problem in sunpkcs11
843811Dec 24 2008 — edited Jun 29 2010HI:
I use keytool list a pkcs11 keystore,use this command line:
(my java.security is modified ,add sunpkcs11 provider,use a pkcs11 config file:
#in java.security
#1-9 provider
#security.provider.10=sun.security.pkcs11.SunPKCS11 d:\\work\\sunp11\\p11.conf
#in p11.conf
library=c:/windows/system32/aetpkss1.dll
name=gd
D:\jdk1.6.0_10\bin>keytool -v -list -keystore NONE -storetype PKCS11 -providerna
me SunPKCS11-gd -J-Djava.security.debug=sunpkcs11,pkcs11
it run failed,echo:
D:\jdk1.6.0_10\bin>keytool -v -list -keystore NONE -storetype PKCS11 -providerna
me SunPKCS11-gd
keytool错误: java.security.KeyStoreException: PKCS11 not found
java.security.KeyStoreException: PKCS11 not found
at java.security.KeyStore.getInstance(KeyStore.java:635)
at sun.security.tools.KeyTool.doCommands(KeyTool.java:596)
at sun.security.tools.KeyTool.run(KeyTool.java:172)
at sun.security.tools.KeyTool.main(KeyTool.java:166)
Caused by: java.security.NoSuchAlgorithmException: no such algorithm: PKCS11 for
provider SunPKCS11-gd
at sun.security.jca.GetInstance.getService(GetInstance.java:70)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:190)
at java.security.Security.getImpl(Security.java:662)
at java.security.KeyStore.getInstance(KeyStore.java:632)
... 3 more
So,I search this forum(forums.sun.com)for help, I see in a thread "How to use the new PKCS11-Provider" write, add a debug argument to get some debug infomation:
-Djava.security.debug=sunpkcs11,pkcs11
I add this argument,command is:
D:\jdk1.6.0_10\bin>keytool -v -list -keystore NONE -storetype PKCS11 -providerna
me SunPKCS11-gd -J-Djava.security.debug=sunpkcs11,pkcs11
It run ok(??????????),result is:
D:\jdk1.6.0_10\bin>keytool -v -list -keystore NONE -storetype PKCS11 -providerna
me SunPKCS11-gd -J-Djava.security.debug=sunpkcs11,pkcs11
SunPKCS11 loading d:\work\sunp11\p11.conf
sunpkcs11: Initializing PKCS#11 library c:/windows/system32/aetpkss1.dll
Information for provider SunPKCS11-gd
Library info:
cryptokiVersion: 2.11
manufacturerID: A.E.T. Europe B.V.
flags: 0
libraryDescription: Cryptographic Token Interface
libraryVersion: 2.00
All slots: 52481, 52482, 52483
Slots with tokens: 52482
Slot info for slot 52482:
slotDescription: StarKey HID 0
.......
prompt enter keystorepassword:
enter keystore password:
sunpkcs11: login succeeded
Keystore Type: PKCS11
Keystore Provider: SunPKCS11-gd
1 entry in keystore:
alias: ra's ca ID
type: PrivateKeyEntry
certlen: 1
auth[1]:
subject:CN=ra, OU=certmanager, O=abc
issure:CN=ca, O=abc
sn:40cc0003
validity: Fri Nov 28 14:48:23 CST 2008 至Wed Nov 28 14:48:23 CST 2018
.....
extesion:
#1: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Non_repudiation
Key_Encipherment
Data_Encipherment
Key_Agreement
]
#2: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 46 A8 20 96 73 24 D9 41 2D A1 47 5B 32 7C 45 39 F. .s$.A-.G[2.E9
0010: 06 F0 72 45 ..rE
]
]
#3: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[CN=crl1, OU=crl, O=abc]
]]
#4: ObjectId: 2.5.29.37 Criticality=false
Unparseable ExtendedKeyUsage extension due to
java.io.IOException: Invalid encoding for ExtendedKeyUsageExtension.
0000: 04 00 ..
#5: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen:2147483647
]
#6: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 2A 53 16 EC C4 0C E3 17 45 97 ED 57 2E 13 57 51 *S......E..W..WQ
0010: 2C 68 D0 89 ,h..
]
]
*******************************************
*******************************************
I write a java program to test it,get same result.when I add -Djava.security.debug=sunpkcs11,pkcs11,it run ok,remove this argument,it failed.code is:
public static void main(String[] args) throws Exception {
KeyStore ks = KeyStore.getInstance("PKCS11","SunPKCS11-gd");
ks.load(null,"11111111".toCharArray() );
Enumeration<String> alias = ks.aliases();
while(alias.hasMoreElements()){
System.out.println( alias.nextElement() );
}
}
Can someone help me?why this debug option affected it?how can I get this keystore with debug opton?