3

I am using pkcs11interop to generate keys, and do wrap/unwrap. This is what I am using for my work https://github.com/Pkcs11Interop/Pkcs11Interop/blob/master/src/Pkcs11Interop/Pkcs11InteropTests/HighLevelAPI/_24_WrapAndUnwrapKeyTest.cs

I can generate ECDSA p-256. But the problem is that I want to wrap/unwrap ECDSA keys and I do not know which mechanism value (CKM_???) should be used. The sample above is using CKM_RSA_PKCS, and it is for RSA only. IMechanism mechanism = Settings.Factories.MechanismFactory.CreateMechanism(CKM.CKM_RSA_PKCS);

I also tried with several CKM for wrap/upwrap here http://wiki.ncryptoki.com/GetFile.aspx?File=%2fdocs%2fpkcs-11v2-20.pdf but it still fails.

if you have any information about this, please help share with me. Thanks a lot!

jariq
  • 11,681
  • 3
  • 33
  • 52
Thanh Nguyen
  • 41
  • 3
  • You probably did but ask doesnt hurt, have you tried CKM_ECDSA? – Lango Jan 25 '19 at 14:25
  • The encoding of EC keys can be pretty large, even though the key size is small. So to wrap them you may need more space than delivered by PKCS#1 v1.5 keys. You can solve this by choosing a larger RSA key, but I guess the best way is to create a session AES key, use that to wrap the EC key, and then wrap the AES key using a static RSA key - assuming that you require an asymmetric wrapping key of course. – Maarten Bodewes Jan 26 '19 at 15:42
  • Thanks Lango and Maarten, I am totally new about this. let me try. Thanks a lot. – Thanh Nguyen Jan 28 '19 at 06:56

0 Answers0