If I wrap/unwrap with a token object RSA key, I get a different error trying to
encrypt with the unwrapped AES key:
RSA key from NSS DB: SunPKCS11-NSSfips RSA private key, 2048 bits (id
2464323849, token object, sensitive, extractable)
pulled sym key out of keystore? SunPKCS11-NSSfips AES secret key, 16 bits (id
3126949473, token object, sensitive, extractable)
Wrapped symmetric key with RSA key, wrapped size = 256
Unwrapped symmetric key using RSA private key, unwrapped key:
javax.crypto.spec.secretkeys...@17fde
Exception in thread "main" java.security.InvalidKeyException: Could not create
key
at
sun.security.pkcs11.P11SecretKeyFactory.createKey(P11SecretKeyFactory.java:226)
at
sun.security.pkcs11.P11SecretKeyFactory.convertKey(P11SecretKeyFactory.java:131)
at sun.security.pkcs11.P11Cipher.engineGetKeySize(P11Cipher.java:582)
at javax.crypto.Cipher.b(DashoA13*..)
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at NssPkcs11.main(NssPkcs11.java:62)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception:
CKR_ATTRIBUTE_VALUE_INVALID
at sun.security.pkcs11.wrapper.PKCS11.C_CreateObject(Native Method)
at
sun.security.pkcs11.P11SecretKeyFactory.createKey(P11SecretKeyFactory.java:221)
... 7 more
Dave
-----Original Message-----
Actually, the cipher.unwrap call passes fine, but when I print the
unwrappedKey - it looks like a secretKeySpec rather than a key that
resides in NSS token. But I can't figure out what am I doing wrong -
'cause I explicitly pass provider to all my cipher initializations...
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
