Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

How to get the plaintext of a Secret Key Entry in Mozilla NSSDB PKCS11?

  • 2 replies
  • 1 has this problem
  • 3 views
  • Last reply by jscher2000

more options

I have a mozilla NSSDB PKCS11, it includes one of three things. Certificates, keys, and SecretKeyEntry. I would like to know the content of a SecretKeyEntry with the alias "StoreXKey". Firstly, is extracting the plaintext of a SecretKeyEntry possible? I seem to think so because of links: https://technosock.blogspot.com/2007/12/token-knowledge.html and https://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.SecretKeyEntry.html#getSecretKey

First link gives a way to do it ( which doesn't work for me ) the second link gives us a few methods, namely .getEncoded() which can supposedly be called on a SecretKeyEntry to get the byte array information.

Here is my code thus far, all results hit a null pointer exception when using the getEncoded message. I am sure the SecretKeyEntry exists in the NSSDB.

String configFile = "config.cfg"; Provider provider = Security.getProvider("SunPKCS11"); // I am confused on how to incorporate the config file as well. /* provider = provider.configure(configFile); // Does not work */ Security.addProvider(provider);

String defaultPIN = "--.--.--.--.----.-...-.--"; try{

  KeyStore ks = KeyStore.getInstance("PKCS11");
  ks.load(null, defaultPIN.toCharArray());
  KeyStore.SecretKeyEntry skEntry = (KeyStore.SecretKeyEntry) ks.getEntry("StoreXKey",null); // Do I need a password protector here?
  System.out.println(new String(skEntry.getSecretKey().getEncoded())); <-- Error is thrown here. 

}catch (Exception e){

  e.printStackTrace();

} Any help / advice or links are appreciated.

All Replies (2)

more options

Please let me know if this is in the wrong section, I will change it! I just couldn't find the NSS section of this website!

Helpful?

more options

This forum deals with the Mozilla products that contain NSS but not the nitty gritty of that component.

Maybe there is a technical mailing list/Google Group for NSS? This one popped up in a search, but I don't know whether this kind of question would be welcome:

https://groups.google.com/a/mozilla.org/g/dev-tech-crypto

Helpful?

Ask a question

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.