Hi, PKCS #11 gurus,
var sp = KeyPairGenerator.getInstance("EC",
p).generateKeyPair().getPrivate();
var k = KeyGenerator.getInstance("AES", p).generateKey();
var cipher = Cipher.getInstance("AES/KW/PKCS5Padding", p);
cipher.init(Cipher.WRAP_MODE, k);
var wrapped = cipher.wrap(sp);
cipher.init(Cipher.UNWRAP_MODE, k);
cipher.unwrap(wrapped, "EC", Cipher.PRIVATE_KEY);
Here, p is SunPKCS11-NSS using sensitive config, and the last unwrap method
reports an CKR_TEMPLATE_INCOMPLETE error. It runs fine with RSA.
Thanks,
Weijun
