How to Wrap Microsoft RSA Key Handle in HSM
I have a requirement to wrap the RSAPrivateKey in the HSM so that it can be sent to the Microsoft CA for key archiving, and I'm not sure which approach to take.
The problem is that the Microsoft RSA key format is proprietary and doesn't seem to be supported by either pkcs11 or nCipher HSM that my company uses.
http://msdn.microsoft.com/en-us/library/cc250013.aspx
If it were just an RSAPrivateKey, it would be simple to create a key pair in the HSM, load the wrapping key into the HSM, wrap the RSAPrivateKey, and extract the wrapped key bytes. Obviously, since this blob key format is not supported, I need to take a different approach.
My first thought was to extend RSAPrivateKey and override the getEncoded () method to return this branded key format. I am using the IAIK pkcs11 wrapper which provides a high level API for pkcs11 in Java, and there is some support for generating vendor specific key types. However, the interface for vendor-defined keys seems to exist only as a convenience to extend the built-in key types in client code, and does not actually allow changing the key encoding in the HSM.
The second idea was to use the pkcs11 data object and just treat this as a key blob and then encrypt it with the wrapper key. The same problem here is that in order to copy the private key bytes into a data object, it seems like I need to extract the private key bytes into the application code and then create a data object there that will defeat the whole point of the keys in the HSM.I am looking for alternatives to these approaches or maybe there is some feature in pkcs11 that I forgot that would allow me to do this? Any insight would be appreciated.
source to share
I agree it looks like a data format not supported by the nShield HSM (it might be worth double-checking this with the support team though).
Assuming this is the case, there is only one way to do it securely - one has to use a lower level API to load the private key and pass it to some custom code running in the HSM (using CodeSafe) that will expose the key material. translate it into the required format and wrap it with a wrapping key.
Any other approach will lead to key impacts on the host. Also, if you've generated your key with reasonable (default) permissions, you still can't expose the key without writing custom code that uses your admin card set.
I suggest you contact support for this issue. You might even walk down to some friendly cough counselors who might be able to help you with this.
source to share
What you probably want to do is use the PKCS # 11 wrapper. I'm a little confused when you interact with HSM from Java (since you mention IAIK or .Net, since you want to export it to Microsoft RSAPrivateKey). Anyway, the PKCS11 wrapper (IAIK for Java, NCryptoki for .Net) will allow you to communicate with the HSM using PKCS # 11 v2.30 , make sure to check the supported version in your wrappers and HSM specs as there may be incompatibilities between versions.
PKCS # 11 allows you to generate an RSA key pair in your HSM using the C_GenerateKeyPair function. You will need to specify the mechanism (RSA_PKCS_KEY_PAIR_GEN) and provide two templates, one for the private key and one for the public key. Make sure the CKA_WRAP attribute for the private key is set to true.
To load a wrapping key into an HSM, the C_CreateObject function can be used in conjunction with a template.
Then you could use the C_WrapKey function to wrap the Private RSA key using the key you imported into the HSM. First, use C_FindObjectsInit, C_FindObjects and C_FindObjectsFinal to get the handles for the key to be wrapped and the wrapping key. Then call the C_WrapKey function using the appropriate mechanism and two handles.
source to share
If it is an unsupported proprietary format, you may need to run your own code in HSM to do this. Many HSMs allow you to run proprietary code, but you need support from the HSM vendor to be able to load the code first. Also, running native code in HSM can violate security certification (FIPS or Common Criteria).
Otherwise, you will have to extract the private key from the HSM, put it in the correct format in a secure environment, and wrap it using normal HSM encryption tools. This will of course expose the private key outside of the HSM.
You can also contact Microsoft if they have a preferred solution.
source to share