I am trying to create an asymmetric RSA 2048 keypair in AWS cloudHSM using 5.8.0 JCE provider. Initially the key was generated and failing to get publicKey getEncoded bytes. After generating couple of key with different key alias failed to generate key. Here is the sample code I'm using
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA", Security.getProvider(CloudHsmProvider.PROVIDER_NAME));
final KeyAttributesMap publicKeyAttrsMap = new KeyAttributesMap();
publicKeyAttrsMap.put(KeyAttribute.LABEL, "test:public");
publicKeyAttrsMap.put(KeyAttribute.MODULUS_BITS, 2048);
publicKeyAttrsMap.put(KeyAttribute.PUBLIC_EXPONENT, new BigInteger("65537").toByteArray());
publicKeyAttrsMap.put(KeyAttribute.TOKEN, Boolean.TRUE);
publicKeyAttrsMap.put(KeyAttribute.VERIFY, Boolean.TRUE);
final KeyAttributesMap privateKeyAttrsMap = new KeyAttributesMap();
privateKeyAttrsMap.put(KeyAttribute.LABEL, "test:private");
privateKeyAttrsMap.put(KeyAttribute.TOKEN, Boolean.TRUE);
privateKeyAttrsMap.put(KeyAttribute.SIGN, Boolean.TRUE);
privateKeyAttrsMap.putAll(getSignaturePrivateKeyTemplate());
KeyPairAttributesMap keyPairSpec = new KeyPairAttributesMapBuilder().withPublic(publicKeyAttrsMap).withPrivate(privateKeyAttrsMap).build();
keyPairGen.initialize(keyPairSpec);
KeyPair keypair = keyPairGen.generateKeyPair();
and getting the following exception:
java.security.InvalidAlgorithmParameterException: Expected KeySpec to be instance of KeyPairAttributesMap or KeyAttributesMap. Please provide a valid KeySpec for this operation.
at com.amazonaws.cloudhsm.jce.provider.CloudHsmKeyPairGeneratorBase.initialize(CloudHsmKeyPairGeneratorBase.java:84) ~[cloudhsm-5.8.0.jar:?]
at com.amazonaws.cloudhsm.jce.provider.RsaKeyPairGenerator.initialize(RsaKeyPairGenerator.java:24) ~[cloudhsm-5.8.0.jar:?]
at java.security.KeyPairGenerator$Delegate.initialize(KeyPairGenerator.java:691) ~[?:?]
at java.security.KeyPairGenerator.initialize(KeyPairGenerator.java:436) ~[?:?]
