Re: [Cryptography-dev] AES Key Type Issue

Sun, 19 Jan 2025 09:55:54 -0800 

The key handle you get from PKCS11 is not compatible with the symmetric
cipher interfaces of cryptography. For asymmetric keys it's possible to
create classes using our key interfaces that will allow use of opaque
types, but the symmetric API is not capable of this at this time.

-Paul

On Sun, Jan 19, 2025 at 9:52 AM Sriram R via Cryptography-dev <
cryptography-dev@python.org> wrote:

> Hello,
>
> I'm testing a softHSM2 setup with the following code on rhel 9.4 system
> running in FIPS mode:
>
> import pkcs11
> from cryptography.hazmat.primitives import serialization
> from cryptography.hazmat.primitives.ciphers import Cipher, algorithms, modes
>
> lib = pkcs11.lib("/usr/local/lib/softhsm/libsofthsm2.so")
> token = lib.get_token(token_label='MyToken')
>
>
> with token.open(rw=True, user_pin="your_pin") as session:
>     key = session.generate_key(pkcs11.KeyType.AES, 256, 
> label="MySymmetricKey", template={Attribute.SENSITIVE: False, 
> Attribute.EXTRACTABLE: True,}, store=True)
>
>     data = b"Hello, world!"
>     iv = os.urandom(16)
>     cipher = Cipher(algorithms.AES(key), modes.CBC(iv))
>     encryptor = cipher.encryptor()
>     ciphertext = encryptor.update(data) + encryptor.finalize()
>
>     decryptor = cipher.decryptor()
>     plaintext = decryptor.update(ciphertext) + decryptor.finalize()
>
>     print("Plaintext:", plaintext)
>
> When I run the above code, I get the following key type error:
>
> TypeError: memoryview: a bytes-like object is required, not 'SecretKey'
>
> While I understand that the AES Cipher() method doesn't like the key
> format, I don't know how to convert the key from session.generate_key()
> method to a format that's acceptable.
>
> I also tried using the key[Attribute.VALUE] but no luck!
>
> Thanks in advance!
>
> Best,
> PE
> _______________________________________________
> Cryptography-dev mailing list
> Cryptography-dev@python.org
> https://mail.python.org/mailman/listinfo/cryptography-dev
>

_______________________________________________
Cryptography-dev mailing list
Cryptography-dev@python.org
https://mail.python.org/mailman/listinfo/cryptography-dev

Reply via email to