On Fri, Dec 5, 2014 at 8:09 AM, Roland van Rijswijk - Deij < [email protected]> wrote:
> Hi Roko, > > roko wrote: > > I'm getting this error: > > Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: > CKR_DATA_LEN_RANGE > > > > Is this maybe a known limitation for softhsm2 ? there is some workaround > > ? Thx for your help. > > I've had a quick look at the code, and this seems to be a bug; > C_EncryptUpdate always checks if the input block adheres to the cipher's > required block size. It should only do this if the cipher is used in ECB > mode. I have created SOFTHSM-107 > (https://issues.opendnssec.org/browse/SOFTHSM-107) in our issue tracking > system for this bug, it will be addressed in the next version of SoftHSM > v2. > We currently only support ECB and CBC. They require full block when not padding. Could add support for CKM_DES_CBC_PAD, CKM_DES3_CBC_PAD, and CKM_AES_CBC_PAD. You are trying to use CKM_AES_CBC_PAD (AES/CBC/PKCS5Padding) which is currently not supported. The error indicate that the Java implementation is trying to use CKM_AES_CBC and not CKM_AES_CBC_PAD, which would have returned CKR_MECHANISM_INVALID. // Rickard
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
