Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

do sunpkcs11 supports CK_sensitive attribute for derived key using ECDH

f55c18ec-6c31-4482-a7c9-700319b6a7f3Aug 6 2018 — edited Aug 6 2018

I am trying to generate a shared secret through ECDH using SUNpkcs11 with certain attributes:

CKA_TOKEN= false CKA_SENSITIVE=true CKA_EXTRACTABLE=true" CKA_ENCRYPT=true"

While my base key has CKA_DERIVE, SENSITIVE etc set to true but while doing so error comes template inconsistent:

Performing ECDH key agreement java.security.ProviderException: Could not derive key at sun.security.pkcs11.P11ECDHKeyAgreement.engineGenerateSecret(P11ECDHKeyAgreement.java:144) at javax.crypto.KeyAgreement.generateSecret(KeyAgreement.java:586) Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE at sun.security.pkcs11.wrapper.PKCS11.C_GetAttributeValue(Native Method) at sun.security.pkcs11.P11ECDHKeyAgreement.engineGenerateSecret(P11ECDHKeyAgreement.java:139)

While the base ECC keys are pre-generated using an HSM.

Any help or clue is highly appreciated.

Locked Post

New comments cannot be posted to this locked post.

Locked on Sep 3 2018

Added on Aug 6 2018

#cryptography

0 comments

626 views