KeyGen Fails for Luna HSM

Tue, 3 Nov 2009 18:30:22 -0800 

Hi all,
I am trying  to use the sun PKCS11 provider to extract key out of Luna
HSM .

I am able to login to the HSM .Also I am able to generate RSA key pair.

In the following code , the RSA key pair generation is successfull but I
get an exception when I try to create an instance of DES key generator.

KeyPairGenerator keyPairGenerator = null;
try 
{
keyPairGenerator = KeyPairGenerator.getInstance("RSA", provider);
}

catch (NoSuchAlgorithmException e) 
{
e.printStackTrace();
}

KeyPair keyPair = keyPairGenerator.generateKeyPair();

// generate an DES key for wrapping

KeyGenerator keyGen = null;
try
{
keyGen = KeyGenerator.getInstance("DES", provider);
}
catch (NoSuchAlgorithmException e) 
{
e.printStackTrace();
}

This is my pkcs11 cfg file.

name=SafeNet
library=C:\\Program Files\\LunaPCM\\cryptoki.dll
slot=2

attributes(*,*,*) = {
CKA_TOKEN = true 
}

attributes(*,CKO_SECRET_KEY,*) = {
CKA_CLASS = 4
CKA_PRIVATE= true
CKA_KEY_TYPE=19
CKA_SENSITIVE= true
CKA_ENCRYPT= true
CKA_DECRYPT= true
CKA_WRAP= true
CKA_UNWRAP= true 

}

This is the exception I am getting.

java.lang.ExceptionInInitializerError

at javax.crypto.KeyGenerator.getInstance(DashoA13*..)

at PKCS11Impl.doKeyWrap(PKCS11Impl.java:37)

at HSM_Manager.main(HSM_Manager.java:149)

Caused by: java.lang.SecurityException: Cannot set up certs for trusted
CAs

at javax.crypto.SunJCE_b.<clinit>(DashoA13*..)

... 3 more

Caused by: java.security.ProviderException:
sun.security.pkcs11.wrapper.PKCS11Exception: CKR_KEY_TYPE_INCONSISTENT

at sun.security.pkcs11.P11Signature.engineVerify(P11Signature.java:546)

at java.security.Signature$Delegate.engineVerify(Unknown Source)

at java.security.Signature.verify(Unknown Source)

at sun.security.x509.X509CertImpl.verify(Unknown Source)

at sun.security.x509.X509CertImpl.verify(Unknown Source)

at javax.crypto.SunJCE_b.d(DashoA13*..)

at javax.crypto.SunJCE_b.c(DashoA13*..)

at javax.crypto.SunJCE_b$1.run(DashoA13*..)

at java.security.AccessController.doPrivileged(Native Method)

... 4 more

Caused by: sun.security.pkcs11.wrapper.PKCS11Exception:
CKR_KEY_TYPE_INCONSISTENT

at sun.security.pkcs11.wrapper.PKCS11.C_VerifyFinal(Native Method)

at sun.security.pkcs11.P11Signature.engineVerify(P11Signature.java:500)

... 12 more

Exception in thread "main" java.lang.NullPointerException

at PKCS11Impl.doKeyWrap(PKCS11Impl.java:49)

at HSM_Manager.main(HSM_Manager.java:149)

 

Can someone please point out if I am doing something wrong which is very
obvious ?

 

Thanks,

Somnath

-------------- next part --------------
An HTML attachment was scrubbed...
URL: 
<http://mail.opensolaris.org/pipermail/crypto-discuss/attachments/20091103/e225dc25/attachment.html>

Reply via email to