Cannot wrap an EC key?
Wei-Jun Wang
weijun.wang at oracle.com
Thu Dec 19 00:22:44 UTC 2024
Hi, PKCS #11 gurus,
var sp = KeyPairGenerator.getInstance("EC", p).generateKeyPair().getPrivate();
var k = KeyGenerator.getInstance("AES", p).generateKey();
var cipher = Cipher.getInstance("AES/KW/PKCS5Padding", p);
cipher.init(Cipher.WRAP_MODE, k);
var wrapped = cipher.wrap(sp);
cipher.init(Cipher.UNWRAP_MODE, k);
cipher.unwrap(wrapped, "EC", Cipher.PRIVATE_KEY);
Here, p is SunPKCS11-NSS using sensitive config, and the last unwrap method reports an CKR_TEMPLATE_INCOMPLETE error. It runs fine with RSA.
Thanks,
Weijun
More information about the security-dev
mailing list