generate RSA key in pkcs11 hsm

917 views Asked by At

I use Safenet HSM in my software for generate and keep the the key. After each time run the software generate key in HSM but after each time the key is same. The HSM generate same key for Infinite run the software. Why? I use this attribute for HSM in software :

library=/usr/lunasa/lib/libCryptoki2.so slot=1 attributes(generate, *, ) = { CKA_TOKEN = true } attributes(, CKO_PUBLIC_KEY, ) = { CKA_ENCRYPT = true CKA_VERIFY = true CKA_WRAP = true } attributes(, CKO_PRIVATE_KEY, *) = { CKA_PRIVATE = true
CKA_EXTRACTABLE = false CKA_SIGN = true CKA_UNWRAP = true }

I shall be use random seed for generate random RSA key any time in HSM? This picture show attribute in config file of HSM.hsm.properties And in source code I use this code

  protected KeyPair generateKeyPair(int purpose, String keyPairAlias) throws ManagerException, SQLException {
        PreparedStatement stmt;
        int iType;
        String name = device.name().toLowerCase();
        if (name.equals("software")) {
            iType = 0;
        } else if (name.equals("hsm")) {
            iType = 1;
        } else {
            throw new IllegalArgumentException("key manager type not recognised.");
        }

        String alg = parameters.getProperty("keypair_alg", "rsa").toLowerCase();
        KeyManager.KEY_PAIR_ALG keyalg;
        if (alg.equals("rsa")) {
            keyalg = KeyManager.KEY_PAIR_ALG.RSA;
        } else if (alg.equals("dsa")) {
            keyalg = KeyManager.KEY_PAIR_ALG.DSA;
        } else {
            throw new IllegalArgumentException("key pair algorithm not recognised.");
        }
        int size = Integer.parseInt(parameters.getProperty("root_key_length", "1024"));
        String alias = parameters.getProperty("keypair_alias", keyPairAlias);

        KeyManager manager = new KeyManager(device);
        if((manager.containsAlias(alias))&&(device==CryptoSettings.CRYPTO_DEVICE.HSM)){
            manager.deleteEntry(alias);
        }
        keyPair = manager.generateKeyPair(keyalg, size);

        String sql = "insert into " + schema + ".keys";
        sql += "(id, status, alias, algorithm, length, type1, usage, usagenote, storagetype) values(";
        sql += "nextval('" + schema + ".seq_" + schema + "_keys_id'),1,?,?,?,?,?,?,?)";
        stmt = cnn.prepareStatement(sql);

        //perpare to insert public key
        stmt.setString(1, alias + "_pub");
        stmt.setString(2, alg.toUpperCase());
        stmt.setInt(3, size);
        stmt.setInt(4, 1); //public key
        stmt.setInt(5, purpose);  //key pair will be used for external signature purposes.
        stmt.setString(6, "This key will be used for external signature generation purpose.");
        stmt.setInt(7, iType);
        stmt.execute();

        stmt = cnn.prepareStatement(sql);
        //perpare to insert private key
        stmt.setString(1, alias + "_prv");
        stmt.setString(2, alg.toUpperCase());
        stmt.setInt(3, size);
        stmt.setInt(4, 2); //private key
        stmt.setInt(5, purpose);  //key pair will be used for external signature purposes.
        stmt.setString(6, "This key will be used for external signature verification purpose.");
        stmt.setInt(7, iType);
        stmt.execute();

        sql = "insert into " + schema + ".keypair(id, publickeyid, privatekeyid) " +
                "values(nextval('" + schema + ".seq_" + schema + "_keypair_id')," +
                "currval('" + schema + ".seq_" + schema + "_keys_id')-1,currval('" + schema + ".seq_" + schema + "_keys_id'))";
        System.out.println(sql);
        stmt = cnn.prepareStatement(sql);
        stmt.execute();

        if (device == CryptoSettings.CRYPTO_DEVICE.HSM) {
            manager.save(keyPair, alias);
        } else {
            sql = "insert into keystore(id,keyid,rawdata) values(seq_" + schema + "_keystore_id.nextval," +
                    "seq_" + schema + "_key_id.currval-1,?)";
            stmt = cnn.prepareStatement(sql);
            stmt.setBytes(1, keyPair.getPublic().getEncoded());
            stmt.execute();

            sql = "insert into keystore(id,keyid,rawdata) values(seq_" + schema + "_keystore_id.nextval," +
                    "seq_" + schema + "_key_id.currval,?)";
            stmt = cnn.prepareStatement(sql);
            stmt.setBytes(1, keyPair.getPrivate().getEncoded());
            stmt.execute();
        }
        return keyPair;
    }

and this

 public KeyPair generateKeyPair(KEY_PAIR_ALG alg, int size) throws ManagerException {
        KeyPair result = null;
        try {
            java.security.KeyPairGenerator keygen;
            keygen = java.security.KeyPairGenerator.getInstance(alg.name(), Settings.getProvider(type));
            keygen.initialize(size);
            java.security.KeyPair keypair = keygen.generateKeyPair();

            result = KeyPairImpl.getInstance(keypair, type);

        } catch (Throwable t) {
            throw new ManagerException(t);
        }
        return result;
    }

and Provider code is

 public static Provider getProvider(CryptoSettings.CRYPTO_DEVICE type) {
        Provider result = null;
        switch (type) {
            case Software:
                result = bcProvider;
                break;
            case HSM:
                result = hsmprovider;
                break;
            case AdminToken:
                result = adminTokenProvider;
                break;
            case UserToken:
                result = userTokenProvider;
                break;
        }

Why have same key in any time?

0

There are 0 answers