Java SunPKCS11 JCE RSA key wrapping exception -
i have 2 rsa key pairs on 1 device: rsa1 , rsa2. wrap rsa1 private key rsa2 public key using ckm_rsa_pkcs mechanis.
i have following code:
keystore ks = keystore.getinstance("pkcs11", p); ks.load(null, pin); x509certificate cert1 = (x509certificate) ks.getcertificate("rsa1"); publickey pubk1 = cert1.getpublickey(); privatekey privk1 = (privatekey) ks.getkey("rsa1", pin); x509certificate cert2 = (x509certificate) ks.getcertificate("rsa2"); publickey pubk2 = cert2.getpublickey(); privatekey privk2 = (privatekey) ks.getkey("rsa2", pin); cipher cipher = cipher.getinstance("rsa/ecb/pkcs1padding", p); cipher.init(cipher.wrap_mode, pubk2); // here exception byte[] output = cipher.dofinal(privk1.getencoded()); i following exception:
exception in thread "main" java.security.invalidkeyexception: not create rsa public key @ sun.security.pkcs11.p11rsakeyfactory.impltranslatepublickey(p11rsakeyfactory.java:70) @ sun.security.pkcs11.p11keyfactory.enginetranslatekey(p11keyfactory.java:128) @ sun.security.pkcs11.p11keyfactory.convertkey(p11keyfactory.java:65) @ sun.security.pkcs11.p11rsacipher.implinit(p11rsacipher.java:187) @ sun.security.pkcs11.p11rsacipher.engineinit(p11rsacipher.java:160) @ javax.crypto.cipher.init(cipher.java:1210) @ javax.crypto.cipher.init(cipher.java:1153) @ testwrap.go(testwrap.java:86) @ testwrap.main(testwrap.java:40) caused by: sun.security.pkcs11.wrapper.pkcs11exception: ckr_attribute_value_invalid @ sun.security.pkcs11.wrapper.pkcs11.c_createobject(native method) @ sun.security.pkcs11.p11rsakeyfactory.generatepublic(p11rsakeyfactory.java:203) @ sun.security.pkcs11.p11rsakeyfactory.impltranslatepublickey(p11rsakeyfactory.java:56) ... 8 more any ideas wrong?
edit:
i tried rewrite differently using pkcs11 class instead jce same. code looks this:
ck_attribute[] rsa2 = new ck_attribute[2]; rsa2[0] = new ck_attribute(cka_label, "rsa2"); rsa2[1] = new ck_attribute(cka_class, cko_public_key); p11.c_findobjectsinit(hsession, rsa2); long[] rsa2objects = p11.c_findobjects(hsession, 1); p11.c_findobjectsfinal(hsession); ck_attribute[] rsa1 = new ck_attribute[2]; rsa1[0] = new ck_attribute(cka_label, "rsa1"); rsa1[1] = new ck_attribute(cka_class, cko_private_key); p11.c_findobjectsinit(hsession, rsa1); long[] rsa2objects = p11.c_findobjects(hsession, 1); p11.c_findobjectsfinal(hsession); ck_mechanism mech = new ck_mechanism(ckm_rsa_pkcs); byte[] wrapped = p11.c_wrapkey(hsession, mech, rsa1objects[0], rsa2objects[0]); now following exception:
exception in thread "main" sun.security.pkcs11.wrapper.pkcs11exception: ckr_key_not_wrappable @ sun.security.pkcs11.wrapper.pkcs11.c_wrapkey(native method) @ sun.security.pkcs11.wrapper.pkcs11$synchronizedpkcs11.c_wrapkey(pkcs11.java:1679) @ testwrap.wrapping(testwrap.java:265) @ testwrap.main(testwrap.java:290) i think maybe wrong implemented on side of pkcs#11 middleware manufacturer.
any ideas?
Comments
Post a Comment