CKM_RSA_AES_KEY_WRAP is not implemented/supported

[xnop]

It will be nice and helpful to support the following mechanism CKM_RSA_AES_KEY_WRAP, which allows to wrap/unwrap asymmetric key of any length.

More on
http://docs.oasis-open.org/pkcs11/pkcs11-curr/v2.40/cos01/pkcs11-curr-v2.40-cos01.html#_Toc370634387

Thanks,
Daniel

[rijswijk]

Unfortunately, we currently don't have the development resources to implement feature requests, but would welcome a pull request. You can achieve the same goal with the current code base by:

• Importing an RSA public key for exporting
• Generating a session AES key
• Wrapping the session AES key with the RSA public key and exporting
• Wrapping the private key to export with the AES key with CKM_AES_KEY_WRAP or CKM_AES_KEY_WRAP_PAD
• Unwrapping the wrapped AES key in the target PKCS add AES/DES higher level support #11
• Unwrapping the RSA private key with the import AES key

A lot more cumbersome, but standards-compliant.

I will tag this as a feature request for future version for now and put it on hold.

[xnop]

Thanks for you answer. In fact, I was coding as you described and when I came across the CKM_AES_KEY_WRAP_PAD, I found CKM_RSA_AES_KEY_WRAP and check Softhsm2. At work, the solution is based on nCipher HSM but due to COVID-19, I'm working from home with your great software. Thanks for doinf great job with Softhsm2.

[rijswijk]

Glad to hear SoftHSM is a little bit helpful in these strange times, good luck working from home and stay safe & healthy!