If I had to make a wild guess, I’d guess that the wrapped key doesn’t include
the curve info. If the length of the wrapped data is only 40 bytes, then all
you have is the x from the private key. I’m wondering if the algorithm has to
include the curve info.
Something like “EC/secp256r1”?
If it’s longer than 40 bytes (or 8 plus the length of the private key data for
a given curve) then something besides the bare private key has been wrapped.
For some unknown reason, the format of the key material being wrapped was not
specified by PKCS11.
Mike
Sent from my iPad
> On Dec 18, 2024, at 19:23, Wei-Jun Wang <weijun.w...@oracle.com> wrote:
>
> Hi, PKCS #11 gurus,
>
> var sp = KeyPairGenerator.getInstance("EC",
> p).generateKeyPair().getPrivate();
> var k = KeyGenerator.getInstance("AES", p).generateKey();
>
> var cipher = Cipher.getInstance("AES/KW/PKCS5Padding", p);
> cipher.init(Cipher.WRAP_MODE, k);
> var wrapped = cipher.wrap(sp);
> cipher.init(Cipher.UNWRAP_MODE, k);
> cipher.unwrap(wrapped, "EC", Cipher.PRIVATE_KEY);
>
> Here, p is SunPKCS11-NSS using sensitive config, and the last unwrap method
> reports an CKR_TEMPLATE_INCOMPLETE error. It runs fine with RSA.
>
> Thanks,
> Weijun
>
>
