Exporting a public key/object from token.

Question

Exporting a public key/object from token.

Closed this issue 2 years ago · 3 comments

I want to export a public key from the token.
I can list and get key as "Pkcs11\Key" and certificates as "Pkcs11\P11Object". Using "getAttributeValue" with the Key doesn't return a "CKA_VALUE".
I could not find any sample code or documentation on how to extract objects on PHP using php-pkcs11.
thank you.

$va = $session->findObjects([  Pkcs11\CKA_LABEL => 'user_keypair',  Pkcs11\CKA_CLASS => Pkcs11\CKO_PUBLIC_KEY,   Pkcs11\CKA_KEY_TYPE => Pkcs11\CKK_RSA, ]);
var_dump($va);

foreach ($va as $foundObject) {
        $attributes = $foundObject->getAttributeValue([
                #Pkcs11\CKA_VALUE,
                Pkcs11\CKA_LABEL,
        ]);
        var_dump($attributes);
}

Answer 1 · 2022-12-14T05:10:25.000Z

You cannot recover an RSA public key as a single CKA_VALUE attribute. You need to fetch each component of the key individually:

$attributes = $foundObject->getAttributeValue([
        Pkcs11\CKA_MODULUS,
        Pkcs11\CKA_MODULUS_BITS,
        Pkcs11\CKA_PUBLIC_EXPONENT,
]);

I hope that helps

Answer 2 · 2022-12-16T16:27:25.000Z

Thank you. It did the trick.
this is a great PHP module.
best regards.

Answer 3 · 2022-12-16T23:12:21.000Z

Always a pleasure!