Menu
▾
▴
Re: [Ejbca-develop] reconnect to PKCS#11 USB token
|
From: Branko M. <br...@ma...> - 2014-10-30 13:44:43
|
On Thu, 30 Oct 2014 12:13:08 +0100 "Michael Ströder" <mi...@st...> wrote: > HI! > > I'm currently testing EJBCA (latest SVN) with Smartcard-HSM as described on > [1]. > > Versions: > - EJBCA (latest SVN) > - OpenSC with PKCS#11 module built from git repo > - openSUSE 13.1 and pcsc-lite from their chipcard-repo > > Sometimes the Smartcard-HSM is no longer reachable due to some issues with the > way openSUSE starts pcscd via udev during hotplug. Yes, I have to sort that out > somewhere else. > > But I wonder why EJBCA does not reconnect to the Smartcard-HSM once it was > unavailable. I have to restart JBOSS to access the token via PKCS#11 module > again. > > Ciao, Michael. > > [1] > http://www.smartcard-hsm.com/2014/09/05/Accessing_your_SmartCard-HSM_from_EJBCA.html > It's a more low-level issue with how the PKCS#11 security provider is implemented in Java. Basically, you have no way to tell the PKCS#11 Java security provider to reestablish a new session. There's also a bunch of cashing happening there, so if you create keys etc outside of EJBCA's running JVM, you won't see them in EJBCA. Fixing this would require quite a bit more effort, unfortunately (implementing a custom Java security provider, and maintaining it). Best regards -- Branko Majic Jabber: br...@ma... Please use only Free formats when sending attachments to me. Бранко Мајић Џабер: br...@ma... Молим вас да додатке шаљете искључиво у слободним форматима. |
