Hello, I'm attempting to run Jsch as a client while using the SunPKCS11 NSS JCE in FIPS mode. As soon as I attempt to connect, I get an exception:
java.security.ProviderException: Could not derive key at sun.security.pkcs11.P11KeyAgreement.engineGenerateSecret(P11KeyAgreement.java:204) at javax.crypto.KeyAgreement.generateSecret(KeyAgreement.java:570) at com.jcraft.jsch.jce.DH.getK(DH.java:73) at com.jcraft.jsch.DHG1.next(DHG1.java:176) at com.jcraft.jsch.Session.connect(Session.java:305) at com.jcraft.jsch.Session.connect(Session.java:162) … Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE at sun.security.pkcs11.wrapper.PKCS11.C_GetAttributeValue(Native Method) at sun.security.pkcs11.P11KeyAgreement.engineGenerateSecret(P11KeyAgreement.java:198) … It appears that the PKCS11 provider is throwing this because it doesn't want to let "sensitive" data, like a private key, out of it's grip, even though this is just part of the DH exchange. Has anyone been able to make Jsch work in this configuration? Thanks, Mark Manes StillSecure, Inc. ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ JSch-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/jsch-users
