The new bouncy castle libraries attempt to use an "unwrap" method to extract the symmetric from the direct message. Some HSMs translate this as returning back a handle to the symmetric key which in turn can result in an incorrect key being used. This correction will override the implementation to attempt to do a straight forward decryption instead of abstracting the symmetric in the HSM (this is undesired behavior as it will result in the entire message content being decrypted on the HSM).
gm2552
commented
5 years ago
The new bouncy castle libraries attempt to use an "unwrap" method to extract the symmetric from the direct message. Some HSMs translate this as returning back a handle to the symmetric key which in turn can result in an incorrect key being used. This correction will override the implementation to attempt to do a straight forward decryption instead of abstracting the symmetric in the HSM (this is undesired behavior as it will result in the entire message content being decrypted on the HSM).