我正在尝试使用我的 HSM 生成一个 RSA-2048 密钥,使用 PKCS11 标准,私钥似乎没问题,但是当我尝试包装我的公钥时,我收到此错误: iaik.pkcs.pkcs11.wrapper.PKCS11Exception: CKR_KEY_HANDLE_INVALID
这是生成函数:
public long [] Generate_RSA_key() {
long [] key = null;
try {
CK_MECHANISM mec = new CK_MECHANISM();
mec.mechanism = PKCS11Constants.CKM_RSA_PKCS_KEY_PAIR_GEN;
RSAPublicKey pub_template = new RSAPublicKey();
RSAPrivateKey prv_template = new RSAPrivateKey();
RSA_template(pub_template, prv_template);
CK_ATTRIBUTE[] attr_pub = iaik.pkcs.pkcs11.objects.Object.getSetAttributes(pub_template);
CK_ATTRIBUTE[] attr_prv = iaik.pkcs.pkcs11.objects.Object.getSetAttributes(prv_template);
key = cryptoki.C_GenerateKeyPair(ckiSession, mec, attr_pub, attr_prv, true);
}catch(Exception e) {
e.printStackTrace();
}
return key;
}
private void RSA_template(RSAPublicKey pub_template, RSAPrivateKey prv_template) {
pub_template.getEncrypt() .setBooleanValue(TRUE);
pub_template.getVerify() .setBooleanValue(TRUE);
pub_template.getWrap() .setBooleanValue(TRUE);
pub_template.getModulusBits() .setLongValue(2048L);
prv_template.getDecrypt() .setBooleanValue(TRUE);
prv_template.getSign() .setBooleanValue(TRUE);
prv_template.getExtractable() .setBooleanValue(TRUE);
prv_template.getModulusBits() .setLongValue(2048L);
}
感谢您的帮助。