[Ejbca-develop] EJBCA - create key whith clientToolBox

[Daniel J. <Dan...@e-...>]

clientToolBox run fine when you give it the path of library libcknfast.so 
ant slotListIndex=1

clientToolBox is in error when you give the path of configuration file : 
ocs-sunpkcs11.cfg

ocs-sunpkcs11.cfg:

name=NFastJava
library=/opt/nfast/toolkits/pkcs11/libcknfast.so
slotListIndex=1

attributes(*, *, *) = {
        CKA_TOKEN = true
}

attributes(*, CKO_PUBLIC_KEY, * ) = {
        CKA_ENCRYPT = true
        CKA_WRAP = true 
        CKA_VERIFY = true
}

attributes( *, CKO_PRIVATE_KEY, *) = {
        CKA_PRIVATE = false 
        CKA_SENSITIVE = true
        CKA_SIGN = true
        CKA_DECRYPT = true
        CKA_EXTRACTABLE =  false 
        CKA_UNWRAP = true
}

The log trace:


2013-06-25 13:23:47,115 INFO  [org.ejbca.util.keystore.KeyTools] Using SUN 
PKCS11 provider: sun.security.pkcs11.SunPKCS11
2013-06-25 13:23:47,123 DEBUG 
[org.ejbca.util.keystore.KeyStoreContainerP11] Adding provider with name: 
SunPKCS11-NFastJava
2013-06-25 13:23:47,123 DEBUG 
[org.ejbca.util.keystore.KeyStoreContainerP11] Provider already exists, 
not adding.
2013-06-25 13:23:47,132 DEBUG 
[org.ejbca.util.keystore.KeyStoreContainerBase] generating...
2013-06-25 13:23:52,920 DEBUG 
[org.ejbca.util.keystore.KeyStoreContainerBase] keystore signing algorithm 
SHA1withRSA
2013-06-25 13:23:52,953 ERROR [org.ejbca.ui.cli.HSMKeyTool] Command 
'PKCS11HSMKeyTool generate /opt/ejbca/conf/sunpkcs11.cfg null pkcs11 4096 
defaultTEST' could not be executed.
java.security.ProviderException: Initialization failed
        at 
sun.security.pkcs11.P11Signature.initialize(P11Signature.java:312)
        at 
sun.security.pkcs11.P11Signature.engineInitSign(P11Signature.java:393)
        at 
java.security.Signature$Delegate.engineInitSign(Signature.java:1113)
        at java.security.Signature.initSign(Signature.java:497)
        at org.bouncycastle.x509.X509Util.calculateSignature(Unknown 
Source)
        at 
org.bouncycastle.x509.X509V3CertificateGenerator.generate(Unknown Source)
        at 
org.bouncycastle.x509.X509V3CertificateGenerator.generate(Unknown Source)
        at 
org.ejbca.util.keystore.KeyStoreContainerBase.getSelfCertificate(KeyStoreContainerBase.java:144)
        at 
org.ejbca.util.keystore.KeyStoreContainerBase.generate(KeyStoreContainerBase.java:285)
        at 
org.ejbca.util.keystore.KeyStoreContainerBase.generateRSA(KeyStoreContainerBase.java:202)
        at 
org.ejbca.util.keystore.KeyStoreContainerBase.generate(KeyStoreContainerBase.java:234)
        at org.ejbca.ui.cli.HSMKeyTool.doIt(HSMKeyTool.java:139)
        at org.ejbca.ui.cli.HSMKeyTool.execute(HSMKeyTool.java:290)
        at 
org.ejbca.ui.cli.PKCS11HSMKeyTool.execute(PKCS11HSMKeyTool.java:47)
        at 
org.ejbca.ui.cli.ClientToolBox.executeIfSelected(ClientToolBox.java:40)
        at org.ejbca.ui.cli.ClientToolBox.main(ClientToolBox.java:70)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: 
CKR_KEY_FUNCTION_NOT_PERMITTED
        at sun.security.pkcs11.wrapper.PKCS11.C_SignInit(Native Method)
        at 
sun.security.pkcs11.P11Signature.initialize(P11Signature.java:304)
        ... 15 more


How explain this ?

kind regards

Daniel JAMET
Direction DPM
Tél : +33 1 55 23 31 70 
dan...@e-...
____________________________
Société d'Exploitation de Réseaux et de Services Sécurisés
Immeuble "Le Linéa" 
1, rue du Général Leclerc
92800 PUTEAUX