[Opendnssec-user] Possible bug in unwrapped key bytes

Jana Nguyen jana.nguyen at gmail.com
Thu Sep 6 23:30:17 CEST 2018


I am trying to retrieve the key bytes of a wrapped key. We are using IAIK
with SoftHSM 2.4.0.

When I unwrap the key, the key object returned but when we get the key
bytes, I get null.

Key template has been initialized with “sensitive=false” and below code
works find with the Thales HSM appliance, but not with SoftHSM.

    long CKM_AES_KEY_WRAP = 0x00002109L;
         Mechanism wrappingMechanism = new Mechanism(CKM_AES_KEY_WRAP);
        InitializationVectorParameters ivParam = new
InitializationVectorParameters(iv);
        wrappingMechanism.setParameters(ivParam);
        AESSecretKey key = session.unwrapKey(wrappingMechanism,
keyEncryptionKey, wrappedKey, keyTemplate);
    byte[] plaintextkey = key.getValue().getByteArrayValue();

Error I'm getting:
 (plaintextkey is null)

Any ideas or workaround to get this to work?  Any input is much appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20180906/44f06e9d/attachment.html>


More information about the Opendnssec-user mailing list