PKCS11：查找公钥对象

PKCS11：查找公钥对象

        在PKCS11中，如果要查找公钥对象，需要对应对象属性模板。一般公钥对象分为“加密公钥”和“验证签名公钥”，由此可以定义两个不同的属性模板。比如：

1、加密公钥查找属性模板：

	CK_ATTRIBUTE encryptKey_Attrs[ 5 ] = {{ CKA_CLASS, (unsigned *)&ckoPubKey, sizeof(unsigned) },{ CKA_TOKEN, (unsigned char *)&trueValue, 1 },{ CKA_PRIVATE, (unsigned char *)&falseValue, 1 },{ CKA_ENCRYPT, (unsigned char *)&trueValue, 1 },{ CKA_KEY_TYPE, (LPBYTE)&ckkRsa, 4 },};

2、验签公钥查找属性模板：

	CK_ATTRIBUTE verifyKey_Attrs[ 5 ] = {{ CKA_CLASS, (unsigned *)&ckoPubKey, sizeof(unsigned) },{ CKA_TOKEN, (unsigned char *)&trueValue, 1 },{ CKA_PRIVATE, (unsigned char *)&falseValue, 1 },{ CKA_VERIFY, (unsigned char *)&trueValue, 1 },{ CKA_KEY_TYPE, (LPBYTE)&ckkRsa, 4 },};

其中：

ckoPubKey定义为：CKO_PUBLIC_KEY

ckkRsa定义为：CKK_RSA

trueValue定义为：1

falseValue定义为：0

        有了模板之后，可以根据实际需要、指定公钥算法类型等进行查找。完整代码如下：

CK_OBJECT_HANDLE _FindPubKeyObj(CK_SESSION_HANDLE hSession, BOOL bIsExchKey, ULONG ckaType, LPBYTE data, ULONG size)
{CK_RV rv = CKR_OK;CK_ULONG findCount = 0;CK_OBJECT_HANDLE hKey = 0;CK_ATTRIBUTE encryptKey_Attrs[ 5 ] = {{ CKA_CLASS, (unsigned *)&ckoPubKey, sizeof(unsigned) },{ CKA_TOKEN, (unsigned char *)&trueValue, 1 },{ CKA_PRIVATE, (unsigned char *)&falseValue, 1 },{ CKA_ENCRYPT, (unsigned char *)&trueValue, 1 },{ ckaType, data, size },};CK_ATTRIBUTE verifyKey_Attrs[ 5 ] = {{ CKA_CLASS, (unsigned *)&ckoPubKey, sizeof(unsigned) },{ CKA_TOKEN, (unsigned char *)&trueValue, 1 },{ CKA_PRIVATE, (unsigned char *)&falseValue, 1 },{ CKA_VERIFY, (unsigned char *)&trueValue, 1 },{ ckaType, data, size },};FUNC_BEGIN;rv = m_pPKCS11Proxy->C_FindObjectsInit( hSession, bIsExchKey ? encryptKey_Attrs : verifyKey_Attrs, data ? 5 : 4);rv = m_pPKCS11Proxy->C_FindObjects( hSession, &hKey, 1, &findCount);rv = m_pPKCS11Proxy->C_FindObjectsFinal( hSession );FUNC_END;return hKey;
}

CK_OBJECT_HANDLE hPubKey = 0;
hPubKey = _FindPubKeyObj(m_hSession, TRUE, CKA_KEY_TYPE, (LPBYTE)&ckkRsa, 4);

CK_OBJECT_HANDLE hPubKey = 0;
hPubKey = _FindPubKeyObj(m_hSession, FLASE, CKA_KEY_TYPE, (LPBYTE)&ckkRsa, 4);