Menu
▾
▴
Re: [Ejbca-develop] EJBCA - create key whith clientToolBox
|
From: ejbca-support <ejb...@pr...> - 2013-06-25 13:34:32
|
It looks like the java installation already contains a provider
definition which makes your new definition ignored.
Cheers
Anders
tech support
On 2013-06-25 15:26, Daniel JAMET wrote:
> clientToolBox run fine when you give it the path of library libcknfast.so ant slotListIndex=1
>
> clientToolBox is in error when you give the path of configuration file : ocs-sunpkcs11.cfg
>
> ocs-sunpkcs11.cfg:
>
> *name=NFastJava*
> *library=/opt/nfast/toolkits/pkcs11/libcknfast.so*
> *slotListIndex=1*
>
> *attributes(*, *, *) = {*
> * CKA_TOKEN = true*
> *}*
>
> *attributes(*, CKO_PUBLIC_KEY, * ) = {*
> * CKA_ENCRYPT = true*
> * CKA_WRAP = true *
> * CKA_VERIFY = true*
> *}*
>
> *attributes( *, CKO_PRIVATE_KEY, *) = {*
> * CKA_PRIVATE = false *
> * CKA_SENSITIVE = true*
> * CKA_SIGN = true*
> * CKA_DECRYPT = true*
> * CKA_EXTRACTABLE = false *
> * CKA_UNWRAP = true*
> *}*
>
> The log trace:
>
>
> *2013-06-25 13:23:47,115 INFO [org.ejbca.util.keystore.KeyTools] Using SUN PKCS11 provider: sun.security.pkcs11.SunPKCS11*
> *2013-06-25 13:23:47,123 DEBUG [org.ejbca.util.keystore.KeyStoreContainerP11] Adding provider with name: SunPKCS11-NFastJava*
> *2013-06-25 13:23:47,123 DEBUG [org.ejbca.util.keystore.KeyStoreContainerP11] Provider already exists, not adding.*
> *2013-06-25 13:23:47,132 DEBUG [org.ejbca.util.keystore.KeyStoreContainerBase] generating...*
> *2013-06-25 13:23:52,920 DEBUG [org.ejbca.util.keystore.KeyStoreContainerBase] keystore signing algorithm SHA1withRSA*
> *2013-06-25 13:23:52,953 ERROR [org.ejbca.ui.cli.HSMKeyTool] Command 'PKCS11HSMKeyTool generate /opt/ejbca/conf/sunpkcs11.cfg null pkcs11 4096 defaultTEST' could not be executed.*
> *java.security.ProviderException: Initialization failed*
> * at sun.security.pkcs11.P11Signature.initialize(P11Signature.java:312)*
> * at sun.security.pkcs11.P11Signature.engineInitSign(P11Signature.java:393)*
> * at java.security.Signature$Delegate.engineInitSign(Signature.java:1113)*
> * at java.security.Signature.initSign(Signature.java:497)*
> * at org.bouncycastle.x509.X509Util.calculateSignature(Unknown Source)*
> * at org.bouncycastle.x509.X509V3CertificateGenerator.generate(Unknown Source)*
> * at org.bouncycastle.x509.X509V3CertificateGenerator.generate(Unknown Source)*
> * at org.ejbca.util.keystore.KeyStoreContainerBase.getSelfCertificate(KeyStoreContainerBase.java:144)*
> * at org.ejbca.util.keystore.KeyStoreContainerBase.generate(KeyStoreContainerBase.java:285)*
> * at org.ejbca.util.keystore.KeyStoreContainerBase.generateRSA(KeyStoreContainerBase.java:202)*
> * at org.ejbca.util.keystore.KeyStoreContainerBase.generate(KeyStoreContainerBase.java:234)*
> * at org.ejbca.ui.cli.HSMKeyTool.doIt(HSMKeyTool.java:139)*
> * at org.ejbca.ui.cli.HSMKeyTool.execute(HSMKeyTool.java:290)*
> * at org.ejbca.ui.cli.PKCS11HSMKeyTool.execute(PKCS11HSMKeyTool.java:47)*
> * at org.ejbca.ui.cli.ClientToolBox.executeIfSelected(ClientToolBox.java:40)*
> * at org.ejbca.ui.cli.ClientToolBox.main(ClientToolBox.java:70)*
> *Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_KEY_FUNCTION_NOT_PERMITTED*
> * at sun.security.pkcs11.wrapper.PKCS11.C_SignInit(Native Method)*
> * at sun.security.pkcs11.P11Signature.initialize(P11Signature.java:304)*
> * ... 15 more*
>
>
> How explain this ?
>
> kind regards
>
> Daniel JAMET
> Direction DPM
> Tél : +33 1 55 23 31 70
> dan...@e-...
> ____________________________
> Société d'Exploitation de Réseaux et de Services Sécurisés
> Immeuble "Le Linéa"
> 1, rue du Général Leclerc
> 92800 PUTEAUX
>
>
> ------------------------------------------------------------------------------
> This SF.net email is sponsored by Windows:
>
> Build for Windows Store.
>
> http://p.sf.net/sfu/windows-dev2dev
>
>
>
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
|
