I am trying to integrate safenet HSM with our application. I am writing the program in C. I am referring to the PKCS11 v2.20 cryptoki standard document from RSA labs. I need to generate an AES 256 bit key. While defining the template for key generation I am not sure what value needs to be passed for CKA_VALUE. While generating a DES3 key, I didn't provide this attribute and I was able to generate a key.
I searched for sample programs for CKA_LABEL but failed to find any solid examples in C. I found a couple of Java programs where they have used CKA_VALUE_LEN instead of CKA_VALUE. I am not sure if that will work.
This is the snippet given in the document. Most websites give only this snippet as an example. Nothing is specified for the array value.
CK_OBJECT_CLASS class = CKO_SECRET_KEY;
CK_KEY_TYPE keyType = CKK_AES;
CK_UTF8CHAR label[] = “An AES secret key object”;
CK_BYTE value[] = {...};
CK_BBOOL true = CK_TRUE;
CK_ATTRIBUTE template[] = {
{CKA_CLASS, &class, sizeof(class)},
{CKA_KEY_TYPE, &keyType, sizeof(keyType)},
{CKA_TOKEN, &true, sizeof(true)},
{CKA_LABEL, label, sizeof(label)-1},
{CKA_ENCRYPT, &true, sizeof(true)},
{CKA_VALUE, value, sizeof(value)}
};
The CKA_VALUE is the actual value of the key. When you tell the HSM to generate a secret key, it will generate a key for you on the hardware based on the attributes you pass in secret key template, and set the value generated in the CKA_VALUE. This attribute however cannot be read/extracted nor it can be set when generating the key, because the HSM won't allow you to inject a key (directly) from the software nor allow you to extract it from the HSM (directly).
The CKA_VALUE_LEN is the length of the key you can tell the HSM to generate. The AES key can be of length 128, 192 or 256 bits. Depending on the key size you want you would set the CKA_VALUE_LEN as 16, 24 or 32 (key size as bytes).
Related
Hey guys I have been stuck and I cannot understand the following from the Signal Protocol Documentation:
Alice then calculates an "associated data" byte sequence AD that
contains identity information for both parties:
AD = Encode(IKA) || Encode(IKB)
An initial ciphertext encrypted with some AEAD encryption scheme [4]
using AD as associated data and using an encryption key which is
either SK or the output from some cryptographic PRF keyed by SK.
I do not understand what the Encode function is or like how to write it up in C. Can it just be any encoding function of bytes and if not what encoding do I use?
Additionally, the aead encryption scheme, does this mean I will be encrypting the original message from Alice with AD and SK (Shared Key generated from the HKDF)? If so, what algorithms can I use to encrypt (I could not find any algorithms from Github)?
For my Identity Server 4, we have two different servers set up to host the application.
I asked our operations team to install the same certificate on the two servers. However, they both have received different thumbprints, and the values in the certifiiates are different in the following fields: kid, x5t, n and the value in the x5c chain is also different between the two, when I load the .well-known/openid-configuration/jwks address. I've posted the keys below. Will this work? I thought the values would be the same for the x5c.0 value, if they were based on the same private key.
First key:
keys
0
kty "RSA"
use "sig"
kid "8366EB61F60720FE0FCC5C0E6BF3E5F8ACC98E2DRS256"
x5t "g2brYfYHIP4PzFwOa_Pl-KzJji0"
e "AQAB"
n "6sYPa_JNapDqcw3KgvlmtbrrCuYCd1sq3R_3Ao1aAW7bHjdN1isphP8eWsCA5WeTDmDSfE1GsN2ri0pyVY8LlqAYznEyqHI1FDVS_d601TMiq_WiMTapnQQKFdw0SF1xLNWVT13QsosgErYq0g7pJvlpYDRRXymU8Arw0LMya6nD2sMbFggYEpqMdT_j7KLiZ6oC_2G5v4VVaMdZOF8ppzUkFFtj4MU4k7J_8zVM1LbCy8vH8uyjxGqCsRzbryDu-yhQmPy1FIXBX4ZZgXy8gB2bLLPtndba9rmSFMq4VbWDjwe2hqAF7X4yvru0bGeu_4mxB10vxO2KPP9Sqaniqw"
x5c
0 "MIIFvDCCA6SgAwIBAgITHQAAADE6PYCZMMXL9QAAAAAAMTANB8VHvcXFg4="
alg "RS256"
keys
0
kty "RSA"
use "sig"
kid "B2042B75C33612AC9BD31051B2821E5DEB4D0F34RS256"
x5t "sgQrdcM2Eqyb0xBRsoIeXetNDzQ"
e "AQAB"
n "zJiOYj3NhxS4vxte0GtimbMwu6DtFHISguFdlLaroRQaNciqVynyRYJ2v8y5194miwT_K3jtKnh9lSGz93Q7Z500kvmZjS9boqQFn8g-I_02FOUUcLzsJJOTcBGqt6lvja5YlVhdWKG92sq8RizkDm28GV6bdDLh8mbR6GtwyvD2iN7aHs7nE6Z-S5doFlkr4SJ9lUxNMr18WpQHqXvP3Z0lpr8E5DRVv80n5HS7u9uusZvhryOp1QgQGfikCqPc8XNcZ9GyXhtGJkHD-QlpUZVbondHZOCi5IKOUrq7LK4cgILB-zDVIGVpyl0JhhjCCp02wq9kWcgKAvTcb8m8Aw"
x5c
0 "MIIFmjCCA4KgBpvenCRU6YuvZamis9K4OrGuKNK0EwNe1tbPMViVE++/H21P/utQ=="
alg "RS256"
Why don't you use the same signing key certificate with the same private key in both installations of IdentityServer?
