Chapter 4 Using Crypto-C 141
Using Cryptographic Hardware
info types if it is a key that resides on the token and is not private.
Now you can send the public key to whomever you want. You can also save the
private key token info. If you give that token info (which consists of a manufacturer's
ID and a key handle) to Crypto-C again, you can use the key on the token.
Incidentally, the key handle is the internalKey field of the
KI_TOKEN_INFO and for the
PKCS #11 interface, Crypto-C uses the key class, key type and digest of the modulus
as the handle. Crypto-C sets the
CKA_ID attribute of the token key with the digest of
the modulus. See the "Advanced PKCS 11” section for more information.
Now that we have a key pair, we can sign.
KI_TOKEN_INFO *priKeyToken = (KI_TOKEN_INFO *)NULL_PTR;
ITEM *pubKeyInfo = (ITEM *)NULL_PTR;
if ((status = B_GetKeyInfo
((POINTER *)&priKeyToken, priKey, KI_Token)) != 0)
break;
if ((status = B_GetKeyInfo
((POINTER *)&pubKeyInfo, pubKey,
KI_RSAPublicBER)) != 0)
break;
if ((status = B_CreateAlgorithmObject (&signer)) != 0)
break;
if ((status = B_SetAlgorithmInfo
(signer, AI_MD5WithRSAEncryption, NULL_PTR)) != 0)
break;
if ((status = B_SignInit
(signer, priKey, hwChooserSign, NULL_SURR)) != 0)
break;
if ((status = B_SignUpdate
(signer, dataToSign, dataToSignLen, NULL_SURR)) != 0)
break;
if ((status = B_SignFinal
(signer, signature, &sigLen, sizeof (signature),
NULL_RAND, NULL_SURR)) != 0)
break;
