeyPair() inside the token 
and is marked as a sensitive non extractable key.  This means that while 
  the C_Sign()/C_Verify() operations can be used on it the key is never 
seen by the application and it isn't the applications responsibility to 
mange it.  Instead the application keeps information about how to find 
the key, for example the name of the PKCS#11 token it is stored in and 
the name of the PKCS#11 object that is the key (there are other ways to 
do this this is just one example).

The per connection bulk crypto keys used in TLS are less sensitive and 
are randomly generated, they could for example be an AES 128 bit key. 
It is possible that a given implementation of TLS would generate one of 
these session keys using /dev/urandom and then use C_CreateObject() to 
make a PKCS#11 key object from it for use with C_Encrypt().   Another 
possibility is that it uses C_GenerateKey() but instead of creating a 
token based object it creates a "session" object, this is one that is 
held only in "memory" and doesn't persist in the token.

As I said above it really depends on what your application does.

One advantage of using C_GenerateKey() rather than C_GenerateRandom (or 
reading from /dev/urandom) is that you get a PKCS#11 key object handle 
that you can used with C_Encrypt() without having to explicitly make one 
using C_CreateObject().  Even if you use C_GenerateKey() and you need 
your application to store the actual value of the key you can (depending 
on the template you passed) use C_GetAttributeValue() to retrieve the 
actual key value.

For example (note this is NOT intended to compile it is an outline only):

	CK_BYTE clearkey[32];
	CK_ULONG value_len;
         CK_ATTRIBUTE vtempl[] = {
                 { CKA_VALUE_LEN, &value_len, sizeof (value_len) },
                 { CKA_VALUE, &clearkey, sizeof (clearkey) },
         };
	CK_OBJECT_HANDLE mykey;

	....
	
	C_GenerateKey(session, &mech, gentempl, gtsz, &mykey);

	....

         C_GetAttributeValue(session, mykey, vtempl, 2)
         printf("mykey_len = %d value:\t", value_len);
         for (i = 0; i < value_len; i++) {
                 printf("%02x", clearkey[i]);
         }


-- 
Darren J Moffat

More information about the crypto-discuss mailing list