wrap and unwrap key

3/8/2011 11:58:09 AM
Gravatar
Total Posts 22

wrap and unwrap key

Hello, is it possible to unwrap key outside the hsm. So i wrap the key and then send it to some location and then i unwrap it there using the key i used to wrap it? 

Basically what my coal is is to generate a keypair and then move it to other location outside the HSM. Looks like wrapping and unwrapping is the only way to do it but i cant figure out how can i unwrap the key otside the hsm to use it in other location.

Thanks.
 

3/8/2011 12:28:48 PM
Gravatar
Total Posts 300
Ugo Chirico http://www.ugochirico.com

Re: wrap and unwrap key

Your question is a bit hard to answer.

Generally a wrapped key can be unwrapped outside the HSM. You should use the same cryptographic algorithm you used to wrap.

You should load in the HSM a wrapping key (for example a 3DES key) by using CreateObject. Then you can generate a key pair specifying in the tamplate CKA_EXTRACTABLE = TRUE. This flag allows to make the key pair wrappable (if the HSM allows wrapping on the private keys). Than, you can extract the key pair by calling WrapKey specifying as the wrapping key the 3DES key above. Finally, on the other side, without the HSM, you must write a piece of code that implements the wrapping cryptographic algorithm and call your code by using the wrapping key to unwrap the wrapped key.

Note about WrapKey function (as stated in the PKCS#11 specification):

C_WrapKey can be used in the following situations:
• To wrap any secret key with a public key that supports encryption and decryption.
• To wrap any secret key with any other secret key. Consideration must be given to key
size and mechanism strength or the token may not allow the operation.
• To wrap a private key with any secret key.

 

Regards,

Ugo Chirico

3/8/2011 12:36:47 PM
Gravatar
Total Posts 22

Re: wrap and unwrap key

Thanks for the promt answere. Thats exaclty what i wanted to know. First i found this blog: http://nsayer.blogspot.com/2010/08/key-wrapping-with-hsms.html

It says that there is no possible way to see the real key. So thats why i asked here..


What you'll get is a PrivateKey. But as we've seen, PrivateKeys that you get from an HSM are just sham objects. You don't actually get to see that PrivateKey - it is merely a reference to the key in the HSM.

But now when i start thinking then the blog is about unwrapping the key with HSM so it really doesnt go for my case.. or maybe im still misunderstanding something?


EDIT: And maybe u have a example in C# hot to load the key with CreateObject..
 

Best regards


 

3/8/2011 2:08:10 PM
Gravatar
Total Posts 300
Ugo Chirico http://www.ugochirico.com

Re: wrap and unwrap key

It's not exactly true.

When you call Wrap method you get the encrypted wrapped key in form of array of bytes, not merely as an object reference. When you call the Wrap method you get the byte array containing the encrypted (wrapped) key. Then, you can do what you want with that encrypted key. To store it in another system you have to decrypt it and you can do decryption if you know the secret key used to encrypt (wrap) the other key (you surely know the algo because when you call Wrap you have specified the mechanism).

To reach your goal simply you should use your own key to wrap the other key and you should use an implementation of the wrapping algorithm to decrypt (unwrap) it.

If you really need that and you don't know ho to do I can develop for you the classes you need.

 

This is the snippet that loads a DES secret key:

// your wrapping key
byte[] keyValue = {0x11,0x12,0x13, 0x14, 0x15,0x16,0x17,0x18};

CryptokiCollection template = new CryptokiCollection();
template.Add(new ObjectAttribute(ObjectAttribute.CKA_CLASS, CryptokiObject.CKO_SECRET_KEY));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_KEY_TYPE, Key.CKK_DES));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_ID, id));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_LABEL, label));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_TOKEN, true));                
template.Add(new ObjectAttribute(ObjectAttribute.CKA_VALYE, keyValue));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_PRIVATE, true));
template.Add(new ObjectAttribute(ObjectAttribute.CKA_MODIFIABLE, false));

CryptokiObject deskey = CurrentSession.Objects.Create(template);

Regards, 

Ugo

3/8/2011 2:56:12 PM
Gravatar
Total Posts 22

Re: wrap and unwrap key

Thanks, one question more.. would it be same when i use GenerateKey, when using that i can allso set the key value?

3/8/2011 3:10:31 PM
Gravatar
Total Posts 300
Ugo Chirico http://www.ugochirico.com

Re: wrap and unwrap key

No. Using GenerateKey you are asking to the HSM to generate a new key so you cannot set the key value.

The only way to set the key value is by using CreateObject as I explained before.

