Not able to get CKA_VALUE with C_GetAttributeValue of a Secret Key

CardContact / sc-hsm-embedded

PKCS#11 and CSP-Minidriver library for the SmartCard-HSM and STARCOS based signature cards

BSD 3-Clause "New" or "Revised" License

98 stars 31 forks source link

Not able to get CKA_VALUE with C_GetAttributeValue of a Secret Key #37

Closed 7ritn closed 1 year ago

7ritn commented 1 year ago

Hi,

I'm trying to extract the value of an AES Key, which is set to be extractable, via C_GetAttributeValue. However, I get as a return CKR_ATTRIBUTE_TYPE_INVALID which should not be happen since acording to the PKCS#11 specifications concerning the AES secret key object, the CKA_VALUE attribute should contain the key value. Since I can use the key to encrypt data it has to have a value.

I tested my code with the SoftHSMv2 and there I'm able to extract the key value.

CardContact commented 1 year ago

The SmartCard-HSM does not support AES key extraction in plain.

For extract a key value, the key object must be part of a key domain and the key value may be wrapped under the Key Encryption Key. Use the Key Manager in the Smart Card Shell in order to do that.