Hi Christian,
I completely agree with 's...'! All this Smartcard / HSM stuff is a
bloody mess.
My lucky guess would be that itext is far away from the crypto level,
and the handling of PKCS11 is done by the sun wrapper. So both iText and
bc are not my prominent suspects. Could you turn on some kind of logging
/ tracing at the PKSC11 level?
Greetings,
Andreas
> Hmm ok I created a java keystore and it works. But its s... Because pkcs11
> works in past with older itext and bouncy castle
>
> Am 22.03.2012 um 15:31 schrieb Andreas Kuehne:
>
>> Hi Christian,
>>
>> now I see! I didn't came across any CryptoVision stuff, yet . But my
>> standard approach would be to check whether your installation signs
>> using another tools using the PKCS11 interface. Can you check that?
>>
>> Greetings
>>
>> Andreas
>>> Hey,
>>>
>>> thanks for replying
>>>
>>> It is an external library. I load it with the following lines:
>>>
>>> String configName = "/Users/christian/pkcs11.cfg";
>>> Provider p = new sun.security.pkcs11.SunPKCS11(configName);
>>> Security.addProvider(p);
>>>
>>> KeyStore ks = KeyStore.getInstance("pkcs11");
>>> ks.load(null, "password".toCharArray());
>>>
>>> And the content from .cfg-file is the following:
>>>
>>> library = /usr/local/lib/libcvP11.dylib
>>> name = CryptoVision
>>>
>>>
>>> Am 22.03.2012 um 13:59 schrieb Andreas Kuehne:
>>>
>>>> Hi Christian,
>>>>
>>>> can you give a little more information about the PKCS11 lib you are using?
>>>> As far as I can see from the log that the PKCS11wrapper detected a
>>>> problem. But that's quite generic ...
>>>>
>>>> Greetings
>>>>
>>>> Andreas
>>>>> Hey @all,
>>>>>
>>>>> I tried the example "How to sign with an external signature and a
>>>>> standard filter" from http://itextpdf.sourceforge.net/howtosign.html with
>>>>> itext 5.2.0, bouncy castle 1.46 and a pkcs11 token.
>>>>> Every time I get the following exception:
>>>>>
>>>>> Exception in thread "main" java.security.ProviderException:
>>>>> sun.security.pkcs11.wrapper.PKCS11Exception: CKR_FUNCTION_FAILED
>>>>> at sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:531)
>>>>> at java.security.Signature$Delegate.engineSign(Signature.java:1128)
>>>>> at java.security.Signature.sign(Signature.java:522)
>>>>> at com.itextpdf.text.pdf.PdfPKCS7.getEncodedPKCS1(PdfPKCS7.java:1210)
>>>>> at
>>>>> com.itextpdf.text.pdf.PdfSigGenericPKCS.setSignInfo(PdfSigGenericPKCS.java:113)
>>>>> at
>>>>> com.itextpdf.text.pdf.PdfSignatureAppearance.preClose(PdfSignatureAppearance.java:974)
>>>>> at
>>>>> com.itextpdf.text.pdf.PdfSignatureAppearance.preClose(PdfSignatureAppearance.java:897)
>>>>> at christianTest.ExternalHash.main(ExternalHash.java:45)
>>>>> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
>>>>> at
>>>>> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
>>>>> at
>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
>>>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>>>> at com.intellij.rt.execution.application.AppMain.main(AppMain.java:120)
>>>>> Caused by: sun.security.pkcs11.wrapper.PKCS11Exception:
>>>>> CKR_FUNCTION_FAILED
>>>>> at sun.security.pkcs11.wrapper.PKCS11.C_Sign(Native Method)
>>>>> at sun.security.pkcs11.P11Signature.engineSign(P11Signature.java:522)
>>>>> ... 12 more
>>>>>
>>>>> The point where the application stops is sig.sign() in class PdfPKCS7.
>>>>> With older verson of itext and bc it works but now...
>>>>>
>>>>> I googled and only find articles which says that I have to load
>>>>> pkcs11-keystore without the provider but nothing happen.
>>>>> Is there anybody with a solution?
