Comment 30 for bug 392104

The problem is that the Java code doesn't support an DER encoded key.
From mozilla/security/nss/lib/softoken/pkcs11.c in NSS:

            /* special note: We can't just use the first byte to determine
             * between these 2 cases because both EC_POINT_FORM_UNCOMPRESSED
             * and SEC_ASN1_OCTET_STRING are 0x04 */

     /* handle the non-DER encoded case (UNCOMPRESSED only) */
            if (pubKey->u.ec.publicValue.data[0] == EC_POINT_FORM_UNCOMPRESSED
                && pubKey->u.ec.publicValue.len == keyLen) {
                break; /* key was not DER encoded, no need to unwrap */
            }

            /* if we ever support compressed, handle it here */

     /* handle the encoded case */
            if ((pubKey->u.ec.publicValue.data[0] == SEC_ASN1_OCTET_STRING)
                && pubKey->u.ec.publicValue.len > keyLen) {
  SECItem publicValue;
                SECStatus rv;

                rv = SEC_QuickDERDecodeItem(arena, &publicValue,
                                         SEC_ASN1_GET(SEC_OctetStringTemplate),
                                         &pubKey->u.ec.publicValue);
                /* nope, didn't decode correctly */
                if ((rv != SECSuccess)
                    || (publicValue.data[0] != EC_POINT_FORM_UNCOMPRESSED)
                    || (publicValue.len != keyLen)) {
                    crv = CKR_ATTRIBUTE_VALUE_INVALID;
                    break;
                }
                /* replace our previous with the decoded key */
                pubKey->u.ec.publicValue = publicValue;
                break;
            }