On Fri, 6 Dec 2024 18:40:04 GMT, Weijun Wang <wei...@openjdk.org> wrote:
> I set CKA_EXTRACTABLE = false and generate an AES key and its `getEncoded` is > null. Then I use it as an IKM for HKDF and the `deriveKey` output is still > unextractable. So far so good, but if I call `deriveData` on the same input > spec, a byte array is returned. Doesn't this mean the derive output is > actually extractable? Is this intended? > > Update: I read > https://docs.oasis-open.org/pkcs11/pkcs11-spec/v3.1/csd01/pkcs11-spec-v3.1-csd01.html#_Toc98177685 > and > https://docs.oasis-open.org/pkcs11/pkcs11-profiles/v3.1/os/pkcs11-profiles-v3.1-os.html#_Toc142307348 > and it shows that some `pInfo` are allowed to derive `CKO_DATA`. Maybe the > PKCS #11 library I am playing with (NSS 3.101 on macosx_aarch64) is tolerant. Yes, my interpretation is that data (the derivation output in this case) is fine. What shouldn't happen is to have a non-extractable key derived extracted. ------------- PR Comment: https://git.openjdk.org/jdk/pull/22215#issuecomment-2537197895
