-
Bug
-
Resolution: Fixed
-
P3
-
8u162, 11, 13
-
b12
-
x86_64
-
windows_10
-
Not verified
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8228846 | 11.0.6-oracle | Valerie Peng | P3 | Resolved | Fixed | b01 |
| JDK-8234278 | 11.0.6 | Valerie Peng | P3 | Resolved | Fixed | b04 |
ADDITIONAL SYSTEM INFORMATION :
Windows 10 64 bits.
jdk1.8.0_162.
A DESCRIPTION OF THE PROBLEM :
We are working with a Luna HSM from SafeNet/Gemalto and we need do an unwrap of an AES key that was wrapped by a RSA public key. For this purpose we were intend to use the SunPKCS11 provider.
Looking at the documentation of SunPKCS11 we see that the algorithm CKK_AES is supported and, in fact, we succeded to use it to generate secrets key and store then in HSM. However, when trying to use it with the unwrap method of javax.crypto.Cipher the parameter wrappedKeyAlgorithm it seems to be ignored and the key is generated with CKA_KEY_TYPE as CKK_GENERIC_SECRET in HSM.
The logs generated by the hsm's pkcs11 library shows:
18:04:14 13008-2744:STRTUnwrapKey {Sesn=1 Mech=(CKM_RSA_PKCS,"") Obj=63 "2604ab458734727ee6f..." AttrList={CKA_CLASS="04000000" CKA_KEY_TYPE="10000000" } }
The code is pretty simple:
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", provider);
cipher.init(Cipher.UNWRAP_MODE, privateKey);
Key keyUnwrapped = cipher.unwrap(wrappedContent, "AES", Cipher.SECRET_KEY);
Is this the expected behavior when using the unwrap method with SunPKCS11 provider?
FREQUENCY : always
Windows 10 64 bits.
jdk1.8.0_162.
A DESCRIPTION OF THE PROBLEM :
We are working with a Luna HSM from SafeNet/Gemalto and we need do an unwrap of an AES key that was wrapped by a RSA public key. For this purpose we were intend to use the SunPKCS11 provider.
Looking at the documentation of SunPKCS11 we see that the algorithm CKK_AES is supported and, in fact, we succeded to use it to generate secrets key and store then in HSM. However, when trying to use it with the unwrap method of javax.crypto.Cipher the parameter wrappedKeyAlgorithm it seems to be ignored and the key is generated with CKA_KEY_TYPE as CKK_GENERIC_SECRET in HSM.
The logs generated by the hsm's pkcs11 library shows:
18:04:14 13008-2744:STRTUnwrapKey {Sesn=1 Mech=(CKM_RSA_PKCS,"") Obj=63 "2604ab458734727ee6f..." AttrList={CKA_CLASS="04000000" CKA_KEY_TYPE="10000000" } }
The code is pretty simple:
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", provider);
cipher.init(Cipher.UNWRAP_MODE, privateKey);
Key keyUnwrapped = cipher.unwrap(wrappedContent, "AES", Cipher.SECRET_KEY);
Is this the expected behavior when using the unwrap method with SunPKCS11 provider?
FREQUENCY : always
- backported by
-
JDK-8228846 Cipher with UNWRAP_MODE should support the generation of an AES key type
-
- Resolved
-
-
-
- Resolved
-
- duplicates
-
-
- Closed
-