Menu
▾
▴
Re: [SignServer-develop] using IAIK PKCS11 provider with SHA256WithRSAAndMGF1 alg. Faild to initialize PKCS11 provider.
|
From: Markus K. <ejb...@pr...> - 2013-06-13 15:20:25
|
Hi Goran, (Repeating some of the answers for those not following DSS-642) Usage of other PKCS11 providers than the SunPKCS11 one is not supported in SignServer that was why you would have to make that changes. We usually patch the SunPKCS11 provider to add support for the RSASSA-PSS signature algorithm. What stacktrace do you get from the SOD verification error, maybe that could tell something about the reason? Best regards, Markus PrimeKey Solutions offers a commercial EJBCA & SignServer support subscription and training. Please see www.primekey.se or contact in...@pr... for more information. http://www.primekey.se/Services/Support/ http://www.primekey.se/Services/Training/ On 2013-06-13 16:48, Goran Šurina wrote: > > SignServer 3.3.0 > > I tryed to use IAIK pkcs11 provider becouse SUNPKCS11 does not support > SHA256WithRSAAndMGF1. I am testing the SOD signature with > SHA256WithRSAAndMGF1. > > > > Conclusion: > > Signing and verification with standard SHA256WithRSA and > SHA256WithRSAAndMGF1 using IAIK does not work until I make some > changes in source kod (). > The change I make to get IAIK to work are: > In class PKCS11CAToken.java we have put setJCAProvider(provider); line > 92, before > if(provider.getClass().getName().equals("iaik.pkcs.pkcs11.provider.IAIKPkcs11") > ); line 87. > After that change in the source code, we have succesfully activate ca > token with IAIK. > > > > But after I get : > > SignServerException calling signer with id 1 : SOD verification failure. > When disabling Verifcation method in source code, we have tested the > SOD object with external application and get SOD verification error. > Error occured on 2 different HSM devices(Luna SA, nCipher). > > Lp, > > > > *Goran Šurina* > > Tel: + 385 1 3657 735 > > Mob: + 385 99 257 1259 > > E-mail: _go...@ak... <mailto:gor...@ak...>_ > > > > cid:image004.jpg@01CB97DF.80F59370 > Savska cesta 31, 10 000 Zagreb, Croatia > > Web: www.akd.hr <http://www.akd.hr/> > > > > ------------------------------------------------------------------------ > Ova poruka elektronicke poste i njezini privici namijenjeni su > iskljucivo primatelju i sadrze informacije povjerljive prirode. U > slucaju da ste je primili pogreskom, molimo Vas da ne otvarate > privitke, ne kopirate poruku i ne otkrivate njezin sadrzaj drugim > osobama. Izbrisite je iz svojega racunalnog sustava te obavijestite > posiljatelja da ste to ucinili. Sve informacije unutar ove poruke, > misljenja i zakljucci koji se ne odnose na posao posiljateljeva > poslodavca tretiraju se kao osobni stavovi, a ne stavovi poslodavca. > ------------------------------------------------------------------------ > This e-mail is intended solely for the addressee(s) and may contain > privileged and/or confidential information. If you have received this > e-mail in error or are not the intended recipient you may not open it, > read it (or its attachment(s)), copy it and disseminate or distribute > it to others. Please delete it immediately from your system and notify > the sender promptly by e-mail that you have done so. All information > within this e-mail, opinions and conclusions that do not refer to the > business matter of the sender’s employer shall be treated as sender’s > personal views, and not as the employer’s policy. > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by Windows: > > Build for Windows Store. > > http://p.sf.net/sfu/windows-dev2dev > > > _______________________________________________ > SignServer-develop mailing list > Sig...@li... > https://lists.sourceforge.net/lists/listinfo/signserver-develop -- PrimeKey Solutions offers a commercial EJBCA support subscription and training for EJBCA. Please see www.primekey.se or contact in...@pr... for more information. http://www.primekey.se/Services/Support/ http://www.primekey.se/Services/Training/ |
