jacknji11 icon indicating copy to clipboard operation
jacknji11 copied to clipboard

Published 20 hours ago verified publisher icon joelhockey

can't export aeskey

Open paulmgtech opened this issue 4 years ago • 1 comments

Hi @primetomas ,

I could generate aes key. But can't export/extract it as Key from HSM. Can you help me to export aes key?

long aeskey = CE.GenerateKey(session, new CKM(CKM.AES_KEY_GEN), new CKA(CKA.VALUE_LEN, 32), new CKA(CKA.LABEL, "labelencaes"), new CKA(CKA.ID, "labelencaes"), new CKA(CKA.TOKEN, false), new CKA(CKA.SENSITIVE, false), new CKA(CKA.ENCRYPT, true), new CKA(CKA.DECRYPT, true), new CKA(CKA.DERIVE, true));

Regards Paul V

paulmgtech avatar Nov 06 '20 10:11 paulmgtech

If you managed to create the key with CKA.SENSITIVE=false, you should be able to get the key in the plaintext form by calling CE.GetAttributeValue to get the CKA.VALUE attribute.

If that fails you might try setting the key as extractable (CKA.EXTRACTABLE) and create another wrapping key to wrap and then decrypt the wrapped original key.

pentiak avatar Sep 21 '22 10:09 pentiak