<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Hello<br>
<br>
I'm trying to wrap a 3DES key, that is stored in a HSM, using the
SunPKCS11 provider:<br>
<br>
<pre class="jive-pre"><code class="jive-code jive-java"> Cipher wrapper = Cipher.getInstance(<font color="red">"DESede/CBC/NOPADDING"</font>, getProviderName());
wrapper.init(Cipher.WRAP_MODE, wrappingKey, <font color="navy"><b>new</b></font> IvParameterSpec(iv));
cText = wrapper.wrap(wrappedKey);
</code></pre>
<br>
<br>
The problem is that I'm obtaining the following exception:<br>
<pre class="jive-pre"><code class="jive-code jive-java">java.security.InvalidAlgorithmParameterException: Unsupported mode: 3
at sun.security.pkcs11.P11Cipher.implInit(P11Cipher.java:316)
at sun.security.pkcs11.P11Cipher.engineInit(P11Cipher.java:280)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
</code></pre>
<br>
After searching for the source code, I've found that the provider
only supports the ENCRYPT_MODE and DECRYPT_MODE<br>
<br>
<pre class="jive-pre"><code class="jive-code jive-java"><font color="darkgreen">// actual init() implementation</font>
<font color="navy"><b>private</b></font> <font color="navy"><b>void</b></font> implInit(<font color="navy"><b>int</b></font> opmode, Key key, <font color="navy"><b>byte</b></font>[] iv,
SecureRandom random)
<font color="navy"><b>throws</b></font> InvalidKeyException, InvalidAlgorithmParameterException <font color="navy">{</font>
cancelOperation();
<font color="navy"><b>switch</b></font> (opmode) <font color="navy">{</font>
<font color="navy"><b>case</b></font> Cipher.ENCRYPT_MODE:
encrypt = <font color="navy"><b>true</b></font>;
<font color="navy"><b>break</b></font>;
<font color="navy"><b>case</b></font> Cipher.DECRYPT_MODE:
encrypt = <font color="navy"><b>false</b></font>;
<font color="navy"><b>break</b></font>;
<font color="navy"><b>default</b></font>:
<font color="navy"><b>throw</b></font> <font color="navy"><b>new</b></font> InvalidAlgorithmParameterException
(<font color="red">"Unsupported mode: "</font> + opmode);
<font color="navy">}</font>
(...)
<font color="navy">}</font>
</code></pre>
<br>
The full source is available at <a class="jive-link-external"
href="http://javasourcecode.org/html/open-source/jdk/jdk-6u23/sun/security/pkcs11/P11Cipher.java.html">http://javasourcecode.org/html/open-source/jdk/jdk-6u23/sun/security/pkcs11/P11Cipher.java.html</a><br>
<br>
So, I was wondering if is there a way to wrap a key, using the
SunPKCS11 provider.
<div class="moz-signature"><br>
-- <br>
<p><span style=""></span><font style="font:12pt
Arial;color:#1F497D"><b>Paulo Ricardo Ribeiro</b></font><br>
<span style=""></span><font style="font:8pt Arial;color:#1F497D">Departamento
de Integração e Desenvolvimento</font></p>
<p><img src="cid:part1.09080803.04080308@multicert.com"></p>
<p><span style=""></span><b><font style="font:9pt
Arial;color:#632423">MULTICERT - Serviços de Certificação
Electrónica, S.A.</font></b><br>
<span style=""></span><a href="www.multicert.com"><font
style="font:8pt Arial;">www.multicert.com</font></a><br>
<span style=""></span><font style="font:8pt Arial;color:#943634">–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––</font><br>
<span style=""></span><a
href="http://maps.google.com/maps/ms?hl=en&ie=UTF8&view=map&msa=33&msid=112591748211978202235.00046047b74420975b193&abauth=b4c6c23a:Myc_CjSd9TJJt9sLpXutsU40-CI"><b><font
style="font:8pt Arial;">Para obter direcções para as
nossas instalações carregue aqui</font></b></a><br>
<b><span style=""></span><font style="font:8pt
Arial;color:#4F81BD">Porto:</font></b><font style="font:8pt
Arial;color:#595959;"> Av. Sidónio Pais, 379, Edifício B, Piso
1, Sala 5 – 4100–468 Porto – Portugal </font><br>
<b><span style=""></span><font style="font:8pt
Arial;color:#4F81BD">T:</font></b><font style="font:8pt
Arial;color:#595959"> +351 223 391 810 | </font><b><font
style="font:8pt Arial;color:#4F81BD">F: </font></b><font
style="font:8pt Arial;color:#595959">+351 223 391 811</font><br>
<span style=""></span><font style="font:8pt Arial;color:#943634">–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––</font></p>
</div>
</body>
</html>