Session_WrapKey
This API wraps key.
URL
./Session_WrapKey
Input Parameters
Parameters | Description |
---|---|
keyName | Name of the key to be wrapped. |
keyUseForWrap | Key to be used for wrapping. |
wrapFormatPadding | Padding format to be used for wrapping the key. This is an optional parameter. It is used for PKCS#1v2.1 and one of the following padding is used: SHA256, SHA384, and SHA512. |
Sample SOAP Parameters
<prot:Session_WrapKey>
<keyName>AESKey</keyName>
<keyUseForWrap>RSAKey</keyUseForWrap>
<!--Optional:-->
< wrapFormatPadding>SHA256</wrapFormatPadding>
</prot:Session_WrapKey>
Output
Wrap key bytes.
<ns2: Session_WrapKeyResponse xmlns:ns2="http://dsws.org/protectappws/">36E409F7993906344FA0DC560475086F485163857ACD41752651ACDF236BDDE73F9859CBF42A744D27603F5869D3DBD29C97005B973517DB76761AF8915D0B13</ns2: Session_WrapKeyResponse>
Note
cxf-manifest.jar should be included in the Java client build path while calling Session_WrapKey web services.
Unwrap Key using OpenSSL
The
Session_WrapKey
API generates output in hex format. To unwrap the key, convert it into byte array and then write the Base64 encoded wrapped key to file as shown here.String wrappedKeytxt=<hexdata>; byte[] wrappedKey =IngrianProvider.hex2ByteArray(wrappedKeytxt); Base64.encodeToFile(wrappedKey, <filePathWhereBase64EncodedWrappedKeyIsWritten>);
Based on the padding scheme, run the following command.
openssl enc -in <filePathWhereBase64EncodedWrappedKeyIsWritten> -out <filepathForbinarytext> -d -a openssl rsautl -decrypt -in <filepathForbinarytext> -out <filePathToUnwrappedKey> -inkey <pemFilePathToPrivKey>
openssl enc -in <filePathWhereBase64EncodedWrappedKeyIsWritten> -out <filepathForbinarytext> -d -a openssl pkeyutl -decrypt -inkey <pemFilePathToPrivKey> -in <filepathForbinarytext> -out <filePathToUnwrappedKey> -pkeyopt rsa_padding_mode:oaep -pkeyopt rsa_oaep_md:sha256 -pkeyopt rsa_mgf1_md:sha256
Read the unwrapped key bytes from the file. Convert the byte array into hex format as shown here.
byte keyArr[]=Files.readAllBytes(Paths.get(<filePathToUnwrappedKey>); String unwrappedKey= IngrianProvider.byteArray2Hex(keyArr));