I configured and connected Utimaco CryptoServer CS HSM to EJBCA and I have one initialized slot.
I successfully created CryptoToken through EJBCA Web GUI but when I would like to generate new RSA key pair on that CryptoToken the following exception occured:
PKCS#11 is working fine but RSA key pair generation failed in CryptoToken.
If PKCS#11 wouldn't be configured correctly I wouldn't be able to generate any key and I wouldn't be able to create PKCS#11 CryptoToken generally.
But as I mentioned earlier ECDSA keys generation in CryptoToken is working just fine.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
The log indicates that some attribute is wrong.
Could you provide some more information on how did you create the crypto keys?
I find it quite hard to reproduce the error.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Yes, log indicates that the attribute CKA_MODULUS_BITS is wrong but I don't know why.
These are the steps how I created CryptoToken:
1. Configured EJBCA to use PCKS#11 as described in documentation on the web
2. Configured web.properties to add PKCS#11 library of Utimaco CryptoServer CS
3. Initialized Slot on Utimaco CryptoServer CS
4. Created new CryptoToken in EJBCA (success)
5. Tried to generate new RSA key pair on CryptoToken (failed)
6. Tried to generate ECDSA keys on CryptoToken (success)
There is nothing non-standard. I haven't modified any source code of EJBCA 6.1.1.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I don't know what log do you mean but I have enabled PKCS#11 log on Utimaco CryptoServer according their manual to log everything and there is only the following after click on "Generate new key pair" in EJBCA:
03.06.2014 07:13:52 | C_GetSessionInfo | T: enter...
03.06.2014 07:13:52 | C_GenerateKeyPair | T: enter...
03.06.2014 07:13:52 | checkValidity | E: Attribute CKA_MODULUS_BITS is not a integer.
03.06.2014 07:13:52 | C_GenerateKeyPair | E: Error CKR_ATTRIBUTE_VALUE_INVALID occured.
¨
Or do you mean something else?
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I'm trying to generate RSA key pairs with the key lenght of 4096 bits through CryptoToken Web GUI using button "Generate new key pair".
There is nothing non-standard and no custom attributes.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I am running EJBCA 6.1.1 on JBoss 7.1.1.Final.
I configured and connected Utimaco CryptoServer CS HSM to EJBCA and I have one initialized slot.
I successfully created CryptoToken through EJBCA Web GUI but when I would like to generate new RSA key pair on that CryptoToken the following exception occured:
I am able to successfully generate ECDSA keys.
Logs from CryptoServer:
Do you know how to resolve this exception in order to generate RSA key pairs on CryptoToken through EJBCA?
Hi Roman
have you followed the instructions as described in http://www.ejbca.org/docs/installation.html#JBoss ?
Specially I'm referring to :
path name="sun/security/x509"
path name="sun/security/pkcs11"
path name="sun/security/pkcs11/wrapper"
Yes,
PKCS#11 is working fine but RSA key pair generation failed in CryptoToken.
If PKCS#11 wouldn't be configured correctly I wouldn't be able to generate any key and I wouldn't be able to create PKCS#11 CryptoToken generally.
But as I mentioned earlier ECDSA keys generation in CryptoToken is working just fine.
which java are you using?
Version of Java running on server:
java version "1.7.0_25"
OpenJDK Runtime Environment (IcedTea 2.3.10) (7u25-2.3.10-1~deb7u1)
OpenJDK 64-Bit Server VM (build 23.7-b01, mixed mode)
The log indicates that some attribute is wrong.
Could you provide some more information on how did you create the crypto keys?
I find it quite hard to reproduce the error.
Yes, log indicates that the attribute CKA_MODULUS_BITS is wrong but I don't know why.
These are the steps how I created CryptoToken:
1. Configured EJBCA to use PCKS#11 as described in documentation on the web
2. Configured web.properties to add PKCS#11 library of Utimaco CryptoServer CS
3. Initialized Slot on Utimaco CryptoServer CS
4. Created new CryptoToken in EJBCA (success)
5. Tried to generate new RSA key pair on CryptoToken (failed)
6. Tried to generate ECDSA keys on CryptoToken (success)
There is nothing non-standard. I haven't modified any source code of EJBCA 6.1.1.
Is there the possibility to activate the log from the crypto server and fetch the messages send to it during the process that fails?
I don't know what log do you mean but I have enabled PKCS#11 log on Utimaco CryptoServer according their manual to log everything and there is only the following after click on "Generate new key pair" in EJBCA:
Are you using some custom attributes file? Or are you trying to generate rsa keys of a strange size?
I'm trying to generate RSA key pairs with the key lenght of 4096 bits through CryptoToken Web GUI using button "Generate new key pair".
There is nothing non-standard and no custom attributes.