Exporting a Wrapped Key
To export a wrapped key:
Call the
ExportWrappedKey
method to export key bytes of symmetric key wrapped with RSA key bytes.Syntax
public byte[] ExportWrappedKey(string keyName, byte[] wrapPublicKey, KeyWrapFormat wrapFormat)
Define
KeyWrapFormat
, it lists the algorithms used to wrap the symmetric key bytes.public enum KeyWrapFormat { RAW_PKCS1v15, RAW_PKCS1v21_RSAOAEP_SHA256, RAW_PKCS1v21_RSAOAEP_SHA384, RAW_PKCS1v21_RSAOAEP_SHA512, }
Sample code
NaeKeyManagement nkm = new NaeKeyManagement(session);
string keyname = "Sample_Aes_Key";
string public_keyname = "Sample_Rsa_Key";
byte[] exportedpublicBytes = nkm.ExportKey(public_keyname, NaeKeyManagement.KeyType.Public);
byte[] exportedWrappedBytes = nkm.ExportWrappedKey(keyname, exportedpublicBytes,
NaeKeyManagement.KeyWrapFormat.PKCS1v15);
Note
• For RSA keys, the minimum recommended KeySize
is 2048.
• The user must be the owner of the key or should have the permission to export the key. The wrapPublicKey
must be in the PKCS#1 format.
• The ExportWrappedKey
method does not work if the RSA key used in the wrapping is a versioned key.
• Exporting a wrapped key is not supported in the local mode.