SunPKCS11 is a Java crypto provider for interfacing with PKCS#11 tokens. It is part of the standard Java code base.
The documentation for the provider (as of Java 10) can be found here: PKCS#11 Reference Guide.
Questions tagged [sunpkcs11]
26 questions
1
vote
0 answers
SunPKCS11 is removing duplicate key entries
I'm using SunPKCS11 security provider to store key entries (certificate + private key) into a nShield HSM using the setKeyEntry method but when I store the same certificate with different aliases the first one is removed from de HSM. I've tested…
Rafael Membrives
- 614
- 5
- 14
1
vote
2 answers
Is the Sunpkcs11 provider compatible with the AWS CloudHSM?
I am trying to work with an HSM (hardware security module) to store keys and to do cryptographic operations. I want to operate the HSM inside a java application. For this I need to use a compatible java JCE provider as a mapping layer between the…
Ooooof
- 23
- 1
- 5
1
vote
0 answers
How to fix "Reconnect SunPKCS11 After connection timeout with Token has been removed"
I've problem about reconnect to SUNPKCS11 after connect was timeout and I want to reconnect to SUNPKCS11 again.
I use this Code for connect to SUNPKCS11 in first time.
public void getConnection(String name, String slot, String lib, String type,…
1
vote
1 answer
Why lists pksc11-tool seven Objects but Java Keystore has Only one
When I do in the cmd line:
pkcs11-tool --login -O
I get seven Objects that are on my smartcard, 3 Public Key Objects, 3 Certificate Objects and one Private Key Object.
But when I try to do the same with a small Java Code, I only find one…
conryyy
- 127
- 1
- 9
1
vote
1 answer
do sunpkcs11 supports CK_sensitive attribute for derived key using ECDH
I am trying to generate a shared secret through ECDH using SUNpkcs11 with certain attributes:
CKA_TOKEN= false
CKA_SENSITIVE=true
CKA_EXTRACTABLE=true"
CKA_ENCRYPT=true"
While my base key has CKA_DERIVE, SENSITIVE etc set to true but while doing so…
Zach
- 35
- 6
0
votes
0 answers
Why signed data using two methods do not match?
I created a CSR file and a private key PEM file used the following command in openSSL
openssl req -new -utf8 -nameopt multiline,utf8 -config rahat.cnf -newkey rsa:2048 -nodes -keyout rahat.key -out rahat.Csr
Then I got the certificate from…
RAHAT
- 1
- 2
0
votes
1 answer
PKCS11Exception: CKR_MECHANISM_INVALID How to integrate Java and PKCS11 and GCP Cloud KMS?
I'm trying to use GCP Cloud KMS for establishing mTLS. For this purpose I'm preparing PoC of integration Java + JCE + PKCS11 + Cloud KMS integration lib + GCP Cloud KMS.
Stack:
OpenJDK 1.8
SunPKCS11…
Sergey Mikitko
- 103
- 2
- 8
0
votes
1 answer
Signature generation with OpenSC Smart Card
I have Escrypt Smart Card to sign data bytes and get signature and certificate for it.
I have java tool to do it and everything was fine until Java 8. Now application migrated to Java 11. And problem start from here.
SunPKCS11.jar/ library is not a…
ajayg2808
- 375
- 2
- 10
0
votes
1 answer
CKR_GENERAL_ERROR when configuring SunPKCS11 with softhsm
I'm getting CKR_GENERAL_ERROR when configuring SunPKCS11 with softhsm.
Platform:
Winodows 10 64bits
OpenJDK 11.0.2
https://github.com/disig/SoftHSM2-for-Windows/releases/download/v2.5.0/SoftHSM2-2.5.0.msi
Environment…
leaqui
- 533
- 6
- 22
0
votes
0 answers
How to get al alias from hsm by SUNPKCS provider?
I want to get my all key aliases from hsm, but i get this error message :
Exception in thread "main" java.io.IOException: load failed
at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:778)
at…
Mehmet Özcan
- 85
- 1
- 5
0
votes
1 answer
How to use PKCS#11 CKM_AES_KEY_WRAP mechanism in Java?
I'm working with some PKCS#11 tokens that insist on using CKM_AES_KEY_WRAP for unwrapping AES-encrypted keys. On these tokens, CKM_AES_CBC and friends don't support unwrap.
At the other end of this system, I therefore need to wrap a key using a…
Duncan Jones
- 67,400
- 29
- 193
- 254