Skip to Main Content

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

do sunpkcs11 supports CK_sensitive attribute for derived key using ECDH

f55c18ec-6c31-4482-a7c9-700319b6a7f3Aug 6 2018 — edited Aug 6 2018

I am trying to generate a shared secret through ECDH using SUNpkcs11 with certain attributes:

CKA_TOKEN= false
CKA_SENSITIVE
=true
CKA_EXTRACTABLE
=true"
CKA_ENCRYPT
=true
"

While my base key has CKA_DERIVE, SENSITIVE etc set to true but while doing so error comes template inconsistent:

Performing ECDH key agreement
java
.security.ProviderException: Could not derive key
  at sun
.security.pkcs11.P11ECDHKeyAgreement.engineGenerateSecret(P11ECDHKeyAgreement.java:144)
  at javax
.crypto.KeyAgreement.generateSecret(KeyAgreement.java:586)

Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE
  at sun
.security.pkcs11.wrapper.PKCS11.C_GetAttributeValue(Native Method)
  at sun
.security.pkcs11.P11ECDHKeyAgreement.engineGenerateSecret(P11ECDHKeyAgreement.java:139)

While the base ECC keys are pre-generated using an HSM.

Any help or clue is highly appreciated.

Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Sep 3 2018
Added on Aug 6 2018
0 comments
460 views