<html>
  <head>
    <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    Hello again<br>
    <br>
    the key, on the HSM is flagged as "Extractable", but, since the only
    way to actually extract it is by wrapping it, for now it is
    impossible to do it.<br>
    For now I'll have to use the vendor's "Proprietary API", but I'm
    glad to hear that this issue will be solved in jdk7 update.<br>
    <br>
    Thanks for your time,<br>
    <br>
    Paulo Ricardo<br>
    <br>
    <br>
    On 21-11-2011 19:25, Valerie (Yu-Ching) Peng wrote:
    <blockquote cite="mid:4ECAA5BF.4050403@oracle.com" type="cite">
      <meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
      <br>
      The support for key wrapping and unwrapping is tracked under <br>
      4898471 "Support for key wrapping and unwrapping"<br>
      <br>
      I assume that the 3DES key is unextractable? If yes, I am afraid
      that
      this would require that 4898471 be fixed.<br>
      I'll fix this in jdk7 update and later releases.<br>
      Thanks,<br>
      Valerie<br>
      <br>
      On 11/08/11 03:16, Paulo Ricardo Ribeiro wrote:
      <blockquote cite="mid:4EB90F88.1000109@multicert.com" type="cite">
        <meta http-equiv="content-type" content="text/html;
          charset=UTF-8">
        Hello<br>
        <br>
        I'm trying to wrap a 3DES key, that is stored in a HSM, using
        the
        SunPKCS11 provider:<br>
        <br>
        <pre class="jive-pre"><code class="jive-code jive-java"> Cipher wrapper = Cipher.getInstance(<font color="red">"DESede/CBC/NOPADDING"</font>, getProviderName());
 wrapper.init(Cipher.WRAP_MODE, wrappingKey, <font color="navy"><b>new</b></font> IvParameterSpec(iv));
 cText = wrapper.wrap(wrappedKey);
</code></pre>
        <br>
        <br>
        The problem is that I'm obtaining the following exception:<br>
        <pre class="jive-pre"><code class="jive-code jive-java">java.security.InvalidAlgorithmParameterException: Unsupported mode: 3
        at sun.security.pkcs11.P11Cipher.implInit(P11Cipher.java:316)
        at sun.security.pkcs11.P11Cipher.engineInit(P11Cipher.java:280)
        at javax.crypto.Cipher.init(DashoA13*..)
        at javax.crypto.Cipher.init(DashoA13*..)
 
</code></pre>
        <br>
        After searching for the source code, I've found that the
        provider only
        supports the ENCRYPT_MODE and DECRYPT_MODE<br>
        <br>
        <pre class="jive-pre"><code class="jive-code jive-java"><font color="darkgreen">// actual init() implementation</font>
    <font color="navy"><b>private</b></font> <font color="navy"><b>void</b></font> implInit(<font color="navy"><b>int</b></font> opmode, Key key, <font color="navy"><b>byte</b></font>[] iv,
            SecureRandom random)
            <font color="navy"><b>throws</b></font> InvalidKeyException, InvalidAlgorithmParameterException <font color="navy">{</font>
        cancelOperation();
        <font color="navy"><b>switch</b></font> (opmode) <font color="navy">{</font>
            <font color="navy"><b>case</b></font> Cipher.ENCRYPT_MODE:
                encrypt = <font color="navy"><b>true</b></font>;
                <font color="navy"><b>break</b></font>;
            <font color="navy"><b>case</b></font> Cipher.DECRYPT_MODE:
                encrypt = <font color="navy"><b>false</b></font>;
                <font color="navy"><b>break</b></font>;
            <font color="navy"><b>default</b></font>:
                <font color="navy"><b>throw</b></font> <font color="navy"><b>new</b></font> InvalidAlgorithmParameterException
                        (<font color="red">"Unsupported mode: "</font> + opmode);
        <font color="navy">}</font>
      (...)
    <font color="navy">}</font>
</code></pre>
        <br>
        The full source is available at <a moz-do-not-send="true"
          class="jive-link-external"
href="http://javasourcecode.org/html/open-source/jdk/jdk-6u23/sun/security/pkcs11/P11Cipher.java.html">http://javasourcecode.org/html/open-source/jdk/jdk-6u23/sun/security/pkcs11/P11Cipher.java.html</a><br>
        <br>
        So, I was wondering if is there a way to wrap a key, using the
        SunPKCS11 provider.
        <div class="moz-signature"><br>
          -- <br>
          <p><span style=""></span><font style="font-family: Arial;
              font-style: normal; font-variant: normal; font-weight:
              normal; font-size: 12pt; line-height: normal;
              font-size-adjust: none; font-stretch: normal; color:
              rgb(31, 73, 125);"><b>Paulo
                Ricardo Ribeiro</b></font><br>
            <span style=""></span><font style="font-family: Arial;
              font-style: normal; font-variant: normal; font-weight:
              normal; font-size: 8pt; line-height: normal;
              font-size-adjust: none; font-stretch: normal; color:
              rgb(31, 73, 125);">Departamento
              de Integração e Desenvolvimento</font></p>
          <p><img src="cid:part1.06040701.09060609@multicert.com"></p>
          <p><span style=""></span><b><font style="font-family: Arial;
                font-style: normal; font-variant: normal; font-weight:
                normal; font-size: 9pt; line-height: normal;
                font-size-adjust: none; font-stretch: normal; color:
                rgb(99, 36, 35);">MULTICERT
                - Serviços de Certificação Electrónica, S.A.</font></b><br>
            <span style=""></span><a moz-do-not-send="true"
              href="www.multicert.com"><font style="font-family: Arial;
                font-style: normal; font-variant: normal; font-weight:
                normal; font-size: 8pt; line-height: normal;
                font-size-adjust: none; font-stretch: normal;">www.multicert.com</font></a><br>
            <span style=""></span><font style="font-family: Arial;
              font-style: normal; font-variant: normal; font-weight:
              normal; font-size: 8pt; line-height: normal;
              font-size-adjust: none; font-stretch: normal; color:
              rgb(148, 54, 52);">–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––</font><br>
            <span style=""></span><a moz-do-not-send="true"
href="http://maps.google.com/maps/ms?hl=en&ie=UTF8&view=map&msa=33&msid=112591748211978202235.00046047b74420975b193&abauth=b4c6c23a:Myc_CjSd9TJJt9sLpXutsU40-CI"><b><font
                  style="font-family: Arial; font-style: normal;
                  font-variant: normal; font-weight: normal; font-size:
                  8pt; line-height: normal; font-size-adjust: none;
                  font-stretch: normal;">Para
                  obter direcções para as nossas instalações carregue
                  aqui</font></b></a><br>
            <b><span style=""></span><font style="font-family: Arial;
                font-style: normal; font-variant: normal; font-weight:
                normal; font-size: 8pt; line-height: normal;
                font-size-adjust: none; font-stretch: normal; color:
                rgb(79, 129, 189);">Porto:</font></b><font
              style="font-family: Arial; font-style: normal;
              font-variant: normal; font-weight: normal; font-size: 8pt;
              line-height: normal; font-size-adjust: none; font-stretch:
              normal; color: rgb(89, 89, 89);">
              Av. Sidónio Pais, 379, Edifício B, Piso 1, Sala 5 –
              4100–468 Porto –
              Portugal </font><br>
            <b><span style=""></span><font style="font-family: Arial;
                font-style: normal; font-variant: normal; font-weight:
                normal; font-size: 8pt; line-height: normal;
                font-size-adjust: none; font-stretch: normal; color:
                rgb(79, 129, 189);">T:</font></b><font
              style="font-family: Arial; font-style: normal;
              font-variant: normal; font-weight: normal; font-size: 8pt;
              line-height: normal; font-size-adjust: none; font-stretch:
              normal; color: rgb(89, 89, 89);">
              +351 223 391 810 | </font><b><font style="font-family:
                Arial; font-style: normal; font-variant: normal;
                font-weight: normal; font-size: 8pt; line-height:
                normal; font-size-adjust: none; font-stretch: normal;
                color: rgb(79, 129, 189);">F: </font></b><font
              style="font-family: Arial; font-style: normal;
              font-variant: normal; font-weight: normal; font-size: 8pt;
              line-height: normal; font-size-adjust: none; font-stretch:
              normal; color: rgb(89, 89, 89);">+351
              223 391 811</font><br>
            <span style=""></span><font style="font-family: Arial;
              font-style: normal; font-variant: normal; font-weight:
              normal; font-size: 8pt; line-height: normal;
              font-size-adjust: none; font-stretch: normal; color:
              rgb(148, 54, 52);">–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––</font></p>
        </div>
      </blockquote>
      <br>
    </blockquote>
    <br>
    <div class="moz-signature">-- <br>
      <p><span style=""></span><font style="font:12pt
          Arial;color:#1F497D"><b>Paulo Ricardo Ribeiro</b></font><br>
        <span style=""></span><font style="font:8pt Arial;color:#1F497D">Departamento
          de Integração e Desenvolvimento</font></p>
      <p><img src="cid:part2.05090303.03020405@multicert.com"></p>
      <p><span style=""></span><b><font style="font:9pt
            Arial;color:#632423">MULTICERT - Serviços de Certificação
            Electrónica, S.A.</font></b><br>
        <span style=""></span><a href="www.multicert.com"><font
            style="font:8pt Arial;">www.multicert.com</font></a><br>
        <span style=""></span><font style="font:8pt Arial;color:#943634">–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––</font><br>
        <span style=""></span><a
href="http://maps.google.com/maps/ms?hl=en&ie=UTF8&view=map&msa=33&msid=112591748211978202235.00046047b74420975b193&abauth=b4c6c23a:Myc_CjSd9TJJt9sLpXutsU40-CI"><b><font
              style="font:8pt Arial;">Para obter direcções para as
              nossas instalações carregue aqui</font></b></a><br>
        <b><span style=""></span><font style="font:8pt
            Arial;color:#4F81BD">Porto:</font></b><font style="font:8pt
          Arial;color:#595959;"> Av. Sidónio Pais, 379, Edifício B, Piso
          1, Sala 5 – 4100–468 Porto – Portugal </font><br>
        <b><span style=""></span><font style="font:8pt
            Arial;color:#4F81BD">T:</font></b><font style="font:8pt
          Arial;color:#595959"> +351 223 391 810 | </font><b><font
            style="font:8pt Arial;color:#4F81BD">F: </font></b><font
          style="font:8pt Arial;color:#595959">+351 223 391 811</font></p>
      <p><b><span style=""></span><font style="font:8pt
            Arial;color:#4F81BD">M:</font></b><font style="font:8pt
          Arial;color:#595959"> +351 925 770 081 | </font><b><font
            style="font:8pt Arial;color:#4F81BD">Email:</font></b><font
          style="font:8pt Arial"> <a
            href="mailto:paulo.ribeiro@multicert.com">paulo.ribeiro@multicert.com</a></font><br>
        <span style=""></span><font style="font:8pt Arial;color:#943634">–––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––</font></p>
    </div>
  </body>
</html>