Payment cryptography: Cannot decode TR34 keyblock



Recently I start to evaluate the payment cryptography API. So far by using the cli command I can:

  • Create the top KEK
  • Using get-parameters-for-export command to get the export token
  • Import my testing KRD CA cert
  • Export the KEK in TR34 format by using my KRD's host public cert (signed by my KRD's CA)

However, when I try to use my KRD's private cert to decrypt the CMS's Ephemeral symmetric key I failed. Without that I cannot further decode the Keyblock and hence the KEK. I've tried to using openssl command or using JAVA's crypto library and it's always failed. The command is look like this:

*#openssl pkeyutl -in aws_kdh_ephemeral_key.bin -inkey certs/server.key -pkeyopt rsa_padding_mode:oaep -decrypt Public Key operation error 140139261809088:error:04099079:rsa routines:RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error:../crypto/rsa/rsa_oaep.c:245: * (The above aws_kdh_ephemeral_key.bin is extracted from the CMS OCTECT STRING inside the OID 1.2.840.113549.1.7.3 envelopedData)

Any comments are welcome

BR, Tim

gefragt vor 8 Monaten291 Aufrufe
1 Antwort

Hello, To answer your question, we require details that are non-public information. Please open a support case with AWS using the following link

beantwortet vor 8 Monaten

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen