unable to get jarsigner to sign jar file using pkcs11 smartcard
843811Jul 28 2009 — edited Jul 29 2009I'm using a JDK jdk1.6.0_14 with a datakey smartcard with the below info in pkcs11.cfg file:
name = DK330
library = c:\windows\system32\dkck232.dll
I have also configured the java.security file to include the security.provider.10=sun.security.pkcs11.SunPKCS11 c:/pkcs11.cfg
I have my environment set for the below to keep it simple as possible:
JAVA_HOME=C:\Program Files\Java\jdk1.6.0_14
CLASSPATH=C:\Program Files\Java\jdk1.6.0_14\lib
PATH=C:\Program Files\Java\jdk1.6.0_14\bin;c:\windows;c:\windows\system32
1) I am able to Confirm that the secret key is present in the keystore
-------------------------------------------------------------
keytool -v -list -keystore NONE -storetype PKCS11 -storepass xxxxxx
Keystore type: PKCS11
Keystore provider: SunPKCS11-DK330
Your keystore contains 1 entry
Alias name: CS.NOLSC.002's U.S. Government ID
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=CS.NOLSC.002, OU=USN, OU=PKI, OU=DoD, O=U.S. Government, C=US, OU=PKI, OU=DoD, O=U.S. Government, C=US
Issuer: CN=DOD CA-14, OU=PKI, OU=DoD, O=U.S. Government, C=US
Serial number: 3e8e
Valid from: Mon Feb 05 14:53:22 EST 2007 until: Thu Feb 04 14:53:22 EST 2010
Certificate fingerprints:
MD5: 9D:34:AF:D8:DE:18:15:78:D6:88:3D:37:83:FA:DC:E8
SHA1: 8A:BB:39:D5:2B:45:F7:CE:A3:93:C5:71:5C:36:DC:FE:3F:B4:7D:9A
Signature algorithm name: SHA1withRSA
Version: 3
Extensions:
#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
DigitalSignature etc
---------------------------------------------------------------------------------
2) When I try to sign the applet using the below commands I get the same errors:
command 1:
jarsigner -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg ${java.home}/lib/security/pkcs11.cfg sfilechooser.jar "CS.NOLSC.002's U.S. Government ID"
I get this error::
jarsigner error: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_TYPE_INVALID
command 2:
jarsigner -verbose -keystore NONE -storetype PKCS11 -storepass xxxxxx sfilechooser.jar "CS.NOLSC.002's U.S. Government ID"jarsigner error: java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_TYPE_INVALID
-----------------------------------------------------------------------------
I can also confirm the jar file that I'm trying to sign is unsigned using the below command without problem.
C:\Program Files\Java\jdk1.6.0_14\bin>jarsigner -verify -verbose -certs -keystore NONE -storetype PKCS11 sfilechooser.jar
Enter Passphrase for keystore:
0 Wed Jul 08 09:36:06 EDT 2009 META-INF/
71 Wed Jul 08 09:36:06 EDT 2009 META-INF/MANIFEST.MF
4227 Tue Jun 09 09:56:20 EDT 2009 DirList.class
0 Wed Jul 08 09:29:52 EDT 2009 FileChooserPackage/
4728 Tue Jun 09 09:56:20 EDT 2009 FileChooserPackage/DirUtil.class
809 Fri May 29 13:05:42 EDT 2009 FileChooserPackage/FileChooserBean$AWTFileDialogThread.class
765 Fri May 29 13:05:42 EDT 2009 FileChooserPackage/FileChooserBean$AWTSaveDialogThread.class
819 Tue Jun 09 09:56:20 EDT 2009 FileChooserPackage/FileChooserBean$FileChooserBeanThread.class
1015 Tue Jun 09 09:56:20 EDT 2009 FileChooserPackage/FileChooserBean$FormsDecoderException.class
815 Tue Jun 09 09:56:20 EDT 2009 FileChooserPackage/FileChooserBean$SaveFileChooserThread.class
17198 Tue Jun 09 09:56:20 EDT 2009 FileChooserPackage/FileChooserBean.class
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar is unsigned. (signatures missing or not parsable)
======================================
What could be my problem to get my applet signed? I'm at a loss.