Nelson, I wonder if anything from this thread has any bearing here as you describe some FIPS restrictions: http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/a5d22af274d36c6a?pli=1
I've been trying to help out Alex in the Sun forums and pointed him over here with this issue. Does it matter whether the RSA and AES keys are session or token objects? I've imported the session AES into the token and then pulled it back out and done encrypt/decrypt which works fine. Wrapping and unwrapping are where the problem occurs. I can check and see if importing some RSA keys via pk12util into the database and then pulling them out makes any difference. Dave -----Original Message----- > raw Key : SunPKCS11-NSScrypto AES secret key, 128 bits (id 12, session > object, sensitive, extractable) > java.security.InvalidKeyException: Could not create key > at sun.security.pkcs11.P11SecretKeyFactory.createKey > (P11SecretKeyFactory.java:226) > at sun.security.pkcs11.P11SecretKeyFactory.convertKey > (P11SecretKeyFactory.java:131) > at sun.security.pkcs11.P11Cipher.engineGetKeySize(P11Cipher.java:582) > at javax.crypto.Cipher.b(DashoA13*..) > at javax.crypto.Cipher.a(DashoA13*..) > at javax.crypto.Cipher.init(DashoA13*..) > at javax.crypto.Cipher.init(DashoA13*..) > at EncryptionTest.main(EncryptionTest.java:88) Are you sure this is not coming from the cipher.unwrap call? If you add a line of code to print info about the unwrapped key, does it show that key to be in the NSS token? > Can anybody tell me what am I doing wrong? Or, may be, point me to > some working JAVA code that performs wrap/unwrap of the key in NSS > token? Maybe one of our seasoned Java veterans can help with those questions. _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
