Menu
▾
▴
Re: [Ejbca-develop] Error when creating an ECC key
|
From: Tomas G. <to...@pr...> - 2019-08-28 06:08:03
|
Hi, This error: "java.lang.RuntimeException: Cannot load SunEC provider" indicates an issue error with the JDK installation. We've had report of it before, We've seen it depend on non-updated NSS libraries on RHEL/CentOS. See here for example: https://jira.primekey.se/browse/ECA-5701 The solution is to upgrade all libraries in your system. Which CentOS are you running, the latest should be fine. Regards, Tomas On 2019-08-28 01:10, John Kemp wrote: > Hi, > > I am trying to create a P-256 EC key on my HSM using the > PKCS11HSMKeyTool, and this fails, although RSA keys are just fine. Any > hint on configuration here? > > EJBCA 6.15.2.1, OpenJDK 1.8.0.212, Safenet Luna 6 HSM running on Centos 7. > > - johnk > > [johnk@foo clientToolBox]$ dzdo ./ejbcaClientToolBox.sh PKCS11HSMKeyTool > generate /usr/safenet/lunaclient/lib/libshim.so secp256r1 ecTEST 1 > > Using Slot Reference Type: Slot Number. > PKCS11 Token [SunPKCS11-libshim.so-slot1] Password: > Command could not be executed. See log for stack trace. > 2019-08-27 20:34:58,988 ERROR [org.ejbca.ui.cli.HSMKeyTool] Command > 'PKCS11HSMKeyTool generate /usr/safenet/lunaclient/lib/libshim.so > secp256r1 ecdsaTEST 1' could not be executed. > > java.lang.RuntimeException: Cannot load SunEC provider > at > sun.security.pkcs11.P11ECKeyFactory.getSunECProvider(P11ECKeyFactory.java:55) > > at > sun.security.pkcs11.P11ECKeyFactory.getECParameterSpec(P11ECKeyFactory.java:71) > > at > sun.security.pkcs11.P11KeyPairGenerator.initialize(P11KeyPairGenerator.java:154) > > at > sun.security.pkcs11.P11KeyPairGenerator.<init>(P11KeyPairGenerator.java:140) > > at > sun.security.pkcs11.SunPKCS11$P11Service.newInstance0(SunPKCS11.java:1004) > at > sun.security.pkcs11.SunPKCS11$P11Service.newInstance(SunPKCS11.java:981) > at sun.security.jca.GetInstance.getInstance(GetInstance.java:236) > at sun.security.jca.GetInstance.getInstance(GetInstance.java:206) > at > java.security.KeyPairGenerator.getInstance(KeyPairGenerator.java:279) > at > org.cesecore.keys.util.KeyStoreTools.generateKeyPair(KeyStoreTools.java:409) > > at > org.cesecore.keys.util.KeyStoreTools.generateEC(KeyStoreTools.java:250) > at > org.cesecore.keys.util.KeyStoreTools.generateKeyPair(KeyStoreTools.java:350) > > at org.ejbca.ui.cli.HSMKeyTool.doIt(HSMKeyTool.java:243) > at org.ejbca.ui.cli.HSMKeyTool.execute(HSMKeyTool.java:723) > at > org.ejbca.ui.cli.ClientToolBox.executeIfSelected(ClientToolBox.java:40) > at org.ejbca.ui.cli.ClientToolBox.main(ClientToolBox.java:67) > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop |
