Hi,
I'm trying to issue RSA key pairs on AWS CloudHSM with a JAVA application using IAIK PKCS#11 Wrapper and JVM JCE Provider and I'm facing some difficulties. Indeed, for now, the only way to generate a keypair is providing minimal templates for both public and private key:
RSAPublicKey rsaPublicKeyTemplate = new RSAPublicKey();
RSAPrivateKey rsaPrivateKeyTemplate = new RSAPrivateKey();
// Modulus
rsaPublicKeyTemplate.getModulusBits().setLongValue(new Long(keyLength));
// Public exp
byte[] publicExponentBytes = {0x01, 0x00, 0x01};
rsaPublicKeyTemplate.getPublicExponent().setByteArrayValue(publicExponentBytes);
All other tries I made for customizing fail with the PKCS#11 error CKR_TEMPLATE_INCONSISTENT, for example when I try to make the generated key pair persistent:
rsaPublicKeyTemplate.getToken().setBooleanValue(Boolean.TRUE);
rsaPrivateKeyTemplate.getToken().setBooleanValue(Boolean.TRUE);
It seems that the HSM does not understand the templates I provide...
Has someone here even succeeded in using IAIK Provider or is AWS CloudHSM not compatible with this provider?
Then, are we forced to use AWS JCE Provider?
Thanks in advance for taking time to read my questions
Eric
Edited by: EricT on Jan 11, 2021 3:23 AM
Edited by: EricT on Jan 11, 2021 6:51 AM