Fwd: Java PKCS#11 provider throws NoSuchAlgorithmException

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Fwd: Java PKCS#11 provider throws NoSuchAlgorithmException

Ernie Kovak
Hello -

I'm new to OpenSC and just trying it out. My goal is CAC authentication from a Java thick client on Windows 7 using NSS in FIPS mode. I imagine it'll take some work to put all those things together. :)

My first step was to verify the Java PKCS#11 provider, without NSS. I've installed the nightly Windows build, opensc-0.15.0g20150914124137-win64.msi, and the opensc tools are able to access my card both through a built-in reader and a USB reader.

I'm using some example code from https://github.com/emergya/opensc-testing:

Provider p = new sun.security.pkcs11.SunPKCS11("opensc-cfg.txt");
Security.insertProviderAt(p, 0);
KeyStore cac = KeyStore.getInstance("PKCS11", p);

The call to KeyStore.getInstance throws this exception and cause:

java.security.KeyStoreException: PKCS11 not found
java.security.NoSuchAlgorithmException: no such algorithm: PKCS11 for provider SunPKCS11-OpenSC

When I list the provider's services there are none.

Here's my config file contents (based on example at opensc-testing):

name = OpenSC
library = C:/Windows/System32/opensc-pkcs11.dll
slot = -1
attributes = compatibility
attributes(*,*,*)=
{
CKA_TOKEN=true
CKA_LOCAL=true
}

I've turned up the OpenSC debug level, and the call to the SunPKCS11 constructor invokes OpenSC and writes a lot of output to my log (attached).

I've read everything I could find, and I think my setup and code is correct. Did I miss something?

Any help will be appreciated - thanks in advance!

Ernie





------------------------------------------------------------------------------

_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel

opensc-debug.log (334K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Java PKCS#11 provider throws NoSuchAlgorithmException

Anders Rundgren-2
On 2015-10-27 15:28, Ernie Kovak wrote:
Ernie,

Oracle/SUN never ported the PKCS #11 wrapper to Windows...
They do have a CAPI wrapper though (but never tested).

Anders

> Hello -
>
> I'm new to OpenSC and just trying it out. My goal is CAC authentication from a Java thick client on Windows 7 using NSS in FIPS mode. I imagine it'll take some work to put all those things together. :)
>
> My first step was to verify the Java PKCS#11 provider, without NSS. I've installed the nightly Windows build, opensc-0.15.0g20150914124137-win64.msi, and the opensc tools are able to access my card both through a built-in reader and a USB reader.
>
> I'm using some example code from https://github.com/emergya/opensc-testing:
>
> Provider p = new sun.security.pkcs11.SunPKCS11("opensc-cfg.txt");
> Security.insertProviderAt(p, 0);
> KeyStore cac = KeyStore.getInstance("PKCS11", p);
>
> The call to KeyStore.getInstance throws this exception and cause:
>
> java.security.KeyStoreException: PKCS11 not found
> java.security.NoSuchAlgorithmException: no such algorithm: PKCS11 for provider SunPKCS11-OpenSC
>
> When I list the provider's services there are none.
>
> Here's my config file contents (based on example at opensc-testing):
>
> name = OpenSC
> library = C:/Windows/System32/opensc-pkcs11.dll
> slot = -1
> attributes = compatibility
> attributes(*,*,*)=
> {
> CKA_TOKEN=true
> CKA_LOCAL=true
> }
>
> I've turned up the OpenSC debug level, and the call to the SunPKCS11 constructor invokes OpenSC and writes a lot of output to my log (attached).
>
> I've read everything I could find, and I think my setup and code is correct. Did I miss something?
>
> Any help will be appreciated - thanks in advance!
>
> Ernie
>
>
>
>
>
>
> ------------------------------------------------------------------------------
>
>
>
> _______________________________________________
> Opensc-devel mailing list
> [hidden email]
> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>


------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Java PKCS#11 provider throws NoSuchAlgorithmException

Anders Rundgren-2
On 2015-10-27 15:35, Anders Rundgren wrote:
> On 2015-10-27 15:28, Ernie Kovak wrote:
> Ernie,
>
> Oracle/SUN never ported the PKCS #11 wrapper to Windows...
> They do have a CAPI wrapper though (but never tested).

I was wrong.  For JDK 8 they have finally shipped a 64-bit version, yay!

