Re: [opencryptoki-users] Opencryptoki and Java JCA

Fri, 29 Jun 2012 07:32:29 -0700 

Ok, I will take a look at this as soon as I can.

Thanks!

regards,
Joy

Gideon Knocke <gideonkno...@googlemail.com> wrote on 06/29/2012 07:37:08
AM:

> Gideon Knocke <gideonkno...@googlemail.com>
> 06/29/2012 07:37 AM
>
> To
>
> opencryptoki-users@lists.sourceforge.net,
>
> cc
>
> Subject
>
> Re: [opencryptoki-users] Opencryptoki and Java JCA
>
> Here is what I did to generate the key:
>
> /usr/lib/jvm/jdk1.7.0/bin/keytool -genseckey -keystore NONE -storetype
> PKCS11 -keyalg AES -keysize 256 -alias test
>
> I had expected that an error like this would occur while storing the
> key, not when I try to read the key.
>
> I tried to perform the same task in Java:
>
>                //Initialize and login
>                char[] pin = {'1','2','3','4','5','6'};
>                KeyStore ks = KeyStore.getInstance("PKCS11");
>                ks.load(null, pin);
>                //Generate the key
>                KeyGenerator keygen = KeyGenerator.getInstance("AES");
>                keygen.init(256);
>                SecretKey secretKey = keygen.generateKey();
>                //Write the secret key to the token
>                KeyStore.SecretKeyEntry keyEntry = new
>                KeyStore.SecretKeyEntry(secretKey);
>                ks.setEntry(args[0], keyEntry, new
>                KeyStore.PasswordProtection(pin));
>
> But the problem is still the same.
>
> In this case the key is generated with the RNG of the TPM and then
> stored in the token.
>
> Gideon
>
> 2012/6/26 Joy Latten <lat...@us.ibm.com>:
> > Let me make sure I understand.
> > Are you trying to store an externally generated AES key ?
> > If so, how are you creating the pkcs#11 secret key object?
> >
> > regards,
> > Joy
> >
> > Gideon Knocke <gideonkno...@googlemail.com> wrote on 06/25/2012
08:30:40 AM:
> >
> >> Gideon Knocke <gideonkno...@googlemail.com>
> >> 06/25/2012 08:30 AM
> >>
> >> To
> >>
> >> opencryptoki-users@lists.sourceforge.net,
> >>
> >> cc
> >>
> >> Subject
> >>
> >> [opencryptoki-users] Opencryptoki and Java JCA
> >>
> >> Hi,
> >>
> >> I'm trying to use the Sun PKCS#11 provider to manage my TPM token. I
> >> can use stored symmetric keys within a Java program but I'm not able
> >> to store an AES key in the token. In fact I can store the key but I am
> >> not able to read the stored key. The same problem occurs when I use
> >> keytool to generate and store a secret key. This is the error which
> >> occurs when I try to read the secret key:
> >>
> >> Exception in thread "main" java.security.ProviderException:
> >> sun.security.pkcs11.wrapper.PKCS11Exception:
> >> CKR_ATTRIBUTE_TYPE_INVALID
> >>  at sun.security.pkcs11.P11KeyStore.engineGetKey(P11KeyStore.java:335)
> >>  at java.security.KeyStore.getKey(KeyStore.java:792)
> >>  at Java4.main(Java4.java:16)
> >> Caused by: sun.security.pkcs11.wrapper.PKCS11Exception:
> >> CKR_ATTRIBUTE_TYPE_INVALID
> >>  at sun.security.pkcs11.wrapper.PKCS11.C_GetAttributeValue(Native
Method)
> >>  at sun.security.pkcs11.P11KeyStore.loadSkey(P11KeyStore.java:1306)
> >>  at sun.security.pkcs11.P11KeyStore.engineGetKey(P11KeyStore.java:328)
> >>  ... 2 more
> >>
> >> I haven't specified any additional Attibutes. The problem does not
> >> occur if the key is generated with "tpmtoken_protect".
> >> The used software is Java 1.7 and Opencryptoki 2.4.2
> >>
> >> Thanks!
> >>
> >>
> >>
>
------------------------------------------------------------------------------

> >> Live Security Virtual Conference
> >> Exclusive live event will cover all the ways today's security and
> >> threat landscape has changed and how IT managers can respond.
Discussions
> >> will include endpoint security, mobile security and the latest in
malware
> >> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> >> _______________________________________________
> >> opencryptoki-users mailing list
> >> opencryptoki-users@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/opencryptoki-users
> >>
>
>
------------------------------------------------------------------------------

> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions

> will include endpoint security, mobile security and the latest in malware

> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> opencryptoki-users mailing list
> opencryptoki-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/opencryptoki-users
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
opencryptoki-users mailing list
opencryptoki-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/opencryptoki-users

Reply via email to