Menu
▾
▴
[Ejbca-develop] LunaSA ECDSA: CKR_KEY_TYPE_INCONSISTENT fails test
|
From: Anthony A. <asc...@gm...> - 2015-05-19 02:07:06
|
Hi EJBCAers, Using EJBCA to generate a ECDSA key on a Luna I am getting CKR_KEY_TYPE_INCONSISTENT when running the test, as a result I cannot use this Crypto Token for a CA, as CA creation always fails at CRL sign. Any suggestions? 1. JDK 7u79 2. EJBCA SVN r20553 (approx. v6.3.0) # web.properties cryptotoken.p11.lib.20.name=SafeNet Luna SA cryptotoken.p11.lib.20.file=/usr/lib/libCryptoki2_64.so ## ./ejbcaClientToolBox.sh PKCS11HSMKeyTool generate /usr/lib/libCryptoki2_64.so secp521r1 secp521r1_1 1 2015-05-19 09:58:13,676 INFO [org.cesecore.config.ConfigurationHolder] Allow external re-configuration: false Using Slot Reference Type: Slot Number. 2015-05-19 09:58:13,926 INFO [org.cesecore.keys.token.p11.Pkcs11SlotLabel] Using SUN PKCS11 provider: sun.security.pkcs11.SunPKCS11 2015-05-19 09:58:13,972 INFO [org.cesecore.keys.token.p11.Pkcs11SlotLabel] Using SUN PKCS11 provider: sun.security.pkcs11.SunPKCS11 PKCS11 Token [SunPKCS11-libCryptoki2_64.so-slot1] Password: Created certificate with entry secp521r1_1. Testing of key: secp521r1_1 Private part: SunPKCS11-libCryptoki2_64.so-slot1 EC private key, 521 bits (id 581, token object, sensitive, unextractable) Elliptic curve key: the affine x-coordinate: 1fdd98236da83f314145433... the affine y-coordinate: 1da6e7a34e8a28d6fffbc4c... java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_KEY_TYPE_INCONSISTENT at sun.security.pkcs11.P11Signature.engineVerify(P11Signature.java:621) at java.security.Signature$Delegate.engineVerify(Signature.java:1192) at java.security.Signature.verify(Signature.java:626) at org.ejbca.ui.cli.KeyStoreContainerTest$Sign.verify(KeyStoreContainerTest.java:347) at org.ejbca.ui.cli.KeyStoreContainerTest$NormalTest.test(KeyStoreContainerTest.java:468) at org.ejbca.ui.cli.KeyStoreContainerTest$NormalTest.doIt(KeyStoreContainerTest.java:491) at org.ejbca.ui.cli.KeyStoreContainerTest.startNormal(KeyStoreContainerTest.java:148) at org.ejbca.ui.cli.KeyStoreContainerTest.test(KeyStoreContainerTest.java:76) at org.ejbca.ui.cli.HSMKeyTool.doIt(HSMKeyTool.java:400) at org.ejbca.ui.cli.HSMKeyTool.execute(HSMKeyTool.java:449) at org.ejbca.ui.cli.PKCS11HSMKeyTool.execute(PKCS11HSMKeyTool.java:47) at org.ejbca.ui.cli.ClientToolBox.executeIfSelected(ClientToolBox.java:40) at org.ejbca.ui.cli.ClientToolBox.main(ClientToolBox.java:66) Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_KEY_TYPE_INCONSISTENT at sun.security.pkcs11.wrapper.PKCS11.C_VerifyFinal(Native Method) at sun.security.pkcs11.P11Signature.engineVerify(P11Signature.java:575) ... 12 more Signing not possible with this key. See exception. No crypto available for this key. - Anthony |