I am trying to create an EC key pair using the Pkcs#11 interop library (5.1.2) but every time I try to generate one it returns CKR_TEMPLATE_INCOMPLETE or CKR_DOMAIN_PARAMS_INVALID. I am using SC650 smart card to be able to generate the keys. As well as BouncyCastle (1.8.9) to generate an EC curve. The snippet of code below is from one of the examples from Pkcs#11 library, just modified.
public void GenerateKP()
{
using (IPkcs11Library pkcs11lib = _factory.Pkcs11LibraryFactory.LoadPkcs11Library(_factory, FILE_PATH, AppType.MultiThreaded))
{
ISlot slot = GetUsableSlot(pkcs11lib);
using(ISession session = slot.OpenSession(SessionType.ReadWrite))
{
// Must Der Encoding of the EcParameters
X9ECParameters curve = NistNamedCurves.GetByName("P-256");
X962Parameters x962 = new X962Parameters(curve);
byte[] paramBytes = curve.GetDerEncoded();
byte[] ckaId = session.GenerateRandom(20);
session.Login(CKU.CKU_USER, TOKEN_CODE);
// ECC Public Key Template
List<IObjectAttribute> publicKeyAttributes = new List<IObjectAttribute>();
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIVATE, false));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, "EC P-256 public key"));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ID, ckaId));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_VERIFY, true));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_VERIFY_RECOVER, true));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_WRAP, true));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_MODULUS_BITS, 1024));
publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PUBLIC_EXPONENT, new byte[] { 0x01, 0x00, 0x01 }));
//publicKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_EC_PARAMS, paramBytes));
// ECC Private Key Template
List<IObjectAttribute> privateKeyAttributes = new List<IObjectAttribute>();
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_PRIVATE, true));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, "EC P-256 private key"));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_KEY_TYPE, CKK.CKK_EC));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ID, ckaId));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_SENSITIVE, true));
privateKeyAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_EC_PARAMS, paramBytes));
IMechanism mechanism = session.Factories.MechanismFactory.Create(CKM.CKM_ECDSA_KEY_PAIR_GEN);
IObjectHandle pubKeyHandle = null;
IObjectHandle privateHandle = null;
session.GenerateKeyPair(mechanism, publicKeyAttributes, privateKeyAttributes, out pubKeyHandle, out privateHandle);
}
}
}
