[Ejbca-develop] Slot management with nCipher

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

I sent this mail a month ago but my problem isn't resolve.

I don't understand why i can't create key with clientToolBox for the 
following reason: slotListIndex is 1 but token only has 1 slots 

ckinfo display: 

PKCS#11 library CK_INFO 
       interface version 2.01 
                   flags 0 
          manufacturerID "nCipher Corp. Ltd               " 
      libraryDescription "nCipher PKCS#11 1.71.21         " 
  implementation version 1.71 

slots[0] CK_SLOT_INFO 
         slotDescription "Racine                " 
          manufacturerID "nCipher Corp. Ltd               " 
                   flags 6 
                   flags & CKF_REMOVABLE_DEVICE 
                   flags & CKF_HW_SLOT 
        hardware version 0.00 
        firmware version 0.00 

slots[0] Token not present 
slots[1] CK_SLOT_INFO 
         slotDescription "SRV                " 
          manufacturerID "nCipher Corp. Ltd               " 
                   flags 6 
                   flags & CKF_REMOVABLE_DEVICE 
                   flags & CKF_HW_SLOT 
        hardware version 0.00 
        firmware version 0.00 

slots[1] Token not present 

I have created the file /opt/nfast/cknfastrc : 

CKNFAST_LOADSHARING=1 
CKNFAST_NO_ACCELERATOR_SLOTS=1 
CKNFAST_NO_UNWRAP=1 
CKNFAST_OVERRIDE_SECURITY_ASSURANCES=import 
# CKNFAST_DEBUG=10 
# CKNFAST_DEBUGFILE=/tmp/nfast.debug 

the trace log is: 

2013-07-10 09:36:01,053 DEBUG [org.ejbca.util.keystore.KeyTools] name = 
libcknfast.so-slot1 
library = /opt/nfast/toolkits/pkcs11/libcknfast.so 
slotListIndex = 1 
attributes(*, *, *) = { 
  CKA_TOKEN = true 
} 
attributes(*, CKO_PUBLIC_KEY, *) = { 
  CKA_ENCRYPT = true 
  CKA_VERIFY = true 
  CKA_WRAP = true 
} 
attributes(*, CKO_PRIVATE_KEY, *) = { 
  CKA_PRIVATE = true 
  CKA_SENSITIVE = true 
  CKA_EXTRACTABLE = false 
  CKA_DECRYPT = true 
  CKA_SIGN = true 
  CKA_UNWRAP = true 
} 

2013-07-10 09:36:01,054 DEBUG [org.ejbca.util.keystore.KeyTools] 
{SLOT_ID=[1], 
PKCS11_NATIVE_MODULE=/opt/nfast/toolkits/pkcs11/libcknfast.so} 
2013-07-10 09:36:01,058 INFO  [org.ejbca.util.keystore.KeyTools] Using SUN 
PKCS11 provider: sun.security.pkcs11.SunPKCS11 
2013-07-10 09:36:01,156 ERROR [org.ejbca.util.keystore.KeyTools] Error 
constructing pkcs11 provider: null 
2013-07-10 09:36:01,158 ERROR [org.ejbca.ui.cli.HSMKeyTool] Command 
'PKCS11HSMKeyTool generate /opt/nfast/toolkits/pkcs11/libcknfast.so null 
pkcs11 4096 defaultSRV i1' could not be executed. 
java.io.IOException: Error constructing pkcs11 provider: null 
        at 
org.ejbca.util.keystore.KeyTools.getP11Provider(KeyTools.java:908) 
        at 
org.ejbca.util.keystore.KeyTools.getP11Provider(KeyTools.java:864) 
        at 
org.ejbca.util.keystore.KeyStoreContainerP11.getInstance(KeyStoreContainerP11.java:51) 

        at 
org.ejbca.util.keystore.KeyStoreContainerFactory.getInstance(KeyStoreContainerFactory.java:55) 

        at org.ejbca.ui.cli.HSMKeyTool.doIt(HSMKeyTool.java:137) 
        at org.ejbca.ui.cli.HSMKeyTool.execute(HSMKeyTool.java:290) 
        at 
org.ejbca.ui.cli.PKCS11HSMKeyTool.execute(PKCS11HSMKeyTool.java:47) 
        at 
org.ejbca.ui.cli.ClientToolBox.executeIfSelected(ClientToolBox.java:40) 
        at org.ejbca.ui.cli.ClientToolBox.main(ClientToolBox.java:70) 
Caused by: java.lang.reflect.InvocationTargetException 
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native 
Method) 
        at 
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57) 

        at 
sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) 

        at java.lang.reflect.Constructor.newInstance(Constructor.java:532) 

        at 
org.ejbca.util.keystore.KeyTools.getP11Provider(KeyTools.java:905) 
        ... 8 more 
Caused by: java.security.ProviderException: Initialization failed 
        at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:358) 
        at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:107) 
        ... 13 more 
Caused by: java.security.ProviderException: slotListIndex is 1 but token 
only has 1 slots 
        at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:340) 
        ... 14 more 

ckinfo give the index 1 for SRV.   How do yo explain this ? 

EJBCA 4.0.13
JBOSS 6.10

Kind regards 
Daniel JAMET
Direction DPM
Tél : +33 1 55 23 31 70 
dan...@e-...
____________________________
Société d'Exploitation de Réseaux et de Services Sécurisés
Immeuble "Le Linéa" 
1, rue du Général Leclerc
92800 PUTEAUX