Extractig public key value via PKCS#11

Question

I am using Pkcs11 library to retreive key from device:

I am able to retreive ObjectHandle of public key. I try to extract public key value:

var publicKeyHandle = GetPublicKeyByLabel(Session, "KEY1_QAL_PUB");
var objectAttribute = Session.GetAttributeValue(publicKeyHandle, new List<CKA> { CKA.CKA_VALUE }).Single();
var keyVal =  objectAttribute.GetValueAsByteArray();

Unfortunately, objectAttribute has CannotBeRead set to true and value cannot be read. Even when I am logged as user or SO.

I understand the case, when the key is private - due to security reasons I cannot get value outside HSM device. But why I cannot extract public key value?

score 4 · Accepted Answer · answered Feb 27 '18 at 16:48

4

CKA_VALUE is not a valid attribute for RSA public key objects. If you want to extract RSA public key value then you need to read CKA_PUBLIC_EXPONENT and CKA_MODULUS attributes. See PKCS#11 v2.20 for more details.

answered Feb 27 '18 at 16:48

jariq

11,681
3
33
52

Ahh right. With exponent and modulus values it is quite easy to create public key. – pwas Feb 27 '18 at 19:25

Extractig public key value via PKCS#11

1 Answers1