Init() failed on wrapping RSA private key with AES key using SunPKCS11
843811Apr 8 2010 — edited Apr 13 2010I have issues in wrapping/unwrapping a RSA private key object from an HSM which supports key export. The RSA private key is wrapped/unwrapped off from the HSM using an AES key. But there are an exceptions thrown as mentioned below:
java.security.InvalidAlgorithmParameterException: Unsupported mode: 3
at sun.security.pkcs11.P11Cipher.implInit(P11Cipher.java:319)
at sun.security.pkcs11.P11Cipher.engineInit(P11Cipher.java:303)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at privateWrap.main(privateWrap.java:108)
exception attempting to unwrap key
java.security.InvalidAlgorithmParameterException: Unsupported mode: 4
at sun.security.pkcs11.P11Cipher.implInit(P11Cipher.java:319)
at sun.security.pkcs11.P11Cipher.engineInit(P11Cipher.java:303)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at privateWrap.main(privateWrap.java:133)
Exception deciphering the data
java.security.InvalidKeyException: No installed provider supports this key: (null)
at javax.crypto.Cipher.a(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at javax.crypto.Cipher.init(DashoA13*..)
at privateWrap.main(privateWrap.java:148)
-----------------------
original: 456E6372797074204D6521
encrypted: 0489E51BE5FC490AECEC60A35CF8D120E778A630F11C19C96A85947D277E121C17609F1005241FF31009702651A77D34F3A7A7E4B482A8D9DDFC785059698414F36E7DFD0766FEFF5B0072B07CC461A00F53548A0695A99AEB940222DE1FFEC8A537042FE8E12B1D75A67EBD18BD94B35ECA4782F46DB702735A873A3D727897
decrypted: null
-----------------------
*** decryption failed
-----------------------
I have attached the code below:
/*
* privateWrap.java
*
*/
import java.security.*;
import javax.crypto.*;
import javax.crypto.spec.IvParameterSpec;
public class privateWrap {
public static void main (String args[])
{
try
{
manager.Login("password"); //log in to the first slot
} catch (Exception e)
{ System.out.println("Exception during login");
}
KeyPairGenerator kpg = null;
KeyPair myPair = null;
KeyGenerator kg = null;
SecretKey aesKey = null;
try
{
//********************************************
//need to make an rsa keypair.
//********************************************
kpg = KeyPairGenerator.getInstance("RSA","SunPKCS11-Luna");
kpg.initialize(1024);
myPair = kpg.generateKeyPair();
//********************************************
//make the wrapping key. AES
//********************************************
kg = KeyGenerator.getInstance("AES","SunPKCS11-Luna");
kg.init(256);
aesKey = kg.generateKey();
}
catch (Exception e)
{
System.out.println("Exception generating keys");
e.printStackTrace();
}
//********************************************
//encrypt something
//********************************************
byte[] bytes = "Encrypt Me!".getBytes();
byte[] encrypted = null;
try
{
Cipher myCipher = Cipher.getInstance("RSA/NONE/PKCS1v1_5", "SunPKCS11-Luna");
myCipher.init(Cipher.ENCRYPT_MODE, myPair.getPublic());
encrypted = myCipher.doFinal(bytes);
}
catch (Exception e)
{
System.out.println("Exception ciphering the data");
e.printStackTrace();
}
//********************************************
//try to wrap the private key
//********************************************
byte[] wrappedKey = null;
try
{
Cipher myWrapper = Cipher.getInstance("AES/CBC/PKCS5Padding", "SunPKCS11-Luna");
// byte[] ivBytes = {0,1,2,3,4,5,6,7,8,9,0,1,2,3,4,5};
byte[] ivBytes = {(byte)65,(byte)66,(byte)67,(byte)68,(byte)69,
(byte)70,(byte)71,(byte)72,(byte)73,(byte)74,
(byte)75,(byte)76,(byte)77,(byte)78,(byte)79,(byte)80};
AlgorithmParameters mAlgParams = AlgorithmParameters.getInstance("IV", "SunPKCS11-Luna");
mAlgParams.init(new IvParameterSpec(ivBytes));
myWrapper.init(Cipher.WRAP_MODE, aesKey, mAlgParams);
wrappedKey = myWrapper.wrap(myPair.getPrivate());
}
catch (Exception e)
{System.out.println("Got expected exception trying to wrap private key which is not extractable");
e.printStackTrace();
}
//********************************************
//unwrap the private key
//********************************************
PrivateKey unwrappedKey = null;
try
{
Cipher myUnwrapper = Cipher.getInstance("AES/CBC/PKCS5Padding", "SunPKCS11-Luna");
byte[] ivBytes = {(byte)65,(byte)66,(byte)67,(byte)68,(byte)69,
(byte)70,(byte)71,(byte)72,(byte)73,(byte)74,
(byte)75,(byte)76,(byte)77,(byte)78,(byte)79,(byte)80};
AlgorithmParameters mAlgParams = AlgorithmParameters.getInstance("IV", "SunPKCS11-Luna");
mAlgParams.init(new IvParameterSpec(ivBytes));
myUnwrapper.init(Cipher.UNWRAP_MODE, aesKey, mAlgParams);
unwrappedKey = myUnwrapper.unwrap(wrappedKey, "RSA", Cipher.PRIVATE_KEY );
}
catch (Exception e)
{System.out.println("exception attempting to unwrap key");
e.printStackTrace();
}
//********************************************
//decrypt the encrypted value
//********************************************
byte[] decrypted = null;
try
{
Cipher myCipher = Cipher.getInstance("RSA/NONE/PKCS1v1_5");
myCipher.init(Cipher.DECRYPT_MODE, unwrappedKey);
decrypted = myCipher.doFinal(encrypted);
}
catch (Exception e)
{
System.out.println("Exception deciphering the data");
e.printStackTrace();
}
System.out.println("\n\n-----------------------");
System.out.println("original: " + byteArrayToHexString(bytes));
System.out.println("encrypted: " + byteArrayToHexString(encrypted));
System.out.println("decrypted: " + byteArrayToHexString(decrypted));
System.out.println("\n\n-----------------------");
if(java.util.Arrays.equals(bytes,decrypted))
{
System.out.println("Decryption was successful");
}
else
System.out.println("*** decryption failed");
System.out.println("-----------------------\n\n");
}
static String byteArrayToHexString(byte in[]) {
byte ch = 0x00;
int i = 0;
if (in == null || in.length <= 0)
return null;
String pseudo[] = {"0", "1", "2",
"3", "4", "5", "6", "7", "8",
"9", "A", "B", "C", "D", "E",
"F"};
StringBuffer out = new StringBuffer(in.length * 2);
while (i < in.length) {
ch = (byte) (in[i] & 0xF0); // Strip off high nibble
ch = (byte) (ch >>> 4);
// shift the bits down
ch = (byte) (ch & 0x0F);
// must do this is high order bit is on!
out.append(pseudo[ (int) ch]); // convert the nibble to a String Character
ch = (byte) (in[i] & 0x0F); // Strip off low nibble
out.append(pseudo[ (int) ch]); // convert the nibble to a String Character
i++;
}
String rslt = new String(out);
return rslt;
}
}
Can anyone guide on this.
Regards,
Ankit