I'm using pkcs11interop library with SoftHsm2
I have generated aes key:
var mechanism = session.Factories.MechanismFactory.Create(CKM.CKM_AES_KEY_GEN);
var generatedKey = session.GenerateKey(mechanism, AesKeyAtribute(hsmSession, label));
private List<IObjectAttribute> AesKeyAtribute(IHsmSession hsmSession, string label, bool storeOnToken)
{
List<IObjectAttribute> objectAttributes = new List<IObjectAttribute>();
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_CLASS, CKO.CKO_SECRET_KEY));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_VALUE_LEN, 32));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_KEY_TYPE, CKK.CKK_AES));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_TOKEN, true));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_ENCRYPT, true));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_DECRYPT, true));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_DERIVE, true));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_EXTRACTABLE, true));
objectAttributes.Add(session.Factories.ObjectAttributeFactory.Create(CKA.CKA_LABEL, label));
return objectAttributes;
}
After that I wrap this key (key used for wrapping is the same):
IObjectHandle generatedKey;
var mechanism = session.Factories.MechanismFactory.Create(CKM.CKM_AES_KEY_WRAP);
byte[] wrappedKey = session.WrapKey(mechanism, generatedKey, generatedKey)// result has 40 bytes
Then I try to decrypt the key to send it to another device.
My problem is fact that when I wrap key I have 40 bytes array length (don't know why 40 instead of 32). I don't know how to decrypt it progamatically or with hsm to get 32 bytes aes key. It is some specific format for wrapedKye? Is there any example how to decrypt wrapped Key?
I can get cka_value of key, but in my case it is not an accepted solution.
