0

I'm extracting the Public key for encryption from the sender's Certificate as byte[] array

    JObject o = JObject.Parse(reply);
    string certResponse = o.GetValue("certificate").Value<string>();
    byte[] certByteArray = Encoding.ASCII.GetBytes(certResponse);

    //Extract Public key from Certificate
    var certTest = new X509Certificate2(certByteArray);
    var certPublicKey = certTest.GetPublicKey();

I wish to use PKCS11Interop Encrypt() function which takes ObjectHandle of the key to Encrypt message/data. The only way I find is to set ObjectAttributes and session.CreateObject(objectAttributes); and eventually DestroyObject.

However I get CKR_FUNCTION_NOT_SUPPORTED calling CreateObject(). As clarified by jariq in this post that OpenSC PKCS#11 library does not support/implement some functions defined in PKCS#11 specification, What is the alternative/workaround to use the byte array publicKey for encryption?

Kamran Khan
  • 23
  • 1
  • 4
  • 2
    Why would you want to use pkcs#11 to encrypt data with public key? When you have the public key, you can just perform the encryption using the software instead of the hardware. – always_a_rookie Jun 08 '17 at 01:30
  • @always_a_rookie_to_learn you are absolutely correct. Let us consider the receiver's end. The receiver will be having his private key stored on the USB token. I'm not sure how to utilize the receiver's private key as a string or byte array, because USB tokens only provide handles to the private key and not the value. – Kamran Khan Jun 08 '17 at 08:23
  • if you are not the receiver, you dont have to worry about how they do it. You just encrypt and give it. They decrypt it. But if you are curious on how they should do it, they have to use the pkcs11. Because the private key is inside the hardware, they have to refer to the private key by the handle, and can perform encryption on the hardware and get the encrypted string from the pkcs11. And BTW, what will you be encrypting with public key? It is not a standard to encrypt general data using public key as it cannot handle data beyond certain length. – always_a_rookie Jun 08 '17 at 09:21
  • @always_a_rookie_to_learn I will be encrypting files (PDFs, Word normal MIME types) but the sizes will be around 2MB to 20MB or even more. What are the limitations to public key encryption. Kindly suggest something to read about it. Thanks. – Kamran Khan Jun 10 '17 at 19:50
  • You won't be able to encrypt such large data with public key. You can only encrypt that kind of data using a symmetric key (like AES, 3DES). If your idea is to encrypt files and have the only recipient decrypt it to see it using his key, you can encrypt the file using a symmetric key and wrap that symmetric key using an asymmetric key, and give your recipient the encrypted file and wrapped key. He will then unwrap it using the asymmetric key he has to reveal the symmetric key to decrypt the file. You can read more about key-wrap here: https://en.wikipedia.org/wiki/Key_Wrap – always_a_rookie Jun 12 '17 at 13:32

0 Answers0