Cannot wrap an EC key?
Wei-Jun Wang
weijun.wang at oracle.com
Thu Dec 19 04:11:33 UTC 2024
No, it’s the EncryptedPrivateKeyInfo format and internally the data is PKCS8. I can unwrap it with a cipher from SunJCE.
BTW, I made a mistake in my first mail. The config needn’t be sensitive. Then I am able to use the key to init a SunJCE cipher.
—Weijun
> On Dec 18, 2024, at 22:02, Mike StJohns <mstjohns at comcast.net> wrote:
>
> If I had to make a wild guess, I’d guess that the wrapped key doesn’t include the curve info. If the length of the wrapped data is only 40 bytes, then all you have is the x from the private key. I’m wondering if the algorithm has to include the curve info.
>
> Something like “EC/secp256r1”?
>
> If it’s longer than 40 bytes (or 8 plus the length of the private key data for a given curve) then something besides the bare private key has been wrapped.
>
> For some unknown reason, the format of the key material being wrapped was not specified by PKCS11.
>
> Mike
>
> Sent from my iPad
>
>> On Dec 18, 2024, at 19:23, Wei-Jun Wang <weijun.wang at oracle.com> wrote:
>>
>> Hi, PKCS #11 gurus,
>>
>> var sp = KeyPairGenerator.getInstance("EC", p).generateKeyPair().getPrivate();
>> var k = KeyGenerator.getInstance("AES", p).generateKey();
>>
>> var cipher = Cipher.getInstance("AES/KW/PKCS5Padding", p);
>> cipher.init(Cipher.WRAP_MODE, k);
>> var wrapped = cipher.wrap(sp);
>> cipher.init(Cipher.UNWRAP_MODE, k);
>> cipher.unwrap(wrapped, "EC", Cipher.PRIVATE_KEY);
>>
>> Here, p is SunPKCS11-NSS using sensitive config, and the last unwrap method reports an CKR_TEMPLATE_INCOMPLETE error. It runs fine with RSA.
>>
>> Thanks,
>> Weijun
>>
>>
>
More information about the security-dev
mailing list