If the default PKCS11 config is used, I'd expect that KeyPairGenerator
to generate a "session" key and then SunPKCS11 keystore impl will do a
C_CopyObject(...) w/ the desired alias.
Is a custom PKCS11 config file used here? If yes, perhaps it specifies
that token key be generated for key gen
This may actually be a bug in the PKCS11 provider.
KeyPairGenerator should be generating a "Session" key pair.
When you write the key store object, the underlying function should do a
C_CopyObject from the Session object to a Token object. (Or from a software
key to a Token object). At tha
Hi,
Sorry if I misunderstood you. That is actually exactly how we do it,
1. Use KeyPairGenerator with P11 provider to generate key pair.
2. Create a keystore with the P11 provier.
3. Generate a self signed certificate.
4. keystore.setKeyEntry(myalias, privateKey, null, cert).
The keys work fin
