Unable to wrap key using SunPKCS11 Provider

Paulo Ricardo Ribeiro paulo.ribeiro at multicert.com
Tue Nov 8 11:16:24 UTC 2011 

Hello

I'm trying to wrap a 3DES key, that is stored in a HSM, using the 
SunPKCS11 provider:

|  Cipher wrapper = Cipher.getInstance("DESede/CBC/NOPADDING", getProviderName());
  wrapper.init(Cipher.WRAP_MODE, wrappingKey,*new*  IvParameterSpec(iv));
  cText = wrapper.wrap(wrappedKey);
|



The problem is that I'm obtaining the following exception:

|java.security.InvalidAlgorithmParameterException: Unsupported mode: 3
	at sun.security.pkcs11.P11Cipher.implInit(P11Cipher.java:316)
	at sun.security.pkcs11.P11Cipher.engineInit(P11Cipher.java:280)
	at javax.crypto.Cipher.init(DashoA13*..)
	at javax.crypto.Cipher.init(DashoA13*..)

|


After searching for the source code, I've found that the provider only 
supports the ENCRYPT_MODE and DECRYPT_MODE

|// actual init() implementation
     *private*  *void*  implInit(*int*  opmode, Key key,*byte*[] iv,
             SecureRandom random)
             *throws*  InvalidKeyException, InvalidAlgorithmParameterException{
         cancelOperation();
         *switch*  (opmode){
             *case*  Cipher.ENCRYPT_MODE:
                 encrypt =*true*;
                 *break*;
             *case*  Cipher.DECRYPT_MODE:
                 encrypt =*false*;
                 *break*;
             *default*:
                 *throw*  *new*  InvalidAlgorithmParameterException
                         ("Unsupported mode:"  + opmode);
         }
       (...)
     }
|


The full source is available at 
http://javasourcecode.org/html/open-source/jdk/jdk-6u23/sun/security/pkcs11/P11Cipher.java.html

So, I was wondering if is there a way to wrap a key, using the SunPKCS11 
provider.

-- 

*Paulo Ricardo Ribeiro*
Departamento de Integração e Desenvolvimento

*MULTICERT - Serviços de Certificação Electrónica, S.A.*
www.multicert.com
–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––
*Para obter direcções para as nossas instalações carregue aqui* 
<http://maps.google.com/maps/ms?hl=en&ie=UTF8&view=map&msa=33&msid=112591748211978202235.00046047b74420975b193&abauth=b4c6c23a:Myc_CjSd9TJJt9sLpXutsU40-CI>
*Porto:*Av. Sidónio Pais, 379, Edifício B, Piso 1, Sala 5 – 4100–468 
Porto – Portugal
*T:*+351 223 391 810 | *F: *+351 223 391 811
–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20111108/d95a5813/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: cibgfegi.png
Type: image/png
Size: 7530 bytes
Desc: not available
URL: <https://mail.openjdk.org/pipermail/security-dev/attachments/20111108/d95a5813/cibgfegi.png>

More information about the security-dev mailing list