0 Replies Latest reply on Aug 6, 2018 10:25 PM by f55c18ec-6c31-4482-a7c9-700319b6a7f3

    do sunpkcs11 supports CK_sensitive attribute for derived key using ECDH

    f55c18ec-6c31-4482-a7c9-700319b6a7f3

      I am trying to generate a shared secret through ECDH using SUNpkcs11 with certain attributes:

      CKA_TOKEN= false
      CKA_SENSITIVE
      =true
      CKA_EXTRACTABLE
      =true"
      CKA_ENCRYPT
      =true
      "

       

      While my base key has CKA_DERIVE, SENSITIVE etc set to true but while doing so error comes template inconsistent:

      Performing ECDH key agreement
      java
      .security.ProviderException: Could not derive key
        at sun
      .security.pkcs11.P11ECDHKeyAgreement.engineGenerateSecret(P11ECDHKeyAgreement.java:144)
        at javax
      .crypto.KeyAgreement.generateSecret(KeyAgreement.java:586)

      Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE
        at sun
      .security.pkcs11.wrapper.PKCS11.C_GetAttributeValue(Native Method)
        at sun
      .security.pkcs11.P11ECDHKeyAgreement.engineGenerateSecret(P11ECDHKeyAgreement.java:139)

       

      While the base ECC keys are pre-generated using an HSM.

      Any help or clue is highly appreciated.