Using Cryptographic Hardware
140 RSA BSAFE Crypto-C Developer’s Guide
may need to set the attributes manually for the token to work.
You can use this AI for any key pair generation, not just RSA. If you use this AI for
software key pair generation, the attributes will be ignored.
After setting the algorithm object to generate a key pair, initialize.
Notice the new subroutine call, B_GetDevice, which you call to see if key pair
generation will be performed by hardware or software. Pass in an ITEM (a pointer to
an ITEM that you create) and Crypto-C will set the
data
and
len
fields with a pointer
and length of a description of the device. The name will be a NULL-terminated string.
If software is used, the result will be the word "software." The memory is owned by
Crypto-C, so do not overwrite it or free it.
Now generate.
In this example, we pass in a random object, because we have specified a software
backup. If the generation will be done in hardware, the random object will be ignored.
If you know the generation will be done in hardware, in fact, you could pass in
NULL_PTR for the random object.
We have passed in a NULL surrender context as well. If you pass in a valid surrender
context, Crypto-C will ignore it, because PKCS #11 demanded the surrender context
when we created the session.
Crypto-C sets the key objects to some value. If a key is a token key (the key resides on
the token), it was set with KI_Token. If a key does not reside on a token or is not
private (a public key can reside on a token but can never be private), it was set with
KI_PKCS_RSAMultiPrimePrivate or KI_RSAPublic. It may have been set with both key
ITEM deviceName;
if ((status = B_GenerateInit
(rsaGen, hwChooserGen, NULL_SURR)) != 0)
break;
if ((status = B_GetDevice (&deviceName, rsaGen)) != 0)
break;
if ((status = B_GenerateKeypair
(rsaGen, pubKey, priKey, random, NULL_SURR)) != 0)
break;