Re: [opencryptoki-users] Opencryptoki and Java JCA
Brought to you by:
ebarretto
Menu
▾
▴
Re: [opencryptoki-users] Opencryptoki and Java JCA
|
From: Gideon K. <gid...@go...> - 2012-08-09 19:20:04
|
Hi,
I was wondering if somone has already investigated the problem?
Gideon
2012/6/29 Joy Latten <la...@us...>:
> Ok, I will take a look at this as soon as I can.
>
> Thanks!
>
> regards,
> Joy
>
> Gideon Knocke <gid...@go...> wrote on 06/29/2012 07:37:08 AM:
>
>> Gideon Knocke <gid...@go...>
>> 06/29/2012 07:37 AM
>>
>> To
>>
>> ope...@li...,
>>
>> cc
>>
>> Subject
>>
>> Re: [opencryptoki-users] Opencryptoki and Java JCA
>>
>> Here is what I did to generate the key:
>>
>> /usr/lib/jvm/jdk1.7.0/bin/keytool -genseckey -keystore NONE -storetype
>> PKCS11 -keyalg AES -keysize 256 -alias test
>>
>> I had expected that an error like this would occur while storing the
>> key, not when I try to read the key.
>>
>> I tried to perform the same task in Java:
>>
>> //Initialize and login
>> char[] pin = {'1','2','3','4','5','6'};
>> KeyStore ks = KeyStore.getInstance("PKCS11");
>> ks.load(null, pin);
>> //Generate the key
>> KeyGenerator keygen = KeyGenerator.getInstance("AES");
>> keygen.init(256);
>> SecretKey secretKey = keygen.generateKey();
>> //Write the secret key to the token
>> KeyStore.SecretKeyEntry keyEntry = new
>> KeyStore.SecretKeyEntry(secretKey);
>> ks.setEntry(args[0], keyEntry, new
>> KeyStore.PasswordProtection(pin));
>>
>> But the problem is still the same.
>>
>> In this case the key is generated with the RNG of the TPM and then
>> stored in the token.
>>
>> Gideon
>>
>> 2012/6/26 Joy Latten <la...@us...>:
>> > Let me make sure I understand.
>> > Are you trying to store an externally generated AES key ?
>> > If so, how are you creating the pkcs#11 secret key object?
>> >
>> > regards,
>> > Joy
>> >
>> > Gideon Knocke <gid...@go...> wrote on 06/25/2012 08:30:40
>> > AM:
>> >
>> >> Gideon Knocke <gid...@go...>
>> >> 06/25/2012 08:30 AM
>> >>
>> >> To
>> >>
>> >> ope...@li...,
>> >>
>> >> cc
>> >>
>> >> Subject
>> >>
>> >> [opencryptoki-users] Opencryptoki and Java JCA
>> >>
>> >> Hi,
>> >>
>> >> I'm trying to use the Sun PKCS#11 provider to manage my TPM token. I
>> >> can use stored symmetric keys within a Java program but I'm not able
>> >> to store an AES key in the token. In fact I can store the key but I am
>> >> not able to read the stored key. The same problem occurs when I use
>> >> keytool to generate and store a secret key. This is the error which
>> >> occurs when I try to read the secret key:
>> >>
>> >> Exception in thread "main" java.security.ProviderException:
>> >> sun.security.pkcs11.wrapper.PKCS11Exception:
>> >> CKR_ATTRIBUTE_TYPE_INVALID
>> >> at sun.security.pkcs11.P11KeyStore.engineGetKey(P11KeyStore.java:335)
>> >> at java.security.KeyStore.getKey(KeyStore.java:792)
>> >> at Java4.main(Java4.java:16)
>> >> Caused by: sun.security.pkcs11.wrapper.PKCS11Exception:
>> >> CKR_ATTRIBUTE_TYPE_INVALID
>> >> at sun.security.pkcs11.wrapper.PKCS11.C_GetAttributeValue(Native
>> >> Method)
>> >> at sun.security.pkcs11.P11KeyStore.loadSkey(P11KeyStore.java:1306)
>> >> at sun.security.pkcs11.P11KeyStore.engineGetKey(P11KeyStore.java:328)
>> >> ... 2 more
>> >>
>> >> I haven't specified any additional Attibutes. The problem does not
>> >> occur if the key is generated with "tpmtoken_protect".
>> >> The used software is Java 1.7 and Opencryptoki 2.4.2
>> >>
>> >> Thanks!
>> >>
>> >>
>> >>
>>
>> ------------------------------------------------------------------------------
>> >> Live Security Virtual Conference
>> >> Exclusive live event will cover all the ways today's security and
>> >> threat landscape has changed and how IT managers can respond.
>> >> Discussions
>> >> will include endpoint security, mobile security and the latest in
>> >> malware
>> >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> >> _______________________________________________
>> >> opencryptoki-users mailing list
>> >> ope...@li...
>> >> https://lists.sourceforge.net/lists/listinfo/opencryptoki-users
>> >>
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> opencryptoki-users mailing list
>> ope...@li...
>> https://lists.sourceforge.net/lists/listinfo/opencryptoki-users
|
