Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CKA_PUBLIC_KEY_INFO getting TypeInvalid #142

Open
hcldan opened this issue May 18, 2023 · 8 comments
Open

CKA_PUBLIC_KEY_INFO getting TypeInvalid #142

hcldan opened this issue May 18, 2023 · 8 comments

Comments

@hcldan
Copy link
Contributor

hcldan commented May 18, 2023

I hope you can give me a pointer. I'm using a smartcard that has some certs on it for smime.

I can use the ActivClient smartcard tool on windows to poke around at the details, and I've been using this library fairly successfully pointing to their driver so far... until this.

I can see when I inspect the certs in the ActivClient program that they have a SubjectKeyIdentifier
image

When I try to get the attribute from any of the objects returned, it always says TypeInvalid...
Is this a driver problem? Am I misunderstanding something here?
@hcldan
Copy link
Contributor Author

hcldan commented May 18, 2023

hmm... the dll says it's for pkcs11 2.20... i guess that attribute isn't in that spec.

@wiktor-k
Copy link
Collaborator

I'm not sure if you can query these attributes directly. IIUC you need to first get the X.509 certificate object from the card (for example using this object class: https://docs.rs/cryptoki/latest/cryptoki/object/struct.ObjectClass.html#associatedconstant.CERTIFICATE) and then parse the X.509 cert to get the field you want (the last part is outside of this library's scope).

Does it answer your question or am I completely wrong? 😅

@hcldan
Copy link
Contributor Author

hcldan commented May 19, 2023
edited
Loading

@wiktor-k That's interesting. I am going to try to go that route, as my options are rather limited.

FWIW, it looks like in pkcs11 2.40 those attributes are defined and should work. But I found the driver I have only supports pkcs11 2.20 (which does not define those attributes)

@hcldan
Copy link
Contributor Author

hcldan commented May 19, 2023
edited
Loading

@wiktor-k I have the object_handle for the cert... how do I get the bytes?
edit: nevermind, I found it.

@wiktor-k
Copy link
Collaborator

I think you used Attribute::Value right? (In general it's good to paste your solution for the next person that has the same problem 😅 )

@hcldan
Copy link
Contributor Author

hcldan commented May 22, 2023

@wiktor-k Yes, I was actually hoping to wrap things up with my task and contribute a few examples.

Is that something that would be welcome? Is there a good place to put them?

@wiktor-k
Copy link
Collaborator

Yep, most certainly! I was just today casually browsing documentation and the lack of doctests saddens me 😔

I think adding examples to functions would be the best. Just in case you need inspiration see our "sister" repo: https://docs.rs/tss-esapi/latest/tss_esapi/struct.Context.html#method.ecdh_z_gen

You can file a PR and then we can iteratively improve what you have there 😊

@hcldan hcldan mentioned this issue May 22, 2023
Closed
@hcldan
Copy link
Contributor Author

hcldan commented May 22, 2023

@wiktor-k Sent a pr. I'm not sure the doctests will work well seeing as you need a library to init the card.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@hcldan @wiktor-k