Menu
▾
▴
Re: [Ejbca-develop] Problem using IAIK
|
From: ejbca-support <ejb...@pr...> - 2013-01-24 15:00:00
|
On 2013-01-24 13:33, Valerie Bauche wrote: > HI, > > > > I try to use EJBCA with a HSM not already tested by EJBCA (crypt2protect from Bull) > > I can generate a CA using SUN PKCS11 provider > > But when I try it with IAIK provider I get the following error: > > > > Erreur : l’autorisation du token d’AC a échoué. > > > > Failed to initialize PKCS11 provider slot '0'. > Private Exponent value is sensitive. > > > > > > Of course private exponent is sensitive and cannot be extracted ! So why ejbca tries to extract it ? Hi Valerie, I believe this is a bug in the IAIK provider since it is OK trying to extract, you should just get a null if you fail. Cheers, Anders tech support > > Log file gives the following trace : > > > > ERROR [org.ejbca.core.model.ca.catoken.PKCS11CAToken] (http-0.0.0.0-44328-1) Failed to initialize PKCS11 provider slot '0'. > > java.lang.UnsupportedOperationException: Private Exponent value is sensitive. > > at iaik.pkcs.pkcs11.provider.keys.IAIKPKCS11RsaPrivateKey.getPrivateExponent(IAIKPKCS11RsaPrivateKey.java:251) > > at org.ejbca.util.keystore.KeyTools.isPrivateKeyExtractable(KeyTools.java:1063) > > at org.ejbca.core.model.ca.catoken.BaseCAToken.testKey(BaseCAToken.java:97) > > at org.ejbca.core.model.ca.catoken.BaseCAToken.setKeys(BaseCAToken.java:142) > > at org.ejbca.core.model.ca.catoken.PKCS11CAToken.activate(PKCS11CAToken.java:93) > > at org.ejbca.core.model.ca.catoken.CATokenContainerImpl.activate(CATokenContainerImpl.java:302) > > at org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.createCA(CAAdminSessionBean.java:249) > * > Valérie * > > > > > > ------------------------------------------------------------------------------ > Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, > MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current > with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft > MVPs and experts. ON SALE this month only -- learn more at: > http://p.sf.net/sfu/learnnow-d2d > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
