Exporting a Wrapped Key
To export a wrapped key:
Call the
ExportWrappedKey
method to export key bytes of symmetric key wrapped with RSA key bytes.Syntax
public byte[] ExportWrappedKey(string keyName, byte[] wrapPublicKey, KeyWrapFormat wrapFormat)
Define
KeyWrapFormat
, it lists the algorithms used to wrap the symmetric key bytes.public enum KeyWrapFormat { RAW_PKCS1v15, RAW_PKCS1v21_RSAOAEP_SHA256, RAW_PKCS1v21_RSAOAEP_SHA384, RAW_PKCS1v21_RSAOAEP_SHA512, }
Sample code
NaeKeyManagement nkm = new NaeKeyManagement(session);
string keyname = "Sample_Aes_Key";
string public_keyname = "Sample_Rsa_Key";
byte[] exportedpublicBytes = nkm.ExportKey(public_keyname, NaeKeyManagement.KeyType.Public);
byte[] exportedWrappedBytes = nkm.ExportWrappedKey(keyname, exportedpublicBytes,
NaeKeyManagement.KeyWrapFormat.PKCS1v15);
Note
For RSA keys, the minimum recommended
KeySize
is 2048.The user must be the owner of the key or should have the permission to export the key. The
wrapPublicKey
must be in the PKCS#1 format.The
ExportWrappedKey
method does not work if the RSA key used in the wrapping is a versioned key.Exporting a wrapped key is not supported in the local mode.