Menu
▾
▴
Re: [Ejbca-develop] Problem using IAIK
|
From: ejbca-support <ejb...@pr...> - 2013-01-24 16:41:25
|
On 2013-01-24 16:17, Valerie Bauche wrote: > IAIK javadoc for this method : > > Throws: > java.lang.UnsupportedOperationException - If the value is not present or if the value is sensitive. > > So it does not seem to be a bug as it's clearly indicated in javadoc.... Shouldn't ejbca handle this case ? http://javadoc.iaik.tugraz.at/pkcs11_provider/current/iaik/pkcs/pkcs11/provider/keys/IAIKPKCS11RsaPrivateKey.html A problem is that this definition is unique to IAIK. http://docs.oracle.com/javase/6/docs/api/java/security/interfaces/RSAPrivateKey.html#getPrivateExponent() Anyway, is there a problem with using the Oracle P11 provider? Cheers, Anders > > Valérie > > -----Message d'origine----- > De : ejbca-support [mailto:ejb...@pr...] > Envoyé : jeudi 24 janvier 2013 16:00 > À : ejb...@li... > Cc : Valerie Bauche > Objet : Re: [Ejbca-develop] Problem using IAIK > > On 2013-01-24 13:33, Valerie Bauche wrote: >> HI, >> >> >> >> I try to use EJBCA with a HSM not already tested by EJBCA >> (crypt2protect from Bull) >> >> I can generate a CA using SUN PKCS11 provider >> >> But when I try it with IAIK provider I get the following error: >> >> >> >> Erreur : l'autorisation du token d'AC a échoué. >> >> >> >> Failed to initialize PKCS11 provider slot '0'. >> Private Exponent value is sensitive. >> >> >> >> >> >> Of course private exponent is sensitive and cannot be extracted ! So why ejbca tries to extract it ? > > Hi Valerie, > > I believe this is a bug in the IAIK provider since it is OK trying to extract, you should just get a null if you fail. > > Cheers, > Anders > tech support > >> >> Log file gives the following trace : >> >> >> >> ERROR [org.ejbca.core.model.ca.catoken.PKCS11CAToken] (http-0.0.0.0-44328-1) Failed to initialize PKCS11 provider slot '0'. >> >> java.lang.UnsupportedOperationException: Private Exponent value is sensitive. >> >> at >> iaik.pkcs.pkcs11.provider.keys.IAIKPKCS11RsaPrivateKey.getPrivateExpon >> ent(IAIKPKCS11RsaPrivateKey.java:251) >> >> at >> org.ejbca.util.keystore.KeyTools.isPrivateKeyExtractable(KeyTools.java >> :1063) >> >> at >> org.ejbca.core.model.ca.catoken.BaseCAToken.testKey(BaseCAToken.java:9 >> 7) >> >> at >> org.ejbca.core.model.ca.catoken.BaseCAToken.setKeys(BaseCAToken.java:1 >> 42) >> >> at >> org.ejbca.core.model.ca.catoken.PKCS11CAToken.activate(PKCS11CAToken.j >> ava:93) >> >> at >> org.ejbca.core.model.ca.catoken.CATokenContainerImpl.activate(CATokenC >> ontainerImpl.java:302) >> >> at >> org.ejbca.core.ejb.ca.caadmin.CAAdminSessionBean.createCA(CAAdminSessi >> onBean.java:249) >> * >> Valérie * >> >> >> >> >> >> ---------------------------------------------------------------------- >> -------- Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, >> HTML5, CSS, MVC, Windows 8 Apps, JavaScript and much more. Keep your >> skills current with LearnDevNow - 3,200 step-by-step video tutorials >> by Microsoft MVPs and experts. ON SALE this month only -- learn more >> at: >> http://p.sf.net/sfu/learnnow-d2d >> >> >> >> _______________________________________________ >> Ejbca-develop mailing list >> Ejb...@li... >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop >> > |
