Cannot wrap an EC key?
Mike StJohns
mstjohns at comcast.net
Thu Dec 19 03:02:26 UTC 2024
If I had to make a wild guess, I’d guess that the wrapped key doesn’t include the curve info. If the length of the wrapped data is only 40 bytes, then all you have is the x from the private key. I’m wondering if the algorithm has to include the curve info.
Something like “EC/secp256r1”?
If it’s longer than 40 bytes (or 8 plus the length of the private key data for a given curve) then something besides the bare private key has been wrapped.
For some unknown reason, the format of the key material being wrapped was not specified by PKCS11.
Mike
Sent from my iPad
> On Dec 18, 2024, at 19:23, Wei-Jun Wang <weijun.wang at oracle.com> wrote:
>
> Hi, PKCS #11 gurus,
>
> var sp = KeyPairGenerator.getInstance("EC", p).generateKeyPair().getPrivate();
> var k = KeyGenerator.getInstance("AES", p).generateKey();
>
> var cipher = Cipher.getInstance("AES/KW/PKCS5Padding", p);
> cipher.init(Cipher.WRAP_MODE, k);
> var wrapped = cipher.wrap(sp);
> cipher.init(Cipher.UNWRAP_MODE, k);
> cipher.unwrap(wrapped, "EC", Cipher.PRIVATE_KEY);
>
> Here, p is SunPKCS11-NSS using sensitive config, and the last unwrap method reports an CKR_TEMPLATE_INCOMPLETE error. It runs fine with RSA.
>
> Thanks,
> Weijun
>
>
More information about the security-dev
mailing list