I am trying to generate a shared secret through ECDH using SUNpkcs11 with certain attributes:
CKA_TOKEN= false
CKA_SENSITIVE=true
CKA_EXTRACTABLE=true"
CKA_ENCRYPT=true
"
While my base key has CKA_DERIVE, SENSITIVE etc set to true but while doing so error comes template inconsistent:
Performing ECDH key agreement
java.security.ProviderException: Could not derive key
at sun.security.pkcs11.P11ECDHKeyAgreement.engineGenerateSecret(P11ECDHKeyAgreement.java:144)
at javax.crypto.KeyAgreement.generateSecret(KeyAgreement.java:586)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE
at sun.security.pkcs11.wrapper.PKCS11.C_GetAttributeValue(Native Method)
at sun.security.pkcs11.P11ECDHKeyAgreement.engineGenerateSecret(P11ECDHKeyAgreement.java:139)
While the base ECC keys are pre-generated using an HSM.
Any help or clue is highly appreciated.