Forum Stats

  • 3,826,341 Users
  • 2,260,630 Discussions
  • 7,896,908 Comments

Discussions

do sunpkcs11 supports CK_sensitive attribute for derived key using ECDH

f55c18ec-6c31-4482-a7c9-700319b6a7f3
edited Aug 6, 2018 6:27PM in Cryptography

I am trying to generate a shared secret through ECDH using SUNpkcs11 with certain attributes:

<span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">CKA_TOKEN</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">=</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;"> </span><span class="kwd" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #101094;">false</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;"><br/>CKA_SENSITIVE</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">=</span><span class="kwd" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #101094;">true</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;"><br/>CKA_EXTRACTABLE</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">=</span><span class="kwd" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #101094;">true</span><span class="str" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #7d2727;">"</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;"><br/>CKA_ENCRYPT</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">=</span><span class="kwd" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #101094;">true</span><span class="str" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #7d2727;">"</span>

While my base key has CKA_DERIVE, SENSITIVE etc set to true but while doing so error comes template inconsistent:

<span class="typ" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #2b91af;">Performing</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;"> ECDH key agreement<br/>java</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">security</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="typ" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #2b91af;">ProviderException</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">:</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;"> </span><span class="typ" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #2b91af;">Could</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;"> not derive key<br/>  at sun</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">security</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">pkcs11</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">P11ECDHKeyAgreement</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">engineGenerateSecret</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">(</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">P11ECDHKeyAgreement</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">java</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">:</span><span class="lit" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #7d2727;">144</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">)</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;"><br/>  at javax</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">crypto</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="typ" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #2b91af;">KeyAgreement</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">generateSecret</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">(</span><span class="typ" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #2b91af;">KeyAgreement</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">java</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">:</span><span class="lit" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #7d2727;">586</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">)</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;"><br/><br/></span><span class="typ" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #2b91af;">Caused</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;"> by</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">:</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;"> sun</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">security</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">pkcs11</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">wrapper</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">PKCS11Exception</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">:</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;"> CKR_ATTRIBUTE_SENSITIVE<br/>  at sun</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">security</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">pkcs11</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">wrapper</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">PKCS11</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">C_GetAttributeValue</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">(</span><span class="typ" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #2b91af;">Native</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;"> </span><span class="typ" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #2b91af;">Method</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">)</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;"><br/>  at sun</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">security</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">pkcs11</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">P11ECDHKeyAgreement</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">engineGenerateSecret</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">(</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">P11ECDHKeyAgreement</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">.</span><span class="pln" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">java</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">:</span><span class="lit" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #7d2727;">139</span><span class="pun" style="font-style: inherit; font-weight: inherit; font-family: inherit; color: #303336;">)</span>

While the base ECC keys are pre-generated using an HSM.

Any help or clue is highly appreciated.

This discussion has been closed.