I am trying to generate a shared secret through ECDH using SUNpkcs11 with certain attributes:
CKA_TOKEN= false
CKA_SENSITIVE=true
CKA_EXTRACTABLE=true"
CKA_ENCRYPT=true"
While my base key has CKA_DERIVE, SENSITIVE etc set to true but while doing so error comes template inconsistent:
Performing ECDH key agreement
java.security.ProviderException: Could not derive key
at sun.security.pkcs11.P11ECDHKeyAgreement.engineGenerateSecret(P11ECDHKeyAgreement.java:144)
at javax.crypto.KeyAgreement.generateSecret(KeyAgreement.java:586)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE
at sun.security.pkcs11.wrapper.PKCS11.C_GetAttributeValue(Native Method)
at sun.security.pkcs11.P11ECDHKeyAgreement.engineGenerateSecret(P11ECDHKeyAgreement.java:139)
While the ECC keys are pre-generated using an HSM.
The SunPKCS11
P11ECDHKeyAgreementclass always wants to return the bytes of the derived shared secret as the result of the generateSecret() method. In order to do this the derived secret must be marked as non-sensitive and extractable, otherwise the HSM will refuse to reveal the raw bytes. This is what theCKR_ATTRIBUTE_SENSITIVEerror message means - Java tried to access the raw bytes of the derived key, but it is marked as sensitive.The Java
KeyAgreementclass does support a version of generateSecret() that will return aKeyobject, but you have to pass the algorithm string"TlsPremasterSecret"(anything else will be rejected by the P11ECDHKeyAgreement class). This will generally stop the key being useful because it will be rejected for having the wrong algorithm when you try to use it. (Not to mention that this key is the raw shared secret, which should really be passed through a KDF/hash before being used as a cryptographic key).So really your only option is to mark derived keys as non-sensitive and extractable by adding lines like the following to your PKCS#11 configuration file: