I am trying to generate an RSA-2048 key with my HSM, using PKCS11 standard, It seems to be ok for the private key, but when I try to wrap my public key I get this error : iaik.pkcs.pkcs11.wrapper.PKCS11Exception: CKR_KEY_HANDLE_INVALID
Here is the generation function:
public long [] Generate_RSA_key() {
long [] key = null;
try {
CK_MECHANISM mec = new CK_MECHANISM();
mec.mechanism = PKCS11Constants.CKM_RSA_PKCS_KEY_PAIR_GEN;
RSAPublicKey pub_template = new RSAPublicKey();
RSAPrivateKey prv_template = new RSAPrivateKey();
RSA_template(pub_template, prv_template);
CK_ATTRIBUTE[] attr_pub = iaik.pkcs.pkcs11.objects.Object.getSetAttributes(pub_template);
CK_ATTRIBUTE[] attr_prv = iaik.pkcs.pkcs11.objects.Object.getSetAttributes(prv_template);
key = cryptoki.C_GenerateKeyPair(ckiSession, mec, attr_pub, attr_prv, true);
}catch(Exception e) {
e.printStackTrace();
}
return key;
}
private void RSA_template(RSAPublicKey pub_template, RSAPrivateKey prv_template) {
pub_template.getEncrypt() .setBooleanValue(TRUE);
pub_template.getVerify() .setBooleanValue(TRUE);
pub_template.getWrap() .setBooleanValue(TRUE);
pub_template.getModulusBits() .setLongValue(2048L);
prv_template.getDecrypt() .setBooleanValue(TRUE);
prv_template.getSign() .setBooleanValue(TRUE);
prv_template.getExtractable() .setBooleanValue(TRUE);
prv_template.getModulusBits() .setLongValue(2048L);
}
Thank you for your help.