C# Ncryptoki错误编号208/209(导入证书)
我无法使用NCryptoki将证书导入Alladin eTokenC# Ncryptoki错误编号208/209(导入证书),c#,pkcs#11,C#,Pkcs#11,我无法使用NCryptoki将证书导入Alladin eToken X509Certificate2 cert = new X509Certificate2(test.cer); byte[] id = Encoding.ASCII.GetBytes("MyKeyPairID"); CryptokiCollection template = new CryptokiCollection(); template.Add(new ObjectAttribute(ObjectAttribute.CKA
X509Certificate2 cert = new X509Certificate2(test.cer);
byte[] id = Encoding.ASCII.GetBytes("MyKeyPairID");
CryptokiCollection template = new CryptokiCollection();
template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_CERTIFICATE));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_CERTIFICATE_TYPE, Certificate.CKC_X_509));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, false));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "MyLabel"));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, id));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_SUBJECT, cert.SubjectName.RawData));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_ISSUER, cert.Issuer));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_SERIAL_NUMBER, cert.GetRawCertData()));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_VALUE, cert.RawData));
CryptokiObject certificate = session.Objects.Create(template);
我得到错误209(0xD1)CKR\u模板不一致
。如果我删除这一行:
template.Add(new ObjectAttribute(ObjectAttribute.CKA_VALUE, cert.RawData));
我收到错误208(0xD0)
CKR\u模板不完整
似乎您为CKA\u主题
、CKA\u发行人
和CKA\u序列号
属性设置了错误的值
以下代码和库通常适用于我:
/// <summary>
/// Imports certificate into the PKCS#11 compatible device
/// </summary>
/// <param name="session">Session with user logged in</param>
/// <param name="certificate">Certificate that should be imported</param>
/// <param name="ckaLabel">Value of CKA_LABEL attribute</param>
/// <param name="ckaId">Value of CKA_ID attribute</param>
/// <returns>Handle of created certificate object</returns>
public static ObjectHandle ImportCertificate(Session session, byte[] certificate, string ckaLabel, byte[] ckaId)
{
// Parse certificate
X509CertificateParser x509CertificateParser = new X509CertificateParser();
X509Certificate x509Certificate = x509CertificateParser.ReadCertificate(certificate);
// Define attributes of new certificate object
List<ObjectAttribute> certificateAttributes = new List<ObjectAttribute>();
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, false));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_MODIFIABLE, true));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, ckaLabel));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_CERTIFICATE_TYPE, CKC.CKC_X_509));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_TRUSTED, false));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_SUBJECT, x509Certificate.SubjectDN.GetDerEncoded()));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_ISSUER, x509Certificate.IssuerDN.GetDerEncoded()));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_SERIAL_NUMBER, new DerInteger(x509Certificate.SerialNumber).GetDerEncoded()));
certificateAttributes.Add(new ObjectAttribute(CKA.CKA_VALUE, x509Certificate.GetEncoded()));
// Create certificate object
return session.CreateObject(certificateAttributes);
}
//
///将证书导入PKCS#11兼容设备
///
///与已登录用户的会话
///应该导入的证书
///CKA_标签属性的值
///CKA_ID属性的值
///已创建证书对象的句柄
公共静态ObjectHandle导入证书(会话会话,字节[]证书,字符串ckaLabel,字节[]ckaId)
{
//解析证书
X509CertificateParser X509CertificateParser=新的X509CertificateParser();
X509Certificate X509Certificate=x509CertificateParser.ReadCertificate(证书);
//定义新证书对象的属性
列表certificateAttributes=新列表();
添加(新的ObjectAttribute(CKA.CKA_类,CKO.CKO_证书));
添加(新的ObjectAttribute(CKA.CKA_标记,true));
添加(新的ObjectAttribute(CKA.CKA_PRIVATE,false));
添加(新的ObjectAttribute(CKA.CKA_MODIFIABLE,true));
添加(新的ObjectAttribute(CKA.CKA_标签,ckaLabel));
添加(新的ObjectAttribute(CKA.CKA_CERTIFICATE_类型,CKC.CKC_X_509));
添加(新的ObjectAttribute(CKA.CKA_TRUSTED,false));
添加(新的ObjectAttribute(CKA.CKA_SUBJECT,x509Certificate.SubjectDN.GetDerEncoded());
添加(新的ObjectAttribute(CKA.CKA_ID,ckaId));
添加(新的ObjectAttribute(CKA.CKA_ISSUER,x509Certificate.IssuerDN.GetDerEncoded());
添加(新的ObjectAttribute(CKA.CKA_SERIAL_NUMBER,新的DerInteger(x509Certificate.SerialNumber).GetDerEncoded());
添加(新的ObjectAttribute(CKA.CKA_值,x509Certificate.GetEncoded());
//创建证书对象
返回会话.CreateObject(certificateAttributes);
}
使用证书原始数据设置序列号:
template.Add(new ObjectAttribute(ObjectAttribute.CKA_SERIAL_NUMBER, cert.GetRawCertData()));
您可以按以下方式进行设置:
template.Add(new ObjectAttribute(ObjectAttribute.CKA_SERIAL_NUMBER, cert.SubjectDN.GetDerEncoded()