Menu
▾
▴
Re: [Ejbca-develop] Slot management with ejbca and nCipher
|
From: Juan C. <ju...@re...> - 2013-07-10 14:09:16
|
Yesterday I set up a new CA with nCipher Edge following the Admin Guide's
instructions with no problem. I faced the same problem than you (first one)
and I solved using a 32bit JVM (my nCipher lib is 32bits). Then I could
generate the keys using ClientToolbox and then I set up the CA using those
keys.
I did't use the HSM config file. I only configured the properties un the CA
config page.
I hope that helps.
2013/7/10 Branko Majic <br...@ma...>
> What command did you use exactly for creating the key?
>
> On Wed, 10 Jul 2013 11:57:35 +0200
> Daniel JAMET <Dan...@e-...> wrote:
>
> > I don't understand why i can't create key with clientToolBox for the
> > following reason: slotListIndex is 1 but token only has 1 slots
> >
> > ckinfo display:
> >
> > PKCS#11 library CK_INFO
> > interface version 2.01
> > flags 0
> > manufacturerID "nCipher Corp. Ltd "
> > libraryDescription "nCipher PKCS#11 1.71.21 "
> > implementation version 1.71
> >
> > slots[0] CK_SLOT_INFO
> > slotDescription "Racine "
> > manufacturerID "nCipher Corp. Ltd "
> > flags 6
> > flags & CKF_REMOVABLE_DEVICE
> > flags & CKF_HW_SLOT
> > hardware version 0.00
> > firmware version 0.00
> >
> >
> > slots[0] Token not present
> > slots[1] CK_SLOT_INFO
> > slotDescription "SRV "
> > manufacturerID "nCipher Corp. Ltd "
> > flags 6
> > flags & CKF_REMOVABLE_DEVICE
> > flags & CKF_HW_SLOT
> > hardware version 0.00
> > firmware version 0.00
> >
> >
> > slots[1] Token not present
> >
> >
> > I have created the file /opt/nfast/cknfastrc :
> >
> > CKNFAST_LOADSHARING=1
> > CKNFAST_NO_ACCELERATOR_SLOTS=1
> > CKNFAST_NO_UNWRAP=1
> > CKNFAST_OVERRIDE_SECURITY_ASSURANCES=import
> > # CKNFAST_DEBUG=10
> > # CKNFAST_DEBUGFILE=/tmp/nfast.debug
> >
> > the trace log is:
> >
> > 2013-07-10 09:36:01,053 DEBUG [org.ejbca.util.keystore.KeyTools] name =
> > libcknfast.so-slot1
> > library = /opt/nfast/toolkits/pkcs11/libcknfast.so
> > slotListIndex = 1
> > attributes(*, *, *) = {
> > CKA_TOKEN = true
> > }
> > attributes(*, CKO_PUBLIC_KEY, *) = {
> > CKA_ENCRYPT = true
> > CKA_VERIFY = true
> > CKA_WRAP = true
> > }
> > attributes(*, CKO_PRIVATE_KEY, *) = {
> > CKA_PRIVATE = true
> > CKA_SENSITIVE = true
> > CKA_EXTRACTABLE = false
> > CKA_DECRYPT = true
> > CKA_SIGN = true
> > CKA_UNWRAP = true
> > }
> >
> > 2013-07-10 09:36:01,054 DEBUG [org.ejbca.util.keystore.KeyTools]
> > {SLOT_ID=[1],
> > PKCS11_NATIVE_MODULE=/opt/nfast/toolkits/pkcs11/libcknfast.so}
> > 2013-07-10 09:36:01,058 INFO [org.ejbca.util.keystore.KeyTools] Using
> SUN
> > PKCS11 provider: sun.security.pkcs11.SunPKCS11
> > 2013-07-10 09:36:01,156 ERROR [org.ejbca.util.keystore.KeyTools] Error
> > constructing pkcs11 provider: null
> > 2013-07-10 09:36:01,158 ERROR [org.ejbca.ui.cli.HSMKeyTool] Command
> > 'PKCS11HSMKeyTool generate /opt/nfast/toolkits/pkcs11/libcknfast.so null
> > pkcs11 4096 defaultSRV i1' could not be executed.
> > java.io.IOException: Error constructing pkcs11 provider: null
> > at
> > org.ejbca.util.keystore.KeyTools.getP11Provider(KeyTools.java:908)
> > at
> > org.ejbca.util.keystore.KeyTools.getP11Provider(KeyTools.java:864)
> > at
> >
> org.ejbca.util.keystore.KeyStoreContainerP11.getInstance(KeyStoreContainerP11.java:51)
> > at
> >
> org.ejbca.util.keystore.KeyStoreContainerFactory.getInstance(KeyStoreContainerFactory.java:55)
> > at org.ejbca.ui.cli.HSMKeyTool.doIt(HSMKeyTool.java:137)
> > at org.ejbca.ui.cli.HSMKeyTool.execute(HSMKeyTool.java:290)
> > at
> > org.ejbca.ui.cli.PKCS11HSMKeyTool.execute(PKCS11HSMKeyTool.java:47)
> > at
> > org.ejbca.ui.cli.ClientToolBox.executeIfSelected(ClientToolBox.java:40)
> > at org.ejbca.ui.cli.ClientToolBox.main(ClientToolBox.java:70)
> > Caused by: java.lang.reflect.InvocationTargetException
> > at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native
> > Method)
> > at
> >
> sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
> > at
> >
> sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
> > at
> java.lang.reflect.Constructor.newInstance(Constructor.java:532)
> > at
> > org.ejbca.util.keystore.KeyTools.getP11Provider(KeyTools.java:905)
> > ... 8 more
> > Caused by: java.security.ProviderException: Initialization failed
> > at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:358)
> > at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:107)
> > ... 13 more
> > Caused by: java.security.ProviderException: slotListIndex is 1 but token
> > only has 1 slots
> > at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:340)
> > ... 14 more
> >
> >
> > ckinfo give the index 1 for SRV. How do yo explain this ?
> >
> > Kind regards
> >
> > Daniel JAMET
> > Direction DPM
> > Tél : +33 1 55 23 31 70
> > dan...@e-...
> > ____________________________
> > Société d'Exploitation de Réseaux et de Services Sécurisés
> > Immeuble "Le Linéa"
> > 1, rue du Général Leclerc
> > 92800 PUTEAUX
>
>
>
> --
> Branko Majic
> Jabber: br...@ma...
> Please use only Free formats when sending attachments to me.
>
> Бранко Мајић
> Џабер: br...@ma...
> Молим вас да додатке шаљете искључиво у слободним форматима.
>
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> Ejbca-develop mailing list
> Ejb...@li...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
>
--
Juan Caracoche | Business Developer
jua...@re...
Mobile: +54.911.4198.8941
www.redb.ee
|
