java - How to derive a key with JCA/JCE and with an HSM -
i have master key in hsm , want derive given diversifier. quite new jca/jce, , bit lost keygenerator, secretkeyfactory, ... since parameters strings. want utilize aes or hmacsha1. seems need utilize secretkeyfactory, , provide keyspecs. type of keyspecs?
(i have seen post on topic, didn't seem hsm used.)
thanks.
you can derive key using:
password-based derivation (pkcs#5) described in deriving secret master key using jce/jca or emulatec_derive pkcs#11 using encryption described in pkcs11 derivekey() , encrypt() returning different results 3des to utilize hsm jca/jce apis, need add together corresponding provider jca/jce apis , specify the provider parameter request specific provider implementation.
for example:
int slot = 0; provider provider = new au.com.safenet.crypto.provider.safenetprovider(slot); security.addprovider(provider); final string provider = provider.getname(); // "safenet", "safenet.1", ... keygenerator keygen = keygenerator.getinstance("desede", provider); key basekey = keygen.generatekey(); cipher descipher = cipher.getinstance("desede/cbc/pkcs5padding", provider); descipher.init(cipher.encrypt_mode, basekey); byte[] derived = descipher.dofinal("diversification data".getbytes()); note if need key derivation often, might consider utilize provider's pcks#11 wrapper java (e.g. jcprov safenet) or other apis can more explicit session management , more efficient resource usage.
java jce hsm
No comments:
Post a Comment