Id Prime md 840/841 Smart Card - PKCS#11 GenerateKeyPair() errors | Thales IoT Developer Community
April 25, 2018 - 2:24pm, 1883 views
I'am testing your IDPrime 840(Applet ver: Id Prime Java Card 4.1.2 F) and 841(Applet ver: Id Prime Java Card 4.0.2 K) smart cards. I received the information that in order to generate keys (for example RSA) or use the remaining crypto possibilities of the card, I should use the PKCS # 11 libraries. I want to generate pair of RSA keys.
My application does the following steps:
1. Initializes the Cryptoki library
2. Defines the mechanism CKM_RSA_PKCS_KEY_PAIR_GEN and opens the slot (with checking the two flags: flags: 65537 = CKF_HW | CKF_GENERATE_KEY_PAIR)
3. Opens the session for the smart card (in CKF_SERIAL_SESSION ****)
4. Logs in to the card with pin (C_Login function)
After correctly completing the above steps, it uses the C_GenerateKeyPair () function that returns the error depending on the value of the CKA_TOKEN attribute.. When the CKA_TOKEN attribute is set to false in the public and private key template, we get the response CKR_ATTRIBUTE_VALUE_INVALID (0x00000013), if the parameter CKA_TOKEN is set to true program return error CKR_SESSION_READ_ONLY (0x000000B5).
If the session is started in the CKF_RW_SESSION ****, the GenerateKeyPair () function will return the error CKR_SESSION_PARALLEL_NOT_SUPPORTED (0x000000B4).
Why is it not possible to generate the aforementioned RSA key pair and what are the possibilities to repair these errors?