you also need to keep in mind that the certificate for the domain name (the server) is separate from the token signing keys.
The token signing key needs to be the same in both instances. To install the private signing key, it can be convenient to wrap it up inside a X509 certificate.
A certificate contains a private key and you can have many certificates based on the save private key. I would use openssl to generate the private signing key for the tokens and keen the domain certificate separate, just to get a clear separation of concern. If you use Azure Key Vault, you can even create and store the keys there directly.
I have to prepare Message Integrity Attribute for TURN allocation request.
say my username is user_1, realm is 192.168.1.101 and password is user_pass_1
key = MD5(user_1:192.168.1.101:user_pass_1)
then I have to perform HMAC-SHA1 on a buffer using above key.
I want to use gnutls library for calculating HMAC-SHA1, is there any way to do it
I receive this EAP-TLS fragment from a RADIUS server:
I received this packet in a uint8_t array in C, and when I compared the bits with the public key enclosed in this message, I found that all of them were different. This led me to believe that the public key has been encrypted. If so, how is it encrypted and what can I do to retrieve the public key ? Is it related to the signature (256 bit) enclosed after the pubkey ? I need it to complete the DH parameter generation on both sides.
Thank you!
I received this packet in a uint8_t array in C, and when I compared the bits with the public key enclosed in this message, I found that all of them were different.
The server's public key B (which is g ^ b) should be different on each run of the protocol. If you are seeing repeating values, then something is wrong. See RFC 4492, Page 18:
public: The ephemeral ECDH public key
"ephemeral" means temporary, and its used once and then thrown away.
how is it encrypted and what can I do to retrieve the public key
Its not encrypted; its a temporary key that's used once.
Is it related to the signature (256 bit) enclosed after the pubkey ?
No.
OpenSSL has a wiki page on Elliptic Curve Cryptography. See Elliptic Curve Cryptography.
Hi, i have file_data(xml format) and file_signature(ASN1 DER), and also have certificate(X509 ASN1 DER). I want to check if file_data is correct, but I have some problems. what I'm doing:
Main Idea: Some company A creates file_data, then using SHA1 gets hash of the file_data, and encrypts this hash using RSA private key and gets file_signature. Then company A sends me file_data and file_signature and certificate. I get public key from certificate get file_signature and decrypt file_signature using public key and get hash_1. Then i get file_data and use SHA1 to get hash_2. If hash_1 and hash_2 is equal, i can trust to content of the file_data, am I right?
Implementation:
Load certificate: d2i_X509_fp() function. Now I have certificate.
Get public key of the certificate: X509_extract_key, now i have public key.
Now i want to load file_signature to decrypt it using public key, BUT file_signature has ASN1 DER format how I can load it, what function in OpenSSl should I use?
Suppose I read file_signature, now I must decrypt it using my public key, is there any API for this purpose?
Suppose I decrypt file_signature and get hash_1.
Now I must load file_data and get hash of it using SHA1 function hash_2, what function I must use? SHA1(), or SHA1_Init, SHA1_Update, SHA1_Finish?
Suppose I get hash_1 and hash_2, how i must compare them, using memcmp?
Suppose I compare them, if they are equal, i can use file_data.
another question is that file_signature is 128 byte len and when i decrypt it i get 128 byte hash_1(Am I rigth) , but when i get hash of the file_data hash_2 it's length is only 20 bytes, so how I can compare them, or I misunderstand something?
Thanks for your help!
p.s. sorry for my english;).
If you get a file_signature of 128 bytes, then it is probably not ASN.1 encoded. 128 bits is exactly the key length of a 1024 bit key (on the low side nowadays, check keylength.com). Hashes are not directly encrypted if RSA is used: first it is wrapped within an ASN.1 structure, and then it is padded, all according to PKCS#1 v1.5 (Google it).
Normally you don't perform the hashing separately from the RSA encrypt. Libraries like openssl will contain functions to perform verification where the hash is automatically calculated (no doubt this would be openssl_verify()). Those functions will also do the compare for you.
Note that you will need to establish trust for the public key, otherwise an attacker could just generate a random key pair and send you a different public key together with the attackers signed data. Normally public keys are trusted using direct communication beforehand, or using a PKI infrastructure (certificate chains).