[Ejbca-develop] Problem using IAIK

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

HI,

I try to use EJBCA with a HSM not already tested by EJBCA (crypt2protect from Bull)
I can generate a CA using SUN PKCS11 provider
But when I try it with IAIK provider I get the following error:

Erreur : l'autorisation du token d'AC a échoué.

Failed to initialize PKCS11 provider slot '0'.
Private Exponent value is sensitive.

Of course private exponent is sensitive and cannot be extracted ! So why ejbca tries to extract it ?
Log file gives the following trace :

ERROR [org.ejbca.core.model.ca.catoken.PKCS11CAToken] (http-0.0.0.0-44328-1) Failed to initialize PKCS11 provider slot '0'.
java.lang.UnsupportedOperationException: Private Exponent value is sensitive.
        at iaik.pkcs.pkcs11.provider.keys.IAIKPKCS11RsaPrivateKey.getPrivateExponent(IAIKPKCS11RsaPrivateKey.java:251)
        at org.ejbca.util.keystore.KeyTools.isPrivateKeyExtractable(KeyTools.java:1063)
        at org.ejbca.core.model.ca.catoken.BaseCAToken.testKey(BaseCAToken.java:97)
        at org.ejbca.core.model.ca.catoken.BaseCAToken.setKeys(BaseCAToken.java:142)
        at org.ejbca.core.model.ca.catoken.PKCS11CAToken.activate(PKCS11CAToken.java:93)
        at org.ejbca.core.model.ca.catoken.CATokenContainerImpl.activate(CATokenContainerImpl.java:302)
        at org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.createCA(CAAdminSessionBean.java:249)

Valérie