Support PKCS#11 with SecretKey for AES
Issue #412
new
Hi Team,
We use HSM to store secret keys and private keys. We use Nimbus library to perform JWE operations.
We cannot get the actual key out of HSM, instead we get only handle (pointer to the key in HSM).
But in this library, we could see the length of secret key is calculated.
For example, to use AESEncrypter.
JWEEncrypter encrypter = new AESEncrypter(key);
All the AESEncrypter class constructors calculate the secret key length to perform encryption. As we are fetching actual key out of HSM, we get keylength exception.
May I know are there any settings to be done to perform JWE operations without checking key length.
Comments (3)
-
-
- changed title to Support PKCS#11 with SecretKey for AES
Clarifies objective
-
- marked as major
Blocker - major (affects particular user only, not part of the library API)
- Log in to comment
Secret keys with the PKCS
#11interface are not supported at present. At Connect2id we only need PKCS#11for private key operations (signing).Would you be interested in further investigating how this can be implemented and submitting a proposal or a PR?