public static GenerateKeyPair ( |
||
session | Read-write session with user logged in | |
publicKeyHandle | Output parameter for public key object handle | |
privateKeyHandle | Output parameter for private key object handle | |
return | void |
public void _01_BasicSignEncryptAndDecryptVerifyTest() { if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 0) { Assert.Inconclusive("Test cannot be executed on this platform"); } using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking)) { // Find first slot with token present Slot slot = Helpers.GetUsableSlot(pkcs11); // Open RW session using (Session session = slot.OpenSession(false)) { // Login as normal user session.Login(CKU.CKU_USER, Settings.NormalUserPin); // Generate asymetric key pair ObjectHandle publicKey = null; ObjectHandle privateKey = null; Helpers.GenerateKeyPair(session, out publicKey, out privateKey); // Specify signing mechanism Mechanism signingMechanism = new Mechanism(CKM.CKM_SHA1_RSA_PKCS); // Generate symetric key ObjectHandle secretKey = Helpers.GenerateKey(session); // Generate random initialization vector byte[] iv = session.GenerateRandom(8); // Specify encryption mechanism with initialization vector as parameter Mechanism encryptionMechanism = new Mechanism(CKM.CKM_DES3_CBC, iv); byte[] sourceData = ConvertUtils.Utf8StringToBytes("Passw0rd"); // Sign and encrypt data byte[] signature = null; byte[] encryptedData = null; session.SignEncrypt(signingMechanism, privateKey, encryptionMechanism, secretKey, sourceData, out signature, out encryptedData); // Do something interesting with signature and encrypted data // Decrypt data and verify signature of data byte[] decryptedData = null; bool isValid = false; session.DecryptVerify(signingMechanism, publicKey, encryptionMechanism, secretKey, encryptedData, signature, out decryptedData, out isValid); // Do something interesting with decrypted data and verification result Assert.IsTrue(Convert.ToBase64String(sourceData) == Convert.ToBase64String(decryptedData)); Assert.IsTrue(isValid); session.DestroyObject(privateKey); session.DestroyObject(publicKey); session.DestroyObject(secretKey); session.Logout(); } } }
public void _01_BasicWrapAndUnwrapKeyTest() { if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 0) { Assert.Inconclusive("Test cannot be executed on this platform"); } using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.AppType)) { // Find first slot with token present Slot slot = Helpers.GetUsableSlot(pkcs11); // Open RW session using (Session session = slot.OpenSession(SessionType.ReadWrite)) { // Login as normal user session.Login(CKU.CKU_USER, Settings.NormalUserPin); // Generate asymetric key pair ObjectHandle publicKey = null; ObjectHandle privateKey = null; Helpers.GenerateKeyPair(session, out publicKey, out privateKey); // Generate symetric key ObjectHandle secretKey = Helpers.GenerateKey(session); // Specify wrapping mechanism Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS); // Wrap key byte[] wrappedKey = session.WrapKey(mechanism, publicKey, secretKey); // Do something interesting with wrapped key Assert.IsNotNull(wrappedKey); // Define attributes for unwrapped key List <ObjectAttribute> objectAttributes = new List <ObjectAttribute>(); objectAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY)); objectAttributes.Add(new ObjectAttribute(CKA.CKA_KEY_TYPE, CKK.CKK_DES3)); objectAttributes.Add(new ObjectAttribute(CKA.CKA_ENCRYPT, true)); objectAttributes.Add(new ObjectAttribute(CKA.CKA_DECRYPT, true)); objectAttributes.Add(new ObjectAttribute(CKA.CKA_DERIVE, true)); objectAttributes.Add(new ObjectAttribute(CKA.CKA_EXTRACTABLE, true)); // Unwrap key ObjectHandle unwrappedKey = session.UnwrapKey(mechanism, privateKey, wrappedKey, objectAttributes); // Do something interesting with unwrapped key Assert.IsTrue(unwrappedKey.ObjectId != CK.CK_INVALID_HANDLE); session.DestroyObject(privateKey); session.DestroyObject(publicKey); session.DestroyObject(secretKey); session.Logout(); } } }
public void _02_SignAndVerifyMultiPartTest() { if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 0) { Assert.Inconclusive("Test cannot be executed on this platform"); } using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking)) { // Find first slot with token present Slot slot = Helpers.GetUsableSlot(pkcs11); // Open RW session using (Session session = slot.OpenSession(false)) { // Login as normal user session.Login(CKU.CKU_USER, Settings.NormalUserPin); // Generate key pair ObjectHandle publicKey = null; ObjectHandle privateKey = null; Helpers.GenerateKeyPair(session, out publicKey, out privateKey); // Specify signing mechanism Mechanism mechanism = new Mechanism(CKM.CKM_SHA1_RSA_PKCS); byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world"); byte[] signature = null; bool isValid = false; // Multipart signing can be used i.e. for signing of streamed data using (MemoryStream inputStream = new MemoryStream(sourceData)) { // Sign data // Note that in real world application we would rather use bigger read buffer i.e. 4096 signature = session.Sign(mechanism, privateKey, inputStream, 8); } // Do something interesting with signature // Multipart verification can be used i.e. for signature verification of streamed data using (MemoryStream inputStream = new MemoryStream(sourceData)) { // Verify signature // Note that in real world application we would rather use bigger read buffer i.e. 4096 session.Verify(mechanism, publicKey, inputStream, signature, out isValid, 8); } // Do something interesting with verification result Assert.IsTrue(isValid); session.DestroyObject(privateKey); session.DestroyObject(publicKey); session.Logout(); } } }
public void _03_EncryptAndDecryptSinglePartOaepTest() { if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 0) { Assert.Inconclusive("Test cannot be executed on this platform"); } using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.AppType)) { // Find first slot with token present Slot slot = Helpers.GetUsableSlot(pkcs11); // Open RW session using (Session session = slot.OpenSession(SessionType.ReadWrite)) { // Login as normal user session.Login(CKU.CKU_USER, Settings.NormalUserPin); // Generate key pair ObjectHandle publicKey = null; ObjectHandle privateKey = null; Helpers.GenerateKeyPair(session, out publicKey, out privateKey); // Specify mechanism parameters CkRsaPkcsOaepParams mechanismParams = new CkRsaPkcsOaepParams((ulong)CKM.CKM_SHA_1, (ulong)CKG.CKG_MGF1_SHA1, (ulong)CKZ.CKZ_DATA_SPECIFIED, null); // Specify encryption mechanism with parameters Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS_OAEP, mechanismParams); byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world"); // Encrypt data byte[] encryptedData = session.Encrypt(mechanism, publicKey, sourceData); // Do something interesting with encrypted data // Decrypt data byte[] decryptedData = session.Decrypt(mechanism, privateKey, encryptedData); // Do something interesting with decrypted data Assert.IsTrue(Convert.ToBase64String(sourceData) == Convert.ToBase64String(decryptedData)); session.DestroyObject(privateKey); session.DestroyObject(publicKey); session.Logout(); } } }
public void _01_BasicSignAndVerifyRecoverTest() { if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 0) { Assert.Inconclusive("Test cannot be executed on this platform"); } using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking)) { // Find first slot with token present Slot slot = Helpers.GetUsableSlot(pkcs11); // Open RW session using (Session session = slot.OpenSession(false)) { // Login as normal user session.Login(CKU.CKU_USER, Settings.NormalUserPin); // Generate key pair ObjectHandle publicKey = null; ObjectHandle privateKey = null; Helpers.GenerateKeyPair(session, out publicKey, out privateKey); // Specify signing mechanism Mechanism mechanism = new Mechanism(CKM.CKM_RSA_PKCS); byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world"); // Sign data byte[] signature = session.SignRecover(mechanism, privateKey, sourceData); // Do something interesting with signature // Verify signature bool isValid = false; byte[] recoveredData = session.VerifyRecover(mechanism, publicKey, signature, out isValid); // Do something interesting with verification result and recovered data Assert.IsTrue(isValid); Assert.IsTrue(Convert.ToBase64String(sourceData) == Convert.ToBase64String(recoveredData)); session.DestroyObject(privateKey); session.DestroyObject(publicKey); session.Logout(); } } }
