Christoph
Reputation: 11
ECDH KeyAgreement with KDF solely performed in HSM
I have a question regarding JCE and PKCS#11. My goal is to perform a ECDH KeyAgreement and perform a KDF (SHA-256) in an HSM with JCE. The result of the ECDH KeyAgreement (shared secret) shall not be available outside of the HSM like with the PKCS#11 function: "CKM_ECDH1_DERIVE"
Example JCE Code:
// Derive a shared secret with ECDH
KeyAgreement keyAgreementA = KeyAgreement.getInstance("ECDH", "Some HSM Provider");
keyAgreementA.init(keyPairA.getPrivate());
keyAgreementA.doPhase(keyPairB.getPublic(), true);
byte[] sharedSecret = keyAgreementA.generateSecret(); // <= I don't want that the shared secret is exposed as byte[] outside of the HSM.
// Derive a key from the shared secret and some shared info
MessageDigest hash = MessageDigest.getInstance("SHA-256");
hash.update(sharedSecret);
byte[] derivedSecret = hash.digest(some shared info);
Is it somehow possible in JCE to have something equivalent to the PKCS#11 function "CKM_ECDH1_DERIVE"? My understanding of "CKM_ECDH1_DERIVE" is that I can use it with an KDF (SHA-256) and the plain shared secret (result of the ECDH) is not returned by the HSM. Only the derived key (after KDF) is returned.
Upvotes: 1
Views: 64
Answers (0)
Related Questions
- How can I sanitize user input with PHP?
- Why is executing Java code in comments with certain Unicode characters allowed?
- How can I create an executable/runnable JAR with dependencies using Maven?
- Wrap-unwrap of private key using EC master key and Bouncy Castle
- Secret vs. Non-secret Initialization Vector
- Key wrapping with an ECDH public key?
- IAIK PKCS#11 Wrapper: ECDH KeyAgreement Example
- Android SpongyCastle ECDH secp384r1 Key Size Incorrect
- How to serialize and consume ECDH parameters in Java