Using Cryptographic Hardware

destroying, or copy it into your own buffer. Since you generated the key pair only to be able to extract the parameters, you will almost certainly want to simply throw away the generated keys.

Once you have the parameters, you can generate a key pair using PKCS #11. This will look just like RSA key pair generation, except instead of using AM_PKCS11_RSA_KEY_GEN, you will use AM_PKCS11_DSA_KEY_GEN. Also, when you use AI_KeypairGen, you will fill the keypairGenInfoType field of the B_KEYPAIR_GEN_PARAMS input data struct with AI_DSAKeyGen.

B_ALGORITHM_OBJ p11DSAKeyGen = (B_ALGORITHM_OBJ)NULL_PTR;

B_KEYPAIR_GEN_PARAMS p11KeyGenParams;

p11KeyGenParams.privateKeyAttributes.tokenFlag =

TF_PRIVATE;

p11KeyGenParams.privateKeyAttributes.keyUsage =

CF_DIGITAL_SIGNATURE;

p11KeyGenParams.privateKeyAttributes.start = 0; p11KeyGenParams.privateKeyAttributes.end = 0; p11KeyGenParams.publicKeyAttributes.tokenFlag = 0; p11KeyGenParams.publicKeyAttributes.keyUsage =

CF_DIGITAL_SIGNATURE;

p11KeyGenParams.privateKeyAttributes.start = 0; p11KeyGenParams.privateKeyAttributes.end = 0; p11KeyGenParams.keypairGenInfoType = AI_DSAKeyGen; p11KeyGenParams.keypairGenInfo =

(POINTER)&(pubKeyData->params);

if ((status = B_CreateAlgorithmObject (&p11DSAKeyGen)) != 0)

break;

if ((status = B_SetAlgorithmInfo (p11DSAKeyGen, AI_KeypairGen, (POINTER)&p11KeyGenParams)) != 0)

break;

1 4 6

R S A B S A F E C r y p t o - C D e v e l o p e r ’s G u i d e

Page 168
Image 168
RSA Security 5.2.2 manual P11KeyGenParams.privateKeyAttributes.keyUsage =, POINTER&pubKeyData-params