Fatal编程技术网
  • csharp/
  • C# Ncryptoki错误编号208/209(导入证书)

C# Ncryptoki错误编号208/209(导入证书)

c#

C# Ncryptoki错误编号208/209(导入证书),c#,pkcs#11,C#,Pkcs#11,我无法使用NCryptoki将证书导入Alladin eToken X509Certificate2 cert = new X509Certificate2(test.cer); byte[] id = Encoding.ASCII.GetBytes("MyKeyPairID"); CryptokiCollection template = new CryptokiCollection(); template.Add(new ObjectAttribute(ObjectAttribute.CKA

我无法使用NCryptoki将证书导入Alladin eToken

X509Certificate2 cert = new X509Certificate2(test.cer);
byte[] id = Encoding.ASCII.GetBytes("MyKeyPairID");
CryptokiCollection template = new CryptokiCollection();
template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_CERTIFICATE));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_CERTIFICATE_TYPE, Certificate.CKC_X_509));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, false));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, "MyLabel"));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, id));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_SUBJECT, cert.SubjectName.RawData));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_ISSUER, cert.Issuer));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_SERIAL_NUMBER, cert.GetRawCertData()));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_VALUE, cert.RawData));
CryptokiObject certificate = session.Objects.Create(template);
我得到错误209(0xD1)
CKR\u模板不一致
。如果我删除这一行:

template.Add(new ObjectAttribute(ObjectAttribute.CKA_VALUE, cert.RawData));
我收到错误208(0xD0)
CKR\u模板不完整

似乎您为
CKA\u主题
CKA\u发行人
CKA\u序列号
属性设置了错误的值

以下代码和库通常适用于我:

/// <summary>
/// Imports certificate into the PKCS#11 compatible device
/// </summary>
/// <param name="session">Session with user logged in</param>
/// <param name="certificate">Certificate that should be imported</param>
/// <param name="ckaLabel">Value of CKA_LABEL attribute</param>
/// <param name="ckaId">Value of CKA_ID attribute</param>
/// <returns>Handle of created certificate object</returns>
public static ObjectHandle ImportCertificate(Session session, byte[] certificate, string ckaLabel, byte[] ckaId)
{
    // Parse certificate
    X509CertificateParser x509CertificateParser = new X509CertificateParser();
    X509Certificate x509Certificate = x509CertificateParser.ReadCertificate(certificate);

    // Define attributes of new certificate object
    List<ObjectAttribute> certificateAttributes = new List<ObjectAttribute>();
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE));
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_PRIVATE, false));
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_MODIFIABLE, true));
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_LABEL, ckaLabel));
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_CERTIFICATE_TYPE, CKC.CKC_X_509));
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_TRUSTED, false));
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_SUBJECT, x509Certificate.SubjectDN.GetDerEncoded()));
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_ID, ckaId));
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_ISSUER, x509Certificate.IssuerDN.GetDerEncoded()));
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_SERIAL_NUMBER, new DerInteger(x509Certificate.SerialNumber).GetDerEncoded()));
    certificateAttributes.Add(new ObjectAttribute(CKA.CKA_VALUE, x509Certificate.GetEncoded()));

    // Create certificate object
    return session.CreateObject(certificateAttributes);
}

//
///将证书导入PKCS#11兼容设备
/// 
///与已登录用户的会话
///应该导入的证书
///CKA_标签属性的值
///CKA_ID属性的值
///已创建证书对象的句柄
公共静态ObjectHandle导入证书(会话会话,字节[]证书,字符串ckaLabel,字节[]ckaId)
{
//解析证书
X509CertificateParser X509CertificateParser=新的X509CertificateParser();
X509Certificate X509Certificate=x509CertificateParser.ReadCertificate(证书);
//定义新证书对象的属性
列表certificateAttributes=新列表();
添加(新的ObjectAttribute(CKA.CKA_类,CKO.CKO_证书));
添加(新的ObjectAttribute(CKA.CKA_标记,true));
添加(新的ObjectAttribute(CKA.CKA_PRIVATE,false));
添加(新的ObjectAttribute(CKA.CKA_MODIFIABLE,true));
添加(新的ObjectAttribute(CKA.CKA_标签,ckaLabel));
添加(新的ObjectAttribute(CKA.CKA_CERTIFICATE_类型,CKC.CKC_X_509));
添加(新的ObjectAttribute(CKA.CKA_TRUSTED,false));
添加(新的ObjectAttribute(CKA.CKA_SUBJECT,x509Certificate.SubjectDN.GetDerEncoded());
添加(新的ObjectAttribute(CKA.CKA_ID,ckaId));
添加(新的ObjectAttribute(CKA.CKA_ISSUER,x509Certificate.IssuerDN.GetDerEncoded());
添加(新的ObjectAttribute(CKA.CKA_SERIAL_NUMBER,新的DerInteger(x509Certificate.SerialNumber).GetDerEncoded());
添加(新的ObjectAttribute(CKA.CKA_值,x509Certificate.GetEncoded());
//创建证书对象
返回会话.CreateObject(certificateAttributes);
}
使用证书原始数据设置序列号:

template.Add(new ObjectAttribute(ObjectAttribute.CKA_SERIAL_NUMBER, cert.GetRawCertData()));
您可以按以下方式进行设置:

template.Add(new ObjectAttribute(ObjectAttribute.CKA_SERIAL_NUMBER, cert.SubjectDN.GetDerEncoded()