Menu
▾
▴
Re: [Ejbca-develop] Can't create a pkcs#11 crypto token
|
From: Tomas G. <to...@pr...> - 2015-04-17 08:20:37
|
See: http://ejbca.org/docs/adminguide.html#HSM%20modules%20available%20in%20the%20Admin%20GUI Regards, Tomas ----- Save time and money with an Enterprise support subscription. Please see www.primekey.se for more information. http://www.primekey.se/Products/EJBCA+PKI/ http://www.primekey.se/Services/Support/ On 2015-04-17 09:24, Jean-Luc Chardon wrote: > Hi, > > I’m trying to install EJBCA 6.2 using an HSM as a crypto provider. > > I can’t see “PKCS11” option as type of provider in the crypto token > creation GUI. I can only see “SOFT” as token type. > > What should I do to be able to create a new PKCS#11 crypto token? > > EJBCA Shell script communicates properly with the HSM: > > $ cd /appli/ejbca/install/ejbca_ce_6_2_0 > > $ bin/pkcs11HSM.sh generate > /logiciels/API_PKCS11_v3.5.2/lib/libpkcs11c2p.so 2048 defaultRoot i0 > > 2015-04-15 17:40:55,811 INFO [org.cesecore.config.ConfigurationHolder] > Allow external re-configuration: false > > Using Slot Reference Type: Slot Index. > > 2015-04-15 17:40:56,144 INFO > [org.cesecore.keys.token.p11.Pkcs11SlotLabel] Using SUN PKCS11 provider: > sun.security.pkcs11.SunPKCS11 > > Created certificate with entry defaultRoot. > > $ > > EJBCA ant client also works fine: > > $ ./ejbcaClientToolBox.sh PKCS11HSMKeyTool test > /logiciels/API_PKCS11_v3.5.2/lib/libpkcs11c2p.so 1 > > 2015-04-15 17:52:58,283 INFO [org.cesecore.config.ConfigurationHolder] > Allow external re-configuration: false > > Test of keystore with ID 1. > > 2015-04-15 17:52:58,559 INFO > [org.cesecore.keys.token.p11.Pkcs11SlotLabel] Using SUN PKCS11 provider: > sun.security.pkcs11.SunPKCS11 > > Not testing keys with alias TransportKey. Not a private key. > > Testing of key: defaultRoot > > Private part: > > SunPKCS11-libpkcs11c2p.so-slot1 RSA private key, 2048 bits (id 16777217, > token object, sensitive, unextractable) > > RSA key: > > modulus: > aa3eb6a3bf651aac56e623b66f65b158d91b76f800de0186d1295408d8f47fd0ed2e73332945fe5e14cb9a7e93bcaa8f331e3c9529f24ef7b758dc40e7ad60dabbbc3a56e3317303a453a419c2d766ba3861dd75e6c969852378bfdc394f80fa13792ad1376fcbaf17dcb010831bba4b1253f67ad3c5d20e7e8d2cd25dc932fb35daa49972307990efea66e339f61ce8ed1ce421f63a85b8497c7a05c3d33dee6bc14e6681d581d212090ffc52fbd0857e0f3118afd65f23b91497e4aae29fbafb6f6527ee59e518f7d6d6e1e6aa34c3355a3e9020066a6af12dfcd936967980c35707ef282f824ff810a8198ee550e87c5d9b7da6204ae9c34a72b2223c4a07 > > public exponent: 10001 > > encryption provider: SunJCE version 1.7; decryption provider: > SunPKCS11-libpkcs11c2p.so-slot1 version 1.7; modulus length: 2048; byte > length 245. The decoded byte string is equal to the original! > > Signature test of key defaultRoot: signature length 256; first byte 64; > verifying true > > Signings per second: 131 > > Decryptions per second: 132 > > Hit RETURN to run again. Type x and hit RETURN to quit. > > Thanks. > > JL > > > > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live exercises > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
