Closed maliksajidhussain closed 1 year ago
@team Can any team member give any clue if any thing wrong in the sample
Hi @maliksajidhussain ,
The samples are built and tested with our releases, and after a quick look everything seems ok.
Unfortunately I'm not able to find any information about the iaik.tsp
package you are using. I'm not sure what that library is attempting to do with the key prior to signing. To address these particular problems, you could reach out to AWS Developer Support, or post on re:Post with the "AWS CloudHSM" tag. You will receive better support for your custom workflow using those methods.
I am Creating the RSA Keypair in AWS Cloud HSM with the following attribute
KeyAttributesMap publicKeyAttributesMap = new KeyAttributesMap(); KeyAttributesMap privateKeyAttributesMap = new KeyAttributesMap(); privateKeyAttributesMap.put(KeyAttribute.TOKEN, Boolean.TRUE); privateKeyAttributesMap.put(KeyAttribute.SIGN, Boolean.TRUE); publicKeyAttributesMap.put(KeyAttribute.TOKEN, Boolean.TRUE); publicKeyAttributesMap.put(KeyAttribute.VERIFY, Boolean.TRUE);
I can use this private key to create a self signed certificate. But When I am trying to create a CMS Signature I got the following exception
iaik.tsp.TspSigningException: Can't sign TimeStampToken: java.security.NoSuchAlgorithmException: Error computing signature value: iaik.cms.CMSException: Unable to calculate signature: java.security.SignatureException: Cannot calculate RSA siganture: com.amazonaws.cloudhsm.jce.jni.exception.KeyUsageException: An attempt has been made to use a key for a cryptographic purpose that the key's attributes are not set to allow it to do. at iaik.tsp.TimeStampToken.signTimeStampToken(SourceFile:967) at iaik.tsp.TimeStampToken.signTimeStampToken(SourceFile:859) at iaik.tsp.TimeStampToken.signTimeStampToken(SourceFile:1024)
I check the AWS documentation but there is not such attribute that defining private key purpose. No similar question found on AWS.
What causing to stop private key to sign CMS