Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8213008

Cipher with UNWRAP_MODE should support the generation of an AES key type

    Details

    • Subcomponent:
    • Resolved In Build:
      b12
    • CPU:
      x86_64
    • OS:
      windows_10
    • Verification:
      Not verified

      Description

      ADDITIONAL SYSTEM INFORMATION :
      Windows 10 64 bits.
      jdk1.8.0_162.

      A DESCRIPTION OF THE PROBLEM :
      We are working with a Luna HSM from SafeNet/Gemalto and we need do an unwrap of an AES key that was wrapped by a RSA public key. For this purpose we were intend to use the SunPKCS11 provider.

      Looking at the documentation of SunPKCS11 we see that the algorithm CKK_AES is supported and, in fact, we succeded to use it to generate secrets key and store then in HSM. However, when trying to use it with the unwrap method of javax.crypto.Cipher the parameter wrappedKeyAlgorithm it seems to be ignored and the key is generated with CKA_KEY_TYPE as CKK_GENERIC_SECRET in HSM.

      The logs generated by the hsm's pkcs11 library shows:
      18:04:14 13008-2744:STRTUnwrapKey {Sesn=1 Mech=(CKM_RSA_PKCS,"") Obj=63 "2604ab458734727ee6f..." AttrList={CKA_CLASS="04000000" CKA_KEY_TYPE="10000000" } }

      The code is pretty simple:
      Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", provider);
      cipher.init(Cipher.UNWRAP_MODE, privateKey);
      Key keyUnwrapped = cipher.unwrap(wrappedContent, "AES", Cipher.SECRET_KEY);

      Is this the expected behavior when using the unwrap method with SunPKCS11 provider?



      FREQUENCY : always


        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                valeriep Valerie Peng
                Reporter:
                webbuggrp Webbug Group
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: