-
Bug
-
Resolution: Duplicate
-
P4
-
None
-
8
-
generic
-
generic
A DESCRIPTION OF THE PROBLEM :
It seems there is an incompatibility in JCE regarding the PKCS11 standard.
For key generation only AES, RSA,EC,... is allowed. But for HMAC a key of type "CKK_SHA_1_HMAC " or "CKK_SHA_256_HMAC", ... is required.
I tested it with both Utimaco HSM and SoftHSM.
A key with "CKK_GENERIC_SECRET" would be possible to use with HMAC.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Provider provider = Security.getProvider("SunPKCS11");
provider = pkcs11Provider.configure("--name=Utimaco\nlibrary=C:/Utimaco/CryptoServer/Lib/cs_pkcs11_R2.dll");
Security.addProvider(provider);
byte [] data = "Hallo Welt!".getBytes();
Mac hmacSun = Mac.getInstance(HmacSHA256, provider);
hmacSun.init(aesKey);
byte [] hmac1Sun = hmacSun.doFinal(data);
hmacSun.init(aesKey);
hmacSun.update(data);
byte [] hmac = hmacSun.doFinal();
ACTUAL -
Mechanism CKM_SHA256_HMAC doesn’t fit key type
FREQUENCY : always
It seems there is an incompatibility in JCE regarding the PKCS11 standard.
For key generation only AES, RSA,EC,... is allowed. But for HMAC a key of type "CKK_SHA_1_HMAC " or "CKK_SHA_256_HMAC", ... is required.
I tested it with both Utimaco HSM and SoftHSM.
A key with "CKK_GENERIC_SECRET" would be possible to use with HMAC.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Provider provider = Security.getProvider("SunPKCS11");
provider = pkcs11Provider.configure("--name=Utimaco\nlibrary=C:/Utimaco/CryptoServer/Lib/cs_pkcs11_R2.dll");
Security.addProvider(provider);
byte [] data = "Hallo Welt!".getBytes();
Mac hmacSun = Mac.getInstance(HmacSHA256, provider);
hmacSun.init(aesKey);
byte [] hmac1Sun = hmacSun.doFinal(data);
hmacSun.init(aesKey);
hmacSun.update(data);
byte [] hmac = hmacSun.doFinal();
ACTUAL -
Mechanism CKM_SHA256_HMAC doesn’t fit key type
FREQUENCY : always
- duplicates
-
JDK-8255407 Support key generation for HMAC mechanisms
-
- Closed
-