Menu
▾
▴
Re: [Ejbca-develop] reconnect to PKCS#11 USB token
|
From: Andreas K. <ku...@tr...> - 2014-10-30 18:02:04
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Branko, hi Michael, I remember that we once wrote code using a separate thread to look for Card-Insertions to reestablish the PKCS#11 connection. Not a big deal, just a bit of polling and an indirection to access the (currently inserted) card. Our stuff is OS, I can provide a pointer to it ... Greetings, Andreas > On Thu, 30 Oct 2014 12:13:08 +0100 > "Michael Ströder" <mi...@st...> wrote: > >> HI! >> >> I'm currently testing EJBCA (latest SVN) with Smartcard-HSM as described on >> [1]. >> >> Versions: >> - EJBCA (latest SVN) >> - OpenSC with PKCS#11 module built from git repo >> - openSUSE 13.1 and pcsc-lite from their chipcard-repo >> >> Sometimes the Smartcard-HSM is no longer reachable due to some issues with the >> way openSUSE starts pcscd via udev during hotplug. Yes, I have to sort that out >> somewhere else. >> >> But I wonder why EJBCA does not reconnect to the Smartcard-HSM once it was >> unavailable. I have to restart JBOSS to access the token via PKCS#11 module >> again. >> >> Ciao, Michael. >> >> [1] >> http://www.smartcard-hsm.com/2014/09/05/Accessing_your_SmartCard-HSM_from_EJBCA.html >> > > It's a more low-level issue with how the PKCS#11 security provider is > implemented in Java. > > Basically, you have no way to tell the PKCS#11 Java security provider > to reestablish a new session. There's also a bunch of cashing happening > there, so if you create keys etc outside of EJBCA's running JVM, you > won't see them in EJBCA. > > Fixing this would require quite a bit more effort, unfortunately > (implementing a custom Java security provider, and maintaining it). > > Best regards > > > > ------------------------------------------------------------------------------ > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop - -- Andreas Kühne phone: +49 177 293 24 97 mailto: ku...@tr... Trustable Ltd. Niederlassung Deutschland Ströverstr. 18 - 59427 Unna Amtsgericht Hamm HRB 5868 Directors Andreas Kühne, Heiko Veit Company UK Company No: 5218868 Registered in England and Wales -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (MingW32) iQEcBAEBAgAGBQJUUn0OAAoJEJFyHkFEeCGVnE8IAI+weiXAq0mXQghD+sfrH108 JOdOod/kGwv5TD8IutAjOX2NKKUPFOZtj6Y8A9BYosUCRvSHWZ+2YivTQMOyVR2c gVy/bq/upfa/OZcTGAaOWZOeyhlXK7c4yRtq241un8MhfhW2WeeZ6RBhCMZmxqBo eu/x5iXdkMUn7tSuGstmpPzhWAU7qUOQjWqLJwE2rNz94PdSoHRKUbkQ7ca5Fr5m /qrVRo9prvL/IOdCjyWvzo8E4fC5Eavo6sDVkH/B1Jban8TwOIZi7IMiUtB4K4bM 9hucPTj7rIyAlalxNM9oWh3CpkjBp68az/oHy31TCl87O5FcvNsmc2eib3Cx5FA= =XFAv -----END PGP SIGNATURE----- |
