Internal Server Error (0x00000007/CKR_ARGUMENTS_BAD) PKCS#11 module error: Unable to encrypt [/website/test/***/Hsm.php:119]
Closed this issue · 2 comments
Internal Server Error
(0x00000007/CKR_ARGUMENTS_BAD) PKCS#11 module error: Unable to encrypt [/website/test/app/index/Hsm.php:119]
I use it directly https://github.com/gamringer/php-pkcs11 Address, error reporting.
$iv = random_bytes(16);
$aad = '';
$tagLength = 128;
$gcmParams = new Pkcs11\GcmParams($iv, $aad, $tagLength);
$data = 'Hello World!';
$mechanism = new Pkcs11\Mechanism(Pkcs11\CKM_AES_GCM, $gcmParams);
$ciphertext = $key->encrypt($mechanism, $data);
var_dump(bin2hex($ciphertext));
// string(56) "67940e19213d68c88d163b12d6cd565300f70d693309b5b744085b35"
$plaintext = $key->decrypt($mechanism, $ciphertext);
var_dump($plaintext);
// string(12) "Hello World!"
The encryption and decryption process cannot be used like the instance.
Encryption and decryption can be encrypted and decrypted normally.
However, after the encryption and decryption are separated, the encryption can be, but it cannot be decrypted. All of them fail to decrypt.
We look forward to your reply。
Hi,
you say that the encrypt and decrypt functions work well when they are coupled together, but decryption fails when both are separated. Would you be able to provide an example of this ? With some example data, ciphertexts, IV & AAD value
Hello,
At present, it has been debugged.
Using the columns on 'GitHub' failed. The following method is OK Gets the object of the key
This separation can be used for normal encryption and decryption.
$objects = $session->findObjects([
\Pkcs11\CKA_CLASS => \Pkcs11\CKO_SECRET_KEY,
\Pkcs11\CKA_KEY_TYPE => \Pkcs11\CKK_AES,
\Pkcs11\CKA_VALUE_LEN => 32,
]);
return reset($objects);I intend to open up the code with good mode and provide it to friends who need it. If we encounter difficulties, we can discuss and learn from each other.