Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

SunPKCS11 provider - write key on a SmartCard

843811Mar 24 2005 — edited Apr 19 2005

I use provider SunPKCS11 and without any troubles I can read certificates and key from the cryptographic card, but every attempt of writing anything on the card results with an error during setKeyEntry method call:

-Example------------------------------------------------------------------
sun.security.pkcs11.SunPKCS11 p =
new sun.security.pkcs11.SunPKCS11(configFileName);
Security.addProvider(p);
KeyStore.PasswordProtection pp = new KeyStore.PasswordProtection(pin);
KeyStore.Builder builder =
KeyStore.Builder.newInstance("pkcs11",p ,pp);
KeyStore store = builder.getKeyStore();

...
store.setKeyEntry("pawel", privKey, null, chain); //error
...
-error--------------------------------------------------------------------
Exception in thread "main" java.security.KeyStoreException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_TEMPLATE_INCOMPLETE
at sun.security.pkcs11.P11KeyStore.engineSetEntry(P11KeyStore.java:1067)
at sun.security.pkcs11.P11KeyStore.engineSetKeyEntry(P11KeyStore.java:443)
at java.security.KeyStore.setKeyEntry(Unknown Source)
at hex.pkcs11.Example3.main(Example3.java:88)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_TEMPLATE_INCOMPLETE
at sun.security.pkcs11.wrapper.PKCS11.C_CreateObject(Native Method)
at sun.security.pkcs11.P11KeyStore.storePkey(P11KeyStore.java:1737)
at sun.security.pkcs11.P11KeyStore.engineSetEntry(P11KeyStore.java:1063)
... 3 more
---------------------------------------------------------------------------
I think this error may be caused by improper configuration of the file pkcs11.config, but I can be, of course, mistaken.
the files which I used to performs test look as follows:

-file1---------------------------------------------------------------------
name=CryptoCard
library=C:\WINNT\system32\CCPkiP11.dll

-file2---------------------------------------------------------------------
name=CryptoCard
library=C:\WINNT\system32\CCPkiP11.dll

attributes(*,CKO_PRIVATE_KEY,*) = {
CKA_SENSITIVE=true
}

attributes(*,CKO_PRIVATE_KEY,*) = {
CKA_TOKEN=true
}

attributes(*,CKO_PRIVATE_KEY,*) = {
CKA_SIGN = true
}
attributes(*,CKO_PRIVATE_KEY,*) = {
CKA_PRIVATE=true
}
attributes(*,CKO_PRIVATE_KEY,*) = {
CKA_MODIFIABLE=true
}

attributes(*,CKO_PRIVATE_KEY,*) = {
CKA_DERIVE=false
}

attributes(*,CKO_CERTIFICATE,*) = {
CKA_TRUSTED=true
}
attributes(*,CKO_CERTIFICATE,*) = {
CKA_TOKEN=true
}

attributes(*,CKO_CERTIFICATE,*) = {
CKA_MODIFIABLE=true
}

attributes(*,CKO_CERTIFICATE,*) = {
CKA_PRIVATE=true
}

-------------------------------------

Locked Post

New comments cannot be posted to this locked post.

Locked on May 17 2005

Added on Mar 24 2005

#cryptography

1 comment

831 views