Search code examples
c#pkcs#11pkcs11interopsofthsm

Extractig public key value via PKCS#11

I am using Pkcs11 library to retreive key from device: public_keys

I am able to retreive ObjectHandle of public key. I try to extract public key value:

var publicKeyHandle = GetPublicKeyByLabel(Session, "KEY1_QAL_PUB");
var objectAttribute = Session.GetAttributeValue(publicKeyHandle, new List<CKA> { CKA.CKA_VALUE }).Single();
var keyVal =  objectAttribute.GetValueAsByteArray();

Unfortunately, objectAttribute has CannotBeRead set to true and value cannot be read. Even when I am logged as user or SO.

I understand the case, when the key is private - due to security reasons I cannot get value outside HSM device. But why I cannot extract public key value?

Solution

  • CKA_VALUE is not a valid attribute for RSA public key objects. If you want to extract RSA public key value then you need to read CKA_PUBLIC_EXPONENT and CKA_MODULUS attributes. See PKCS#11 v2.20 for more details.