How to get the plaintext of a Secret Key Entry in Mozilla NSSDB PKCS11?
I have a mozilla NSSDB PKCS11, it includes one of three things. Certificates, keys, and SecretKeyEntry. I would like to know the content of a SecretKeyEntry with the alias "StoreXKey". Firstly, is extracting the plaintext of a SecretKeyEntry possible? I seem to think so because of links: https://technosock.blogspot.com/2007/12/token-knowledge.html and https://docs.oracle.com/javase/8/docs/api/java/security/KeyStore.SecretKeyEntry.html#getSecretKey
First link gives a way to do it ( which doesn't work for me ) the second link gives us a few methods, namely .getEncoded() which can supposedly be called on a SecretKeyEntry to get the byte array information.
Here is my code thus far, all results hit a null pointer exception when using the getEncoded message. I am sure the SecretKeyEntry exists in the NSSDB.
String configFile = "config.cfg"; Provider provider = Security.getProvider("SunPKCS11"); // I am confused on how to incorporate the config file as well. /* provider = provider.configure(configFile); // Does not work */ Security.addProvider(provider);
String defaultPIN = "--.--.--.--.----.-...-.--"; try{
KeyStore ks = KeyStore.getInstance("PKCS11"); ks.load(null, defaultPIN.toCharArray()); KeyStore.SecretKeyEntry skEntry = (KeyStore.SecretKeyEntry) ks.getEntry("StoreXKey",null); // Do I need a password protector here? System.out.println(new String(skEntry.getSecretKey().getEncoded())); <-- Error is thrown here.
}catch (Exception e){
e.printStackTrace();
} Any help / advice or links are appreciated.
All Replies (2)
Please let me know if this is in the wrong section, I will change it! I just couldn't find the NSS section of this website!
This forum deals with the Mozilla products that contain NSS but not the nitty gritty of that component.
Maybe there is a technical mailing list/Google Group for NSS? This one popped up in a search, but I don't know whether this kind of question would be welcome: