Re: [Ejbca-develop] Slot management with ejbca and nCipher

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Daniel,
I must say that I have no knowledge about nCipher, and my idea might
be very stupid, but have you maybe tried to do the operation on
slotIndex 0 ?

hope that helps,
Manuel

On Wed, Jul 10, 2013 at 11:57 AM, Daniel JAMET <Dan...@e-...> wrote:
> I don't understand why i can't create key with clientToolBox for the
> following reason: slotListIndex is 1 but token only has 1 slots
>
> ckinfo display:
>
> PKCS#11 library CK_INFO
>        interface version 2.01
>                    flags 0
>           manufacturerID "nCipher Corp. Ltd               "
>       libraryDescription "nCipher PKCS#11 1.71.21         "
>   implementation version 1.71
>
> slots[0] CK_SLOT_INFO
>          slotDescription "Racine
> "
>           manufacturerID "nCipher Corp. Ltd               "
>                    flags 6
>                    flags & CKF_REMOVABLE_DEVICE
>                    flags & CKF_HW_SLOT
>         hardware version 0.00
>         firmware version 0.00
>
>
> slots[0] Token not present
> slots[1] CK_SLOT_INFO
>          slotDescription "SRV
> "
>           manufacturerID "nCipher Corp. Ltd               "
>                    flags 6
>                    flags & CKF_REMOVABLE_DEVICE
>                    flags & CKF_HW_SLOT
>         hardware version 0.00
>         firmware version 0.00
>
>
> slots[1] Token not present
>
>
> I have created the file /opt/nfast/cknfastrc :
>
> CKNFAST_LOADSHARING=1
> CKNFAST_NO_ACCELERATOR_SLOTS=1
> CKNFAST_NO_UNWRAP=1
> CKNFAST_OVERRIDE_SECURITY_ASSURANCES=import
> # CKNFAST_DEBUG=10
> # CKNFAST_DEBUGFILE=/tmp/nfast.debug
>
> the trace log is:
>
> 2013-07-10 09:36:01,053 DEBUG [org.ejbca.util.keystore.KeyTools] name =
> libcknfast.so-slot1
> library = /opt/nfast/toolkits/pkcs11/libcknfast.so
> slotListIndex = 1
> attributes(*, *, *) = {
>   CKA_TOKEN = true
> }
> attributes(*, CKO_PUBLIC_KEY, *) = {
>   CKA_ENCRYPT = true
>   CKA_VERIFY = true
>   CKA_WRAP = true
> }
> attributes(*, CKO_PRIVATE_KEY, *) = {
>   CKA_PRIVATE = true
>   CKA_SENSITIVE = true
>   CKA_EXTRACTABLE = false
>   CKA_DECRYPT = true
>   CKA_SIGN = true
>   CKA_UNWRAP = true
> }
>
> 2013-07-10 09:36:01,054 DEBUG [org.ejbca.util.keystore.KeyTools]
> {SLOT_ID=[1], PKCS11_NATIVE_MODULE=/opt/nfast/toolkits/pkcs11/libcknfast.so}
> 2013-07-10 09:36:01,058 INFO  [org.ejbca.util.keystore.KeyTools] Using SUN
> PKCS11 provider: sun.security.pkcs11.SunPKCS11
> 2013-07-10 09:36:01,156 ERROR [org.ejbca.util.keystore.KeyTools] Error
> constructing pkcs11 provider: null
> 2013-07-10 09:36:01,158 ERROR [org.ejbca.ui.cli.HSMKeyTool] Command
> 'PKCS11HSMKeyTool generate /opt/nfast/toolkits/pkcs11/libcknfast.so null
> pkcs11 4096 defaultSRV i1' could not be executed.
> java.io.IOException: Error constructing pkcs11 provider: null
>         at
> org.ejbca.util.keystore.KeyTools.getP11Provider(KeyTools.java:908)
>         at
> org.ejbca.util.keystore.KeyTools.getP11Provider(KeyTools.java:864)
>         at
> org.ejbca.util.keystore.KeyStoreContainerP11.getInstance(KeyStoreContainerP11.java:51)
>         at
> org.ejbca.util.keystore.KeyStoreContainerFactory.getInstance(KeyStoreContainerFactory.java:55)
>         at org.ejbca.ui.cli.HSMKeyTool.doIt(HSMKeyTool.java:137)
>         at org.ejbca.ui.cli.HSMKeyTool.execute(HSMKeyTool.java:290)
>         at
> org.ejbca.ui.cli.PKCS11HSMKeyTool.execute(PKCS11HSMKeyTool.java:47)
>         at
> org.ejbca.ui.cli.ClientToolBox.executeIfSelected(ClientToolBox.java:40)
>         at org.ejbca.ui.cli.ClientToolBox.main(ClientToolBox.java:70)
> Caused by: java.lang.reflect.InvocationTargetException
>         at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> Method)
>         at
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
>         at
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
>         at java.lang.reflect.Constructor.newInstance(Constructor.java:532)
>         at
> org.ejbca.util.keystore.KeyTools.getP11Provider(KeyTools.java:905)
>         ... 8 more
> Caused by: java.security.ProviderException: Initialization failed
>         at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:358)
>         at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:107)
>         ... 13 more
> Caused by: java.security.ProviderException: slotListIndex is 1 but token
> only has 1 slots
>         at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:340)
>         ... 14 more
>
>
> ckinfo give the index 1 for SRV.   How do yo explain this ?
>
> Kind regards
>
> Daniel JAMET
> Direction DPM
> Tél : +33 1 55 23 31 70
> dan...@e-...
> ____________________________
> Société d'Exploitation de Réseaux et de Services Sécurisés
> Immeuble "Le Linéa"
> 1, rue du Général Leclerc
> 92800 PUTEAUX
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>