Re: [opencryptoki-users] Opencryptoki and Java JCA

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Ok, I will take a look at this as soon as I can.

Thanks!

regards,
Joy

Gideon Knocke <gid...@go...> wrote on 06/29/2012 07:37:08
AM:

> Gideon Knocke <gid...@go...>
> 06/29/2012 07:37 AM
>
> To
>
> ope...@li...,
>
> cc
>
> Subject
>
> Re: [opencryptoki-users] Opencryptoki and Java JCA
>
> Here is what I did to generate the key:
>
> /usr/lib/jvm/jdk1.7.0/bin/keytool -genseckey -keystore NONE -storetype
> PKCS11 -keyalg AES -keysize 256 -alias test
>
> I had expected that an error like this would occur while storing the
> key, not when I try to read the key.
>
> I tried to perform the same task in Java:
>
>                //Initialize and login
>                char[] pin = {'1','2','3','4','5','6'};
>                KeyStore ks = KeyStore.getInstance("PKCS11");
>                ks.load(null, pin);
>                //Generate the key
>                KeyGenerator keygen = KeyGenerator.getInstance("AES");
>                keygen.init(256);
>                SecretKey secretKey = keygen.generateKey();
>                //Write the secret key to the token
>                KeyStore.SecretKeyEntry keyEntry = new
>                KeyStore.SecretKeyEntry(secretKey);
>                ks.setEntry(args[0], keyEntry, new
>                KeyStore.PasswordProtection(pin));
>
> But the problem is still the same.
>
> In this case the key is generated with the RNG of the TPM and then
> stored in the token.
>
> Gideon
>
> 2012/6/26 Joy Latten <la...@us...>:
> > Let me make sure I understand.
> > Are you trying to store an externally generated AES key ?
> > If so, how are you creating the pkcs#11 secret key object?
> >
> > regards,
> > Joy
> >
> > Gideon Knocke <gid...@go...> wrote on 06/25/2012
08:30:40 AM:
> >
> >> Gideon Knocke <gid...@go...>
> >> 06/25/2012 08:30 AM
> >>
> >> To
> >>
> >> ope...@li...,
> >>
> >> cc
> >>
> >> Subject
> >>
> >> [opencryptoki-users] Opencryptoki and Java JCA
> >>
> >> Hi,
> >>
> >> I'm trying to use the Sun PKCS#11 provider to manage my TPM token. I
> >> can use stored symmetric keys within a Java program but I'm not able
> >> to store an AES key in the token. In fact I can store the key but I am
> >> not able to read the stored key. The same problem occurs when I use
> >> keytool to generate and store a secret key. This is the error which
> >> occurs when I try to read the secret key:
> >>
> >> Exception in thread "main" java.security.ProviderException:
> >> sun.security.pkcs11.wrapper.PKCS11Exception:
> >> CKR_ATTRIBUTE_TYPE_INVALID
> >>  at sun.security.pkcs11.P11KeyStore.engineGetKey(P11KeyStore.java:335)
> >>  at java.security.KeyStore.getKey(KeyStore.java:792)
> >>  at Java4.main(Java4.java:16)
> >> Caused by: sun.security.pkcs11.wrapper.PKCS11Exception:
> >> CKR_ATTRIBUTE_TYPE_INVALID
> >>  at sun.security.pkcs11.wrapper.PKCS11.C_GetAttributeValue(Native
Method)
> >>  at sun.security.pkcs11.P11KeyStore.loadSkey(P11KeyStore.java:1306)
> >>  at sun.security.pkcs11.P11KeyStore.engineGetKey(P11KeyStore.java:328)
> >>  ... 2 more
> >>
> >> I haven't specified any additional Attibutes. The problem does not
> >> occur if the key is generated with "tpmtoken_protect".
> >> The used software is Java 1.7 and Opencryptoki 2.4.2
> >>
> >> Thanks!
> >>
> >>
> >>
>
------------------------------------------------------------------------------

> >> Live Security Virtual Conference
> >> Exclusive live event will cover all the ways today's security and
> >> threat landscape has changed and how IT managers can respond.
Discussions
> >> will include endpoint security, mobile security and the latest in
malware
> >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> >> _______________________________________________
> >> opencryptoki-users mailing list
> >> ope...@li...
> >> https://lists.sourceforge.net/lists/listinfo/opencryptoki-users
> >>
>
>
------------------------------------------------------------------------------

> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions

> will include endpoint security, mobile security and the latest in malware

> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> opencryptoki-users mailing list
> ope...@li...
> https://lists.sourceforge.net/lists/listinfo/opencryptoki-users