>>>>>
>>>>> Thanks in advance
>>>>> ------------------------------------------------------------------------------
>>>>> This SF email is sponsosred by:
>>>>> Try Windows Azure free for 90 days Click Here
>>>>> http://p.sf.net/sfu/sfd2d-msazure
>>>>> _______________________________________________
>>>>> iText-questions mailing list
>>>>> [email protected]
>>>>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>>>
>>>>> iText(R) is a registered trademark of 1T3XT BVBA.
>>>>> Many questions posted to this list can (and will) be answered with a
>>>>> reference to the iText book: http://www.itextpdf.com/book/
>>>>> Please check the keywords list before you ask for examples:
>>>>> http://itextpdf.com/themes/keywords.php
>>>>>
>>>> --
>>>> Andreas Kühne
>>>> phone: +49 177 293 24 97
>>>> mailto: [email protected]
>>>>
>>>> Trustable Ltd. Niederlassung Deutschland Ströverstr. 18 - 59427 Unna
>>>> Amtsgericht Hamm HRB 5868
>>>>
>>>> Directors Andreas Kühne, Heiko Veit
>>>>
>>>> Company UK Company No: 5218868 Registered in England and Wales
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> This SF email is sponsosred by:
>>>> Try Windows Azure free for 90 days Click Here
>>>> http://p.sf.net/sfu/sfd2d-msazure
>>>> _______________________________________________
>>>> iText-questions mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>>
>>>> iText(R) is a registered trademark of 1T3XT BVBA.
>>>> Many questions posted to this list can (and will) be answered with a
>>>> reference to the iText book: http://www.itextpdf.com/book/
>>>> Please check the keywords list before you ask for examples:
>>>> http://itextpdf.com/themes/keywords.php
>>> ------------------------------------------------------------------------------
>>> This SF email is sponsosred by:
>>> Try Windows Azure free for 90 days Click Here
>>> http://p.sf.net/sfu/sfd2d-msazure
>>> _______________________________________________
>>> iText-questions mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>>
>>> iText(R) is a registered trademark of 1T3XT BVBA.
>>> Many questions posted to this list can (and will) be answered with a
>>> reference to the iText book: http://www.itextpdf.com/book/
>>> Please check the keywords list before you ask for examples:
>>> http://itextpdf.com/themes/keywords.php
>>>
>>
>> --
>> Andreas Kühne
>> phone: +49 177 293 24 97
>> mailto: [email protected]
>>
>> Trustable Ltd. Niederlassung Deutschland Ströverstr. 18 - 59427 Unna
>> Amtsgericht Hamm HRB 5868
>>
>> Directors Andreas Kühne, Heiko Veit
>>
>> Company UK Company No: 5218868 Registered in England and Wales
>>
>>
>> ------------------------------------------------------------------------------
>> This SF email is sponsosred by:
>> Try Windows Azure free for 90 days Click Here
>> http://p.sf.net/sfu/sfd2d-msazure
>> _______________________________________________
>> iText-questions mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/itext-questions
>>
>> iText(R) is a registered trademark of 1T3XT BVBA.
>> Many questions posted to this list can (and will) be answered with a
>> reference to the iText book: http://www.itextpdf.com/book/
>> Please check the keywords list before you ask for examples:
>> http://itextpdf.com/themes/keywords.php
>
> ------------------------------------------------------------------------------
> This SF email is sponsosred by:
> Try Windows Azure free for 90 days Click Here
> http://p.sf.net/sfu/sfd2d-msazure
> _______________________________________________
> iText-questions mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/itext-questions
>
> iText(R) is a registered trademark of 1T3XT BVBA.
> Many questions posted to this list can (and will) be answered with a
> reference to the iText book: http://www.itextpdf.com/book/
> Please check the keywords list before you ask for examples:
> http://itextpdf.com/themes/keywords.php
>
--
Andreas Kühne
phone: +49 177 293 24 97
mailto: [email protected]
Trustable Ltd. Niederlassung Deutschland Ströverstr. 18 - 59427 Unna
Amtsgericht Hamm HRB 5868
Directors Andreas Kühne, Heiko Veit
Company UK Company No: 5218868 Registered in England and Wales
------------------------------------------------------------------------------
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
_______________________________________________
iText-questions mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/itext-questions
iText(R) is a registered trademark of 1T3XT BVBA.
Many questions posted to this list can (and will) be answered with a reference
to the iText book: http://www.itextpdf.com/book/
Please check the keywords list before you ask for examples:
http://itextpdf.com/themes/keywords.php
