This API wraps key.
Input Parameters
Parameters | Description |
keyName | Name of the key to be wrapped. |
keyUseForWrap | Key to be used for wrapping. |
wrapFormatPadding | Padding format to be used for wrapping the key. This is an optional parameter. It is used for PKCS#1v2.1 and one of the following padding is used: SHA256, SHA384, and SHA512. |
Sample SOAP Parameters
< wrapFormatPadding>SHA256</wrapFormatPadding>
Wrap key bytes.
<ns2: Session_WrapKeyResponse xmlns:ns2="">36E409F7993906344FA0DC560475086F485163857ACD41752651ACDF236BDDE73F9859CBF42A744D27603F5869D3DBD29C97005B973517DB76761AF8915D0B13</ns2: Session_WrapKeyResponse>
cxf-manifest.jar should be included in the Java client build path while calling Session_WrapKey web services.
Unwrap Key using OpenSSL
API generates output in hex format. To unwrap the key, convert it into byte array and then write the Base64 encoded wrapped key to file as shown here.String wrappedKeytxt=<hexdata>; byte[] wrappedKey =IngrianProvider.hex2ByteArray(wrappedKeytxt); Base64.encodeToFile(wrappedKey, <filePathWhereBase64EncodedWrappedKeyIsWritten>);
Based on the padding scheme, run the following command.
openssl enc -in <filePathWhereBase64EncodedWrappedKeyIsWritten> -out <filepathForbinarytext> -d -a openssl rsautl -decrypt -in <filepathForbinarytext> -out <filePathToUnwrappedKey> -inkey <pemFilePathToPrivKey>
openssl enc -in <filePathWhereBase64EncodedWrappedKeyIsWritten> -out <filepathForbinarytext> -d -a openssl pkeyutl -decrypt -inkey <pemFilePathToPrivKey> -in <filepathForbinarytext> -out <filePathToUnwrappedKey> -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256
Read the unwrapped key bytes from the file. Convert the byte array into hex format as shown here.
byte keyArr[]=Files.readAllBytes(Paths.get(<filePathToUnwrappedKey>); String unwrappedKey= IngrianProvider.byteArray2Hex(keyArr));