How to find public keys using the Pkcs11 library?

Question

I'm trying to find public keys (certificates) with this code below but I can't collect those certificates.

       using (Pkcs11 pkcs11 = new Pkcs11(@"\\ip\c$\Program Files\SafeNet\Protect Toolkit 5\Protect Toolkit C SDK\bin\sw\cryptoki.dll", AppType.MultiThreaded))
            {
                List<Slot> slots = pkcs11.GetSlotList(SlotsType.WithTokenPresent);
                Slot slot = slots[0];
                using (Session session = slot.OpenSession(SessionType.ReadOnly))
                {
                    var sessionState = session.GetSessionInfo();  
                    session.Login(CKU.CKU_USER, "password");

                    List<ObjectAttribute> publicKeyAttributes = new List<ObjectAttribute>();
                    publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_CLASS, CKO.CKO_CERTIFICATE));
                    publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_TOKEN, true));
                    publicKeyAttributes.Add(new ObjectAttribute(CKA.CKA_CERTIFICATE_TYPE, CKC.CKC_X_509));


                    List<ObjectHandle> foundPublicKeys = session.FindAllObjects(publicKeyAttributes);

  } 
}

I needed to get foundPublicKeys values but it returned zero (0).

You can see those certificates in picture below named ****_CER. What am I missing? Thanks.

Are you sure you are performing the search operation on correct slot? Screenshot shows you have three of them available. — jariq, Apr 02 '18 at 13:33
@jariq I'm getting correct slot with this: `List slots = pkcs11.GetSlotList(SlotsType.WithTokenPresent); Slot slot = slots[0];` — TEngineer, Apr 02 '18 at 14:00
Are you sure those certificates have `CKA_CLASS` attribute set to `CKO_CERTIFICATE` and not `CKO_DATA` ? Can you find any objects at all? Try to search with template with just a single attribute `CKA_TOKEN` set to `true`. — jariq, Apr 02 '18 at 17:05
Thanks for your help @jariq I have not reached the objects I want yet. But he still helped bring the objects. List publicKeyAttributes = new List (); publicKeyAttributes.Add (new ObjectAttribute (CKA.CKA_TOKEN, true)); List foundPublicKeys = session.FindAllObjects (publicKeyAttributes); This code works fine. — TEngineer, Apr 02 '18 at 19:46
Why can not I still get an object (certificate) with a label value of "....."? — TEngineer, Apr 02 '18 at 19:49
Remember that **the matching criterion is an exact byte-for-byte match with all attributes in the template**. I guess that object you are expecting to find has different values of attributes than you expect it to have. Did you try to examine your device with [Pkcs11Admin](https://pkcs11admin.net/) application? — jariq, Apr 02 '18 at 20:46
This is so interesting! No objects that appear in the desktop application appear in the object and certificate sections of the Pkcs11Admin application. In addition, the slot information that appears in the Pkcs11Admin application does not match the slot information that appears in the desktop application. — TEngineer, Apr 03 '18 at 03:20
In Pkcs11Admin application try to switch slot via `Slot` menu then login to selected slot/token via `Token > Login > User login ...` menu and examining objects again. — jariq, Apr 03 '18 at 05:00
Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/168082/discussion-between-tengineer-and-jariq). — TEngineer, Apr 03 '18 at 05:45
Finally happened. Pkcs11 pkcs11 = new Pkcs11(@"\\ip\c$\Program Files\SafeNet\Protect Toolkit 5\Protect Toolkit C SDK\bin\hsm\cryptoki.dll", AppType.MultiThreaded). I do not see the certificates and objects I see in the desktop application in the Pkcs11Admin application because I misunderstood this path. Now I have come to place the certificate I received in the xml file. Thank you for your help. — TEngineer, Apr 03 '18 at 07:18

How to find public keys using the Pkcs11 library?

0 Answers0