Unable to wrap key using SunPKCS11 Provider

[Paulo Ricardo Ribeiro]

Hello I'm trying to wrap a 3DES key, that is stored in a HSM, using the SunPKCS11 provider: Cipher wrapper = Cipher.getInstance("DESede/CBC/NOPADDING", getProviderName()); wrapper.init(Cipher.WRAP_MODE, wrappingKey, new IvParameterSpec(iv)); cText = wrapper.wrap(wrappedKey); The problem is that I'm obtaining the following exception: java.security.InvalidAlgorithmParameterException: Unsupported mode: 3 at sun.security.pkcs11.P11Cipher.implInit(P11Cipher.java:316) at sun.security.pkcs11.P11Cipher.engineInit(P11Cipher.java:280) at javax.crypto.Cipher.init(DashoA13*..) at javax.crypto.Cipher.init(DashoA13*..)   After searching for the source code, I've found that the provider only supports the ENCRYPT_MODE and DECRYPT_MODE // actual init() implementation private void implInit(int opmode, Key key, byte[] iv, SecureRandom random) throws InvalidKeyException, InvalidAlgorithmParameterException { cancelOperation(); switch (opmode) { case Cipher.ENCRYPT_MODE: encrypt = true; break; case Cipher.DECRYPT_MODE: encrypt = false; break; default: throw new InvalidAlgorithmParameterException ("Unsupported mode: " + opmode); } (...) } The full source is available at http://javasourcecode.org/html/open-source/jdk/jdk-6u23/sun/security/pkcs11/P11Cipher.java.html So, I was wondering if is there a way to wrap a key, using the SunPKCS11 provider. -- Paulo Ricardo Ribeiro Departamento de Integração e Desenvolvimento MULTICERT - Serviços de Certificação Electrónica, S.A. www.multicert.com ––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––– Para obter direcções para as nossas instalações carregue aqui Porto: Av. Sidónio Pais, 379, Edifício B, Piso 1, Sala 5 – 4100–468 Porto – Portugal T: +351 223 391 810 | F: +351 223 391 811 –––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––––