I am making use of SoftHSM to generate isometric keys in Java. Currently, I need to wrap private keys using the wrapKey function provided in IAIK PKCS11 library (JAVA) and I'm having a problem with the key wrapping operation in cipher.getInstance(). The application throws CKR_MECHANISM_INVALID and all existing information on the net doesn't seem to give a suitable answer on how to fix this.
Currently, it seems that this is a problem to do with the mechanism of IAIK as it is currently making use of CKM_AES_CBC_PAD algorithm for key wrapping.
It is unclear how to switch between CKM_AES_CBC_PAD and the ones suggested in the github issue created for the problem on SoftHSM's github page see: https://github.com/opendnssec/SoftHSMv2/issues/229 and https://github.com/opendnssec/SoftHSMv2/issues/405.
Two things that are clear is that this is a known issue and the authors suggest to use CKM_AES_KEY_WRAP, CKM_AES_KEY_WRAP_PAD, CKM_RSA_PKCS, or CKM_RSA_PKCS_OAEP. however, I am unable to find samples using the suggested options and after hours of digging through the libraries, I think its easier to just ask here.
Initial Question: I would like to switch mechanism from CKM_AES_CBC_PAD to CKM_AES_KEY_WRAP during keywrap
Update: After further debugging, it seems the issue may be even more complex than switching between mechanism. Due to this, i would prefer to know instead:
New Question: What is the best way to implement key wrapping using the above listed technologies in JAVA
