I am having some issues selecting a key from the HSM and process encrypt/decrypt with it. Found an example on how to generate -> encrypt -> decrypt a key by Amazon which works perfectly fine:
Example by Amazon aws: https://github.com/aws-samples/aws-cloudhsm-pkcs11-examples/blob/master/src/encrypt/aes_gcm.c
but in my case I don't want to generate a key and do the whole process, I want so select one and then encrypt -> decrypt it.
Also found this guide here that explains how to search a key: https://support.p6r.com/p6r/docs/skc/2017.1/pkcs11_example3_ex_pkcs11_3_c.html
And also another example how to encrypt/decrypt a key but again the key is generated and not selected: https://support.p6r.com/p6r/docs/skc/2017.1/pkcs11_example7_ex_pkcs11_7_c.html
My goal is to:
- select the key from HSM
- manually set all needed parameters like IV, AAD, TAG, INPUT
- process the decrypt of the key
Like this but by code and key selected from HSM: https://gchq.github.io/CyberChef/#recipe=AES_Decrypt(%7B'option':'Hex','string':''%7D,%7B'option':'Hex','string':''%7D,'GCM','Hex','Raw',%7B'option':'Hex','string':''%7D,%7B'option':'Hex','string':''%7D)
any idea?