eToken Pro 64 - MacOS - Java

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

eToken Pro 64 - MacOS - Java

lec74
Hi,

I'm trying to use this token on MacOSX from a java application and
struggle with some issues:
       - The Aladdin library does not work at all from pkcs11-tool or
from a java application (keytool for example). It works fine in Firefox
       - So I decided to switch to opensc drivers. This time it works
fine with pkcs11-tool, but still not from java. When I start keytool, I
get the following exception:
Caused by: java.io.IOException:
dlopen(/Library/OpenSC/lib/opensc-pkcs11.so, 1): no suitable image
found.  Did find:
         /Library/OpenSC/lib/opensc-pkcs11.so: no matching architecture
in universal wrapper/Library/OpenSC/lib/opensc-pkcs11.so
         at sun.security.pkcs11.wrapper.PKCS11.connect(Native Method)
         at sun.security.pkcs11.wrapper.PKCS11.<init>(PKCS11.java:141)
         at sun.security.pkcs11.wrapper.PKCS11.getInstance(PKCS11.java:154)
         at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:281)

Am I doing something wrong ? Using the same library on a Linux install
works perfectly.

Thanks for your help
Christophe
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: eToken Pro 64 - MacOS - Java

Martin Paljak-2
Hello,

On Nov 30, 2010, at 5:53 PM, Christophe Lemoine wrote:

> Hi,
>
> I'm trying to use this token on MacOSX from a java application and
> struggle with some issues:
>       - The Aladdin library does not work at all from pkcs11-tool or
> from a java application (keytool for example). It works fine in Firefox


Can you send the output of pkcs11-tool with the Aladdin library?
Bonus: could you send the output of Aladdin PKCS#11 module + pkcs11-spy + pkcs11-tool?


>       - So I decided to switch to opensc drivers. This time it works
> fine with pkcs11-tool, but still not from java. When I start keytool, I
> get the following exception:
> Caused by: java.io.IOException:
> dlopen(/Library/OpenSC/lib/opensc-pkcs11.so, 1): no suitable image
> found.  Did find:
>         /Library/OpenSC/lib/opensc-pkcs11.so: no matching architecture
> in universal wrapper/Library/OpenSC/lib/opensc-pkcs11.so

What version of OS X are you using?
How did you install OpenSC?  (MacInstaller from wiki?)
What is the output of "file /Library/OpenSC/lib/opensc-pkcs11.so"?

How do you run your Java application (32 or 64bit mode?)

--
@MartinPaljak.net
+3725156495

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: eToken Pro 64 - MacOS - Java

lec74
Hi,

We have found a "solution": on some Mac, pkcs11-tool is actually showing
the token on slots 0, 3 and 4. While on some MAC it shows it only on slot 0.
We were trying on slot 0 and could not access the token data. When using
slot 4, it works (even if pkcs11-tool shows it only on slot 0). So we
will need to find a way to identify (from JAVA) on which slot we can
access the token. As the java application does not just throw an
exception, but crashes with a Bus error, we cannot just try each slot
until we get data.....


pkcs11-tool --module /usr/local/lib/libeTPkcs11.dylib -L
Available slots:
Slot 0 (0x100000000): AKS Ifdh 00 00
   token label:   Yulia
   token manuf:   SafeNet, Inc.
   token model:   eToken
   token flags:   rng, login required, PIN initialized, token
initialized, other flags=0x200
   serial num  :  00453c8f
Slot 1 (0x300000002):
   (empty)
Slot 2 (0x4):
   (empty)
Slot 3 (0x0): AKS Ifdh 00 00
   token label:   Yulia
   token manuf:   SafeNet, Inc.
   token model:   eToken
   token flags:   rng, login required, PIN initialized, token
initialized, other flags=0x200
   serial num  :  00453c8f
Slot 4 (0x0): AKS Ifdh 00 00
   token label:   Yulia
   token manuf:   SafeNet, Inc.
   token model:   eToken
   token flags:   rng, login required, PIN initialized, token
initialized, other flags=0x200
   serial num  :  00453c8f


How can I use pkcs11-spy ?

About using PKCS15 format: if we can get our app to work using Aladdin
format, then this is preferable for us as our CA is currently using this
format to generate the tokens. However, here are the details you asked:

We are using MacOSX 10.6.5. Java is 64 bits.
OpenSC was installed with the Mac installer.

file opensc-pkcs11.so
     opensc-pkcs11.so: Mach-O universal binary with 2 architectures
     opensc-pkcs11.so (for architecture i386):        Mach-O bundle i386
     opensc-pkcs11.so (for architecture x86_64):        Mach-O 64-bit
bundle x86_64

Thanks for your help
Christophe

On 11/30/2010 06:08 PM, Martin Paljak wrote:

> Hello,
>
> On Nov 30, 2010, at 5:53 PM, Christophe Lemoine wrote:
>
>> Hi,
>>
>> I'm trying to use this token on MacOSX from a java application and
>> struggle with some issues:
>>        - The Aladdin library does not work at all from pkcs11-tool or
>> from a java application (keytool for example). It works fine in Firefox
>
> Can you send the output of pkcs11-tool with the Aladdin library?
> Bonus: could you send the output of Aladdin PKCS#11 module + pkcs11-spy + pkcs11-tool?
>
>
>>        - So I decided to switch to opensc drivers. This time it works
>> fine with pkcs11-tool, but still not from java. When I start keytool, I
>> get the following exception:
>> Caused by: java.io.IOException:
>> dlopen(/Library/OpenSC/lib/opensc-pkcs11.so, 1): no suitable image
>> found.  Did find:
>>          /Library/OpenSC/lib/opensc-pkcs11.so: no matching architecture
>> in universal wrapper/Library/OpenSC/lib/opensc-pkcs11.so
> What version of OS X are you using?
> How did you install OpenSC?  (MacInstaller from wiki?)
> What is the output of "file /Library/OpenSC/lib/opensc-pkcs11.so"?
>
> How do you run your Java application (32 or 64bit mode?)
>
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: eToken Pro 64 - MacOS - Java