3/14/2011 7:20:56 AM
Gravatar
Total Posts 22

Re: wrap and unwrap key

Ok, i have been playng with it here now and looks like i cnt wrap keys with DES key...
And exactly the erroro  i am getting is : 0x113 wrapping key handle invalid.
 EDIT: Ok i got ower this problem. Now i am facing a new one. When i try to unwrap the key i get template inconsistent. But i am giving it the bytes of wrapped key...

3/14/2011 10:16:29 AM
Gravatar
Total Posts 300
Ugo Chirico http://www.ugochirico.com

Re: wrap and unwrap key

Error 113 (wrapping key handle invalid) doesn't mean that you cannot wrap a key with a DES key.

How do you create the DES key? and the key to wrap?

Please read carefully the PKCS#11 specification. I have think that you need to understand better the PKCS#11 specs:

http://wiki.ncryptoki.com/GetFile.aspx?File=%2fdocs%2fpkcs-11v2-20.pdf

3/14/2011 10:50:06 AM
Gravatar
Total Posts 22

Re: wrap and unwrap key

Can you please tell me what format the private key is when i wrap it and then unwrap it in some other location. Is it DER or PEM  or something else? I need just want to confirm that the key is ok afther wrapping and unwrapping.

3/14/2011 2:08:39 PM
Gravatar
Total Posts 300
Ugo Chirico http://www.ugochirico.com

Re: wrap and unwrap key

This depends on the underlying PKCS#11 module. PKCS#11 spec says nothing about the internal format of a wrapped key and NCryptoki does nothing on the format. It simply forwards what the underlying PKCS#11 module returns.

To see the exact format you should decrypt by yourself the wrapped key externally, without using a PKCS#11 module.

3/14/2011 2:16:27 PM
Gravatar
Total Posts 22

Re: wrap and unwrap key

Right now i wrote a simple decryption method to decrypt the wrapped key withoud PKCS#11 module and im getting byte array from there. Have no ide what to do with it next.
I am sorry that this topic is going little out of the NCyproki topic but i dont know anywhere else to ask these questions..

(Why the forum is showing my post as double post on the 1 and 2 page? :P)
 

3/14/2011 2:24:01 PM
Gravatar
Total Posts 300
Ugo Chirico http://www.ugochirico.com

Re: wrap and unwrap key

Don't worry about the topic. it may interest other developers.

The byte array you got is the plaintext (decrypted) of the wrapped key. What is the type of the wrapped key? RSA, ECC or something else?

Usually, in the most of PKCS#11 modules, a wrapped key is in ASN.1 DER encoding. to check that open you key in an hex editor and check whether it starts with 0x30 0x81 0xXX ... if so it is ASN.1 DER encoding.

The usual format for RSA and some other keys is defined in PKCS#n specifications (PKCS#12 for RSA key pairs, and so on)

3/14/2011 2:33:35 PM
Gravatar
Total Posts 22

Re: wrap and unwrap key

The wrapped key is a RSA privatekey. When i look at the array from debugger then it starts with 0x30 0x82 0x02 ... So it should be ANS.1 DER format then.

3/14/2011 2:42:17 PM
Gravatar
Total Posts 300
Ugo Chirico http://www.ugochirico.com

Re: wrap and unwrap key

Very good.

it is DER format of PKCS#8: http://www.rsa.com/rsalabs/node.asp?id=2130

3/14/2011 2:47:11 PM
Gravatar
Total Posts 22

Re: wrap and unwrap key

Little more offtopic here. When i try now to load the key to the keystore with keytool I get error: DerInputStream.getLength(): lengthTag=111, too big. So i think i have to check my decryption method again and see if the problem is there.
Right now my simple decrypt method looks like this:

EDIT: Ok, it was a problem of mine decryption code.

        public static byte[] Decrypt(byte[] cipherData)
        {
            MemoryStream ms = new MemoryStream(cipherData);

            DESCryptoServiceProvider cryptoProvider = new DESCryptoServiceProvider();
            cryptoProvider.Key = bytes;
            cryptoProvider.Padding = PaddingMode.None;
            cryptoProvider.Mode = CipherMode.ECB;

            CryptoStream cs = new CryptoStream(ms, cryptoProvider.CreateDecryptor(), CryptoStreamMode.Read);
            StreamReader sr = new StreamReader(cs);
            byte[] decryptedTextBytes = new Byte[cipherData.Length];
            cs.Read(decryptedTextBytes, 0, cipherData.Length);
            cs.Close();
            ms.Close();

            return decryptedTextBytes;
        }