Anders

>
> Anders
>
>> Hello -
>>
>> I'm new to OpenSC and just trying it out. My goal is CAC authentication from a Java thick client on Windows 7 using NSS in FIPS mode. I imagine it'll take some work to put all those things together. :)
>>
>> My first step was to verify the Java PKCS#11 provider, without NSS. I've installed the nightly Windows build, opensc-0.15.0g20150914124137-win64.msi, and the opensc tools are able to access my card both through a built-in reader and a USB reader.
>>
>> I'm using some example code from https://github.com/emergya/opensc-testing:
>>
>> Provider p = new sun.security.pkcs11.SunPKCS11("opensc-cfg.txt");
>> Security.insertProviderAt(p, 0);
>> KeyStore cac = KeyStore.getInstance("PKCS11", p);
>>
>> The call to KeyStore.getInstance throws this exception and cause:
>>
>> java.security.KeyStoreException: PKCS11 not found
>> java.security.NoSuchAlgorithmException: no such algorithm: PKCS11 for provider SunPKCS11-OpenSC
>>
>> When I list the provider's services there are none.
>>
>> Here's my config file contents (based on example at opensc-testing):
>>
>> name = OpenSC
>> library = C:/Windows/System32/opensc-pkcs11.dll
>> slot = -1
>> attributes = compatibility
>> attributes(*,*,*)=
>> {
>> CKA_TOKEN=true
>> CKA_LOCAL=true
>> }
>>
>> I've turned up the OpenSC debug level, and the call to the SunPKCS11 constructor invokes OpenSC and writes a lot of output to my log (attached).
>>
>> I've read everything I could find, and I think my setup and code is correct. Did I miss something?
>>
>> Any help will be appreciated - thanks in advance!
>>
>> Ernie
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>>
>>
>>
>> _______________________________________________
>> Opensc-devel mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>>
>


------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: Java PKCS#11 provider throws NoSuchAlgorithmException

Vincent Le Toux
For the Windows side:
To be sure the dll is correct (the nightly build has a problem with the inclusiong of OpenSSL), I'll suggest to run "depends.exe" with the dll. You'll be able to check that all dependancies are OK;

Then use processmonitor.exe => you'll be able to be sure if the dll get loaded or not.

For the java side;

vincent

2015-10-27 15:41 GMT+01:00 Anders Rundgren <[hidden email]>:
On 2015-10-27 15:35, Anders Rundgren wrote:
> On 2015-10-27 15:28, Ernie Kovak wrote:
> Ernie,
>
> Oracle/SUN never ported the PKCS #11 wrapper to Windows...
> They do have a CAPI wrapper though (but never tested).

I was wrong.  For JDK 8 they have finally shipped a 64-bit version, yay!

Anders

>
> Anders
>
>> Hello -
>>
>> I'm new to OpenSC and just trying it out. My goal is CAC authentication from a Java thick client on Windows 7 using NSS in FIPS mode. I imagine it'll take some work to put all those things together. :)
>>
>> My first step was to verify the Java PKCS#11 provider, without NSS. I've installed the nightly Windows build, opensc-0.15.0g20150914124137-win64.msi, and the opensc tools are able to access my card both through a built-in reader and a USB reader.
>>
>> I'm using some example code from https://github.com/emergya/opensc-testing:
>>
>> Provider p = new sun.security.pkcs11.SunPKCS11("opensc-cfg.txt");
>> Security.insertProviderAt(p, 0);
>> KeyStore cac = KeyStore.getInstance("PKCS11", p);
>>
>> The call to KeyStore.getInstance throws this exception and cause:
>>
>> java.security.KeyStoreException: PKCS11 not found
>> java.security.NoSuchAlgorithmException: no such algorithm: PKCS11 for provider SunPKCS11-OpenSC
>>
>> When I list the provider's services there are none.
>>
>> Here's my config file contents (based on example at opensc-testing):
>>
>> name = OpenSC
>> library = C:/Windows/System32/opensc-pkcs11.dll
>> slot = -1
>> attributes = compatibility
>> attributes(*,*,*)=
>> {
>> CKA_TOKEN=true
>> CKA_LOCAL=true
>> }
>>
>> I've turned up the OpenSC debug level, and the call to the SunPKCS11 constructor invokes OpenSC and writes a lot of output to my log (attached).
>>
>> I've read everything I could find, and I think my setup and code is correct. Did I miss something?
>>
>> Any help will be appreciated - thanks in advance!
>>
>> Ernie
>>
>>
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>>
>>
>>
>> _______________________________________________
>> Opensc-devel mailing list
>> [hidden email]
>> https://lists.sourceforge.net/lists/listinfo/opensc-devel
>>
>


------------------------------------------------------------------------------
_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel



--
--
Vincent Le Toux

My Smart Logon
www.mysmartlogon.com

------------------------------------------------------------------------------

_______________________________________________
Opensc-devel mailing list
[hidden email]
https://lists.sourceforge.net/lists/listinfo/opensc-devel