Andre Zepezauer
On Wed, 2010-12-01 at 10:14 +0200, Christophe Lemoine wrote:

> Hi,
>
> We have found a "solution": on some Mac, pkcs11-tool is actually showing
> the token on slots 0, 3 and 4. While on some MAC it shows it only on slot 0.
> We were trying on slot 0 and could not access the token data. When using
> slot 4, it works (even if pkcs11-tool shows it only on slot 0). So we
> will need to find a way to identify (from JAVA) on which slot we can
> access the token. As the java application does not just throw an
> exception, but crashes with a Bus error, we cannot just try each slot
> until we get data.....
>
>
> pkcs11-tool --module /usr/local/lib/libeTPkcs11.dylib -L
> Available slots:
> Slot 0 (0x100000000): AKS Ifdh 00 00
>    token label:   Yulia
>    token manuf:   SafeNet, Inc.
>    token model:   eToken
>    token flags:   rng, login required, PIN initialized, token
> initialized, other flags=0x200
>    serial num  :  00453c8f
> Slot 1 (0x300000002):
>    (empty)
> Slot 2 (0x4):
>    (empty)
> Slot 3 (0x0): AKS Ifdh 00 00
>    token label:   Yulia
>    token manuf:   SafeNet, Inc.
>    token model:   eToken
>    token flags:   rng, login required, PIN initialized, token
> initialized, other flags=0x200
>    serial num  :  00453c8f
> Slot 4 (0x0): AKS Ifdh 00 00
>    token label:   Yulia
>    token manuf:   SafeNet, Inc.
>    token model:   eToken
>    token flags:   rng, login required, PIN initialized, token
> initialized, other flags=0x200
>    serial num  :  00453c8f
>
>
> How can I use pkcs11-spy ?

Just configure your application to use pkcs11-spy.so as PKCS#11
provider. Then open a new Terminal and enter on the command-line:

export PKCS11SPY=/usr/local/lib/libeTPkcs11.dylib

Now start your application from the same Terminal.

> About using PKCS15 format: if we can get our app to work using Aladdin
> format, then this is preferable for us as our CA is currently using this
> format to generate the tokens. However, here are the details you asked:
>
> We are using MacOSX 10.6.5. Java is 64 bits.
> OpenSC was installed with the Mac installer.
>
> file opensc-pkcs11.so
>      opensc-pkcs11.so: Mach-O universal binary with 2 architectures
>      opensc-pkcs11.so (for architecture i386):        Mach-O bundle i386
>      opensc-pkcs11.so (for architecture x86_64):        Mach-O 64-bit
> bundle x86_64
>
> Thanks for your help
> Christophe
>
> On 11/30/2010 06:08 PM, Martin Paljak wrote:
> > Hello,
> >
> > On Nov 30, 2010, at 5:53 PM, Christophe Lemoine wrote:
> >
> >> Hi,
> >>
> >> I'm trying to use this token on MacOSX from a java application and
> >> struggle with some issues:
> >>        - The Aladdin library does not work at all from pkcs11-tool or
> >> from a java application (keytool for example). It works fine in Firefox
> >
> > Can you send the output of pkcs11-tool with the Aladdin library?
> > Bonus: could you send the output of Aladdin PKCS#11 module + pkcs11-spy + pkcs11-tool?
> >
> >
> >>        - So I decided to switch to opensc drivers. This time it works
> >> fine with pkcs11-tool, but still not from java. When I start keytool, I
> >> get the following exception:
> >> Caused by: java.io.IOException:
> >> dlopen(/Library/OpenSC/lib/opensc-pkcs11.so, 1): no suitable image
> >> found.  Did find:
> >>          /Library/OpenSC/lib/opensc-pkcs11.so: no matching architecture
> >> in universal wrapper/Library/OpenSC/lib/opensc-pkcs11.so
> > What version of OS X are you using?
> > How did you install OpenSC?  (MacInstaller from wiki?)
> > What is the output of "file /Library/OpenSC/lib/opensc-pkcs11.so"?
> >
> > How do you run your Java application (32 or 64bit mode?)
> >
> _______________________________________________
> opensc-user mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-user

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: eToken Pro 64 - MacOS - Java

lec74
In reply to this post by Martin Paljak-2
Hi,

Here is it. In this case, the token is shown on slots 0, 3 and 4. But it
works only if we access it on slot 4.

*************** OpenSC PKCS#11 spy *****************
Loaded: "/usr/local/lib/libeTPkcs11.dylib"


0: C_GetFunctionList
Returned:  0 CKR_OK


1: C_Initialize
[in] pInitArgs = 0x0
Returned:  0 CKR_OK


2: C_GetSlotList
[in] tokenPresent = 0x0
[out] pSlotList:
Count is 5
[out] *pulCount = 0x5
Returned:  0 CKR_OK


3: C_GetSlