Menu
▾
▴
opensc-devel
|
From: Ernie K. <ern...@gm...> - 2015-10-27 14:28:09
Attachments:
opensc-debug.log
|
Hello - I'm new to OpenSC and just trying it out. My goal is CAC authentication from a Java thick client on Windows 7 using NSS in FIPS mode. I imagine it'll take some work to put all those things together. :) My first step was to verify the Java PKCS#11 provider, without NSS. I've installed the nightly Windows build, opensc-0.15.0g20150914124137-win64.msi, and the opensc tools are able to access my card both through a built-in reader and a USB reader. I'm using some example code from https://github.com/emergya/opensc-testing: Provider p = new sun.security.pkcs11.SunPKCS11("opensc-cfg.txt"); Security.insertProviderAt(p, 0); KeyStore cac = KeyStore.getInstance("PKCS11", p); The call to KeyStore.getInstance throws this exception and cause: java.security.KeyStoreException: PKCS11 not found java.security.NoSuchAlgorithmException: no such algorithm: PKCS11 for provider SunPKCS11-OpenSC When I list the provider's services there are none. Here's my config file contents (based on example at opensc-testing): name = OpenSC library = C:/Windows/System32/opensc-pkcs11.dll slot = -1 attributes = compatibility attributes(*,*,*)= { CKA_TOKEN=true CKA_LOCAL=true } I've turned up the OpenSC debug level, and the call to the SunPKCS11 constructor invokes OpenSC and writes a lot of output to my log (attached). I've read everything I could find, and I think my setup and code is correct. Did I miss something? Any help will be appreciated - thanks in advance! Ernie |
|
From: Anders R. <and...@gm...> - 2015-10-27 14:35:14
|
On 2015-10-27 15:28, Ernie Kovak wrote: Ernie, Oracle/SUN never ported the PKCS #11 wrapper to Windows... They do have a CAPI wrapper though (but never tested). Anders > Hello - > > I'm new to OpenSC and just trying it out. My goal is CAC authentication from a Java thick client on Windows 7 using NSS in FIPS mode. I imagine it'll take some work to put all those things together. :) > > My first step was to verify the Java PKCS#11 provider, without NSS. I've installed the nightly Windows build, opensc-0.15.0g20150914124137-win64.msi, and the opensc tools are able to access my card both through a built-in reader and a USB reader. > > I'm using some example code from https://github.com/emergya/opensc-testing: > > Provider p = new sun.security.pkcs11.SunPKCS11("opensc-cfg.txt"); > Security.insertProviderAt(p, 0); > KeyStore cac = KeyStore.getInstance("PKCS11", p); > > The call to KeyStore.getInstance throws this exception and cause: > > java.security.KeyStoreException: PKCS11 not found > java.security.NoSuchAlgorithmException: no such algorithm: PKCS11 for provider SunPKCS11-OpenSC > > When I list the provider's services there are none. > > Here's my config file contents (based on example at opensc-testing): > > name = OpenSC > library = C:/Windows/System32/opensc-pkcs11.dll > slot = -1 > attributes = compatibility > attributes(*,*,*)= > { > CKA_TOKEN=true > CKA_LOCAL=true > } > > I've turned up the OpenSC debug level, and the call to the SunPKCS11 constructor invokes OpenSC and writes a lot of output to my log (attached). > > I've read everything I could find, and I think my setup and code is correct. Did I miss something? > > Any help will be appreciated - thanks in advance! > > Ernie > > > > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > |
|
From: Anders R. <and...@gm...> - 2015-10-27 14:41:32
|
On 2015-10-27 15:35, Anders Rundgren wrote: > On 2015-10-27 15:28, Ernie Kovak wrote: > Ernie, > > Oracle/SUN never ported the PKCS #11 wrapper to Windows... > They do have a CAPI wrapper though (but never tested). I was wrong. For JDK 8 they have finally shipped a 64-bit version, yay! Anders > > Anders > >> Hello - >> >> I'm new to OpenSC and just trying it out. My goal is CAC authentication from a Java thick client on Windows 7 using NSS in FIPS mode. I imagine it'll take some work to put all those things together. :) >> >> My first step was to verify the Java PKCS#11 provider, without NSS. I've installed the nightly Windows build, opensc-0.15.0g20150914124137-win64.msi, and the opensc tools are able to access my card both through a built-in reader and a USB reader. >> >> I'm using some example code from https://github.com/emergya/opensc-testing: >> >> Provider p = new sun.security.pkcs11.SunPKCS11("opensc-cfg.txt"); >> Security.insertProviderAt(p, 0); >> KeyStore cac = KeyStore.getInstance("PKCS11", p); >> >> The call to KeyStore.getInstance throws this exception and cause: >> >> java.security.KeyStoreException: PKCS11 not found >> java.security.NoSuchAlgorithmException: no such algorithm: PKCS11 for provider SunPKCS11-OpenSC >> >> When I list the provider's services there are none. >> >> Here's my config file contents (based on example at opensc-testing): >> >> name = OpenSC >> library = C:/Windows/System32/opensc-pkcs11.dll >> slot = -1 >> attributes = compatibility >> attributes(*,*,*)= >> { >> CKA_TOKEN=true >> CKA_LOCAL=true >> } >> >> I've turned up the OpenSC debug level, and the call to the SunPKCS11 constructor invokes OpenSC and writes a lot of output to my log (attached). >> >> I've read everything I could find, and I think my setup and code is correct. Did I miss something? >> >> Any help will be appreciated - thanks in advance! >> >> Ernie >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> >> >> _______________________________________________ >> Opensc-devel mailing list >> Ope...@li... >> https://lists.sourceforge.net/lists/listinfo/opensc-devel >> > |
|
From: Vincent Le T. <vin...@my...> - 2015-10-27 15:12:47
|
For the Windows side: To be sure the dll is correct (the nightly build has a problem with the inclusiong of OpenSSL), I'll suggest to run "depends.exe" with the dll. You'll be able to check that all dependancies are OK; Then use processmonitor.exe => you'll be able to be sure if the dll get loaded or not. For the java side; Have you called .load function I see in the opensc-testing code ? https://github.com/Emergya/opensc-testing/blob/a63c2db24108d28f669eda34e407072b74824d5c/opensc-testing-core/src/main/java/org/opensc/testing/SecurityUtils.java#L142 vincent 2015-10-27 15:41 GMT+01:00 Anders Rundgren <and...@gm...>: > On 2015-10-27 15:35, Anders Rundgren wrote: > > On 2015-10-27 15:28, Ernie Kovak wrote: > > Ernie, > > > > Oracle/SUN never ported the PKCS #11 wrapper to Windows... > > They do have a CAPI wrapper though (but never tested). > > I was wrong. For JDK 8 they have finally shipped a 64-bit version, yay! > > Anders > > > > > Anders > > > >> Hello - > >> > >> I'm new to OpenSC and just trying it out. My goal is CAC authentication > from a Java thick client on Windows 7 using NSS in FIPS mode. I imagine > it'll take some work to put all those things together. :) > >> > >> My first step was to verify the Java PKCS#11 provider, without NSS. > I've installed the nightly Windows build, > opensc-0.15.0g20150914124137-win64.msi, and the opensc tools are able to > access my card both through a built-in reader and a USB reader. > >> > >> I'm using some example code from > https://github.com/emergya/opensc-testing: > >> > >> Provider p = new sun.security.pkcs11.SunPKCS11("opensc-cfg.txt"); > >> Security.insertProviderAt(p, 0); > >> KeyStore cac = KeyStore.getInstance("PKCS11", p); > >> > >> The call to KeyStore.getInstance throws this exception and cause: > >> > >> java.security.KeyStoreException: PKCS11 not found > >> java.security.NoSuchAlgorithmException: no such algorithm: PKCS11 for > provider SunPKCS11-OpenSC > >> > >> When I list the provider's services there are none. > >> > >> Here's my config file contents (based on example at opensc-testing): > >> > >> name = OpenSC > >> library = C:/Windows/System32/opensc-pkcs11.dll > >> slot = -1 > >> attributes = compatibility > >> attributes(*,*,*)= > >> { > >> CKA_TOKEN=true > >> CKA_LOCAL=true > >> } > >> > >> I've turned up the OpenSC debug level, and the call to the SunPKCS11 > constructor invokes OpenSC and writes a lot of output to my log (attached). > >> > >> I've read everything I could find, and I think my setup and code is > correct. Did I miss something? > >> > >> Any help will be appreciated - thanks in advance! > >> > >> Ernie > >> > >> > >> > >> > >> > >> > >> > ------------------------------------------------------------------------------ > >> > >> > >> > >> _______________________________________________ > >> Opensc-devel mailing list > >> Ope...@li... > >> https://lists.sourceforge.net/lists/listinfo/opensc-devel > >> > > > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Opensc-devel mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/opensc-devel > -- -- Vincent Le Toux My Smart Logon www.mysmartlogon.com |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X