[Ejbca-develop] Error when creating an ECC key

[John K. <sta...@gm...>]

Hi,

I am trying to create a P-256 EC key on my HSM using the 
PKCS11HSMKeyTool, and this fails, although RSA keys are just fine. Any 
hint on configuration here?

EJBCA 6.15.2.1, OpenJDK 1.8.0.212, Safenet Luna 6 HSM running on Centos 7.

- johnk

[johnk@foo clientToolBox]$ dzdo ./ejbcaClientToolBox.sh PKCS11HSMKeyTool 
generate /usr/safenet/lunaclient/lib/libshim.so secp256r1 ecTEST 1

Using Slot Reference Type: Slot Number.
PKCS11 Token [SunPKCS11-libshim.so-slot1] Password:
Command could not be executed. See log for stack trace.
2019-08-27 20:34:58,988 ERROR [org.ejbca.ui.cli.HSMKeyTool] Command 
'PKCS11HSMKeyTool generate /usr/safenet/lunaclient/lib/libshim.so 
secp256r1 ecdsaTEST 1' could not be executed.

java.lang.RuntimeException: Cannot load SunEC provider
	at 
sun.security.pkcs11.P11ECKeyFactory.getSunECProvider(P11ECKeyFactory.java:55)
	at 
sun.security.pkcs11.P11ECKeyFactory.getECParameterSpec(P11ECKeyFactory.java:71)
	at 
sun.security.pkcs11.P11KeyPairGenerator.initialize(P11KeyPairGenerator.java:154)
	at 
sun.security.pkcs11.P11KeyPairGenerator.<init>(P11KeyPairGenerator.java:140)
	at 
sun.security.pkcs11.SunPKCS11$P11Service.newInstance0(SunPKCS11.java:1004)
	at sun.security.pkcs11.SunPKCS11$P11Service.newInstance(SunPKCS11.java:981)
	at sun.security.jca.GetInstance.getInstance(GetInstance.java:236)
	at sun.security.jca.GetInstance.getInstance(GetInstance.java:206)
	at java.security.KeyPairGenerator.getInstance(KeyPairGenerator.java:279)
	at 
org.cesecore.keys.util.KeyStoreTools.generateKeyPair(KeyStoreTools.java:409)
	at org.cesecore.keys.util.KeyStoreTools.generateEC(KeyStoreTools.java:250)
	at 
org.cesecore.keys.util.KeyStoreTools.generateKeyPair(KeyStoreTools.java:350)
	at org.ejbca.ui.cli.HSMKeyTool.doIt(HSMKeyTool.java:243)
	at org.ejbca.ui.cli.HSMKeyTool.execute(HSMKeyTool.java:723)
	at org.ejbca.ui.cli.ClientToolBox.executeIfSelected(ClientToolBox.java:40)
	at org.ejbca.ui.cli.ClientToolBox.main(ClientToolBox.java:67)