I've been struggling for weeks trying to make IText Signing with PKCS11 code running on my platform using LunaSA HSM
With Safenet's support, I was finally actually able to make it run properly. I suspected Windows problem in a very first time. But facing the same problems on CentOS Windows OS could not be the cause. One thing we discovered is that PKCS11 used through java does not work with LunaSA 4.4. So the best mitigation we have finally found was to move our HSM & Client to 4.5 version. If Bruno can tell me what version he used when writing his whitepaper "Digital Signature for PDF Document", it'll be a very interesting information. Thank you for your help, guys. Laurent -----Message d'origine----- De : Marot Laurent [mailto:laurent.ma...@alliacom.com] Envoyé : vendredi 11 janvier 2013 16:08 À : Post all your questions about iText here Objet : Re: [iText-questions] desperatly trying to run Code sample 4.1: Signing a document using PKCS#11 >The results seem pretty consistent to me: > There's nothing in slot 0 or there is no such thing as slot 0. Same goes for > all other slot numbers except 1 and 2. >You logged in correctly into the key store, but there's nothing stored in it >(no elements found when asking for aliases). >You didn't log in correctly (the password was incorrect). Thanks a lot - I hope my searches will benefit to others. 1) password was not the right one for slot2 2) Partition showContents confirm your good advices on slot 1 [hmsalliacom] lunash:>partition showcontent partition PartAPPSIGNPDF Please enter the user password for the partition: > ******** Partition Name: PartAPPSIGNPDF Partition SN: 316803001 Number objects: 6 Object Label: HSMCA Object Type: Data Object Label: HSMCA-Xchg(12) Object Type: Data Object Label: S-HSMCA Object Type: Public Key Object Label: S-HSMCA Object Type: Private Key Object Label: X-HSMCA-Xchg(12) Object Type: Public Key Object Label: X-HSMCA-Xchg(12) Object Type: Private Key ==========> 6 objects but no certificate, only keys So i've just used ckdemo to generate first certificate but the road I still long to get the right result as template certificate just provide the basics and certificate fields seem to be missing What type of object to create? [0] Data [1] Certificate [2] EC Domain Parameters 1 CKA_CLASS=01000000 CKA_CERTIFICATE_TYPE=00000000 CKA_TOKEN=01 CKA_LABEL=Created certificate object CKA_SUBJECT= CKA_VALUE=01010101010101010101010101010101000000 (1) Add Attribute (2) Remove Attribute (0) Accept Template 0 Created object handle: 11 Janv. 11, 2013 3:39:17 PM com.alliacom.crypto.luna.SignWithPKCS11HSM main Grave: null java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Empty input at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:104) at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339) at sun.security.pkcs11.P11KeyStore.loadCert(P11KeyStore.java:1207) at sun.security.pkcs11.P11KeyStore.mapLabels(P11KeyStore.java:2370) at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:766) at java.security.KeyStore.load(KeyStore.java:1214) at com.alliacom.crypto.luna.SignWithPKCS11HSM.main(SignWithPKCS11HSM.java:131) Caused by: java.io.IOException: Empty input at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:101) ... 6 more ________________________________ Le papier est un support de communication naturel, renouvelable et recyclable. Si vous devez imprimer ce mail, n’oubliez pas de le recycler. ------------------------------------------------------------------------------ Free Next-Gen Firewall Hardware Offer Buy your Sophos next-gen firewall before the end March 2013 and get the hardware for free! Learn more. http://p.sf.net/sfu/sophos-d2d-feb _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