public void _01_SignAndVerifySinglePartTest() { Helpers.CheckPlatform(); using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.AppType)) { // Find first slot with token present Slot slot = Helpers.GetUsableSlot(pkcs11); // Open RW session using (Session session = slot.OpenSession(SessionType.ReadWrite)) { // Login as normal user session.Login(CKU.CKU_USER, Settings.NormalUserPin); // Generate key pair ObjectHandle publicKey = null; ObjectHandle privateKey = null; Helpers.GenerateKeyPair(session, out publicKey, out privateKey); // Specify signing mechanism Mechanism mechanism = new Mechanism(CKM.CKM_SHA1_RSA_PKCS); byte[] sourceData = ConvertUtils.Utf8StringToBytes("Hello world"); // Sign data byte[] signature = session.Sign(mechanism, privateKey, sourceData); // Do something interesting with signature // Verify signature bool isValid = false; session.Verify(mechanism, publicKey, sourceData, signature, out isValid); // Do something interesting with verification result Assert.IsTrue(isValid); session.DestroyObject(privateKey); session.DestroyObject(publicKey); session.Logout(); } } }
public void _02_GetInvalidAttributeValueTest() { if (Platform.UnmanagedLongSize != 8 || Platform.StructPackingSize != 0) { Assert.Inconclusive("Test cannot be executed on this platform"); } using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.UseOsLocking)) { // Find first slot with token present Slot slot = Helpers.GetUsableSlot(pkcs11); // Open RW session using (Session session = slot.OpenSession(false)) { // Login as normal user session.Login(CKU.CKU_USER, Settings.NormalUserPin); // Generate key pair ObjectHandle publicKey = null; ObjectHandle privateKey = null; Helpers.GenerateKeyPair(session, out publicKey, out privateKey); // Prepare list of empty attributes we want to read List <CKA> attributes = new List <CKA>(); attributes.Add(CKA.CKA_LABEL); attributes.Add(CKA.CKA_VALUE); // Get value of specified attributes List <ObjectAttribute> objectAttributes = session.GetAttributeValue(privateKey, attributes); // Do something interesting with attribute value Assert.IsTrue(objectAttributes[0].GetValueAsString() == Settings.ApplicationName); Assert.IsTrue(objectAttributes[1].CannotBeRead == true); session.DestroyObject(privateKey); session.DestroyObject(publicKey); session.Logout(); } } }
public void _02_GetInvalidAttributeValueTest() { Helpers.CheckPlatform(); using (Pkcs11 pkcs11 = new Pkcs11(Settings.Pkcs11LibraryPath, Settings.AppType)) { // Find first slot with token present Slot slot = Helpers.GetUsableSlot(pkcs11); // Open RW session using (Session session = slot.OpenSession(SessionType.ReadWrite)) { // Login as normal user session.Login(CKU.CKU_USER, Settings.NormalUserPin); // Generate key pair ObjectHandle publicKey = null; ObjectHandle privateKey = null; Helpers.GenerateKeyPair(session, out publicKey, out privateKey); // Prepare list of empty attributes we want to read List <CKA> attributes = new List <CKA>(); attributes.Add(CKA.CKA_LABEL); attributes.Add(CKA.CKA_VALUE); // Get value of specified attributes List <ObjectAttribute> objectAttributes = session.GetAttributeValue(privateKey, attributes); // Do something interesting with attribute value Assert.IsTrue(objectAttributes[0].GetValueAsString() == Settings.ApplicationName); Assert.IsTrue(objectAttributes[1].CannotBeRead == true); session.DestroyObject(privateKey); session.DestroyObject(publicKey); session.Logout(); } } }