Menu
▾
▴
Re: [Ejbca-develop] reconnect to PKCS#11 USB token
|
From: Andreas S. <and...@ca...> - 2015-02-16 21:19:28
|
>> But I wonder why EJBCA does not reconnect to the Smartcard-HSM once it was >> unavailable. I have to restart JBOSS to access the token via PKCS#11 module >> again. >> >> Ciao, Michael. >> >> [1] >> http://www.smartcard-hsm.com/2014/09/05/Accessing_your_SmartCard-HSM_from_EJBCA.html >> > > It's a more low-level issue with how the PKCS#11 security provider is > implemented in Java. > > Basically, you have no way to tell the PKCS#11 Java security provider > to reestablish a new session. There's also a bunch of cashing happening > there, so if you create keys etc outside of EJBCA's running JVM, you > won't see them in EJBCA. > > Fixing this would require quite a bit more effort, unfortunately > (implementing a custom Java security provider, and maintaining it). We have a JCE Provider for the SmartCard-HSM. Unfortunately I'm no expert on the EJBCA source code and can't tell how it could be integrated. But if someone wants to give it a try, let me know. Andreas -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 571 56149 --------- http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org http://www.smartcard-hsm.com -- --------- CardContact Software & System Consulting |.##> <##.| Andreas Schwier |# #| Schülerweg 38 |# #| 32429 Minden, Germany |'##> <##'| Phone +49 571 56149 --------- http://www.cardcontact.de http://www.tscons.de http://www.openscdp.org http://www.smartcard-hsm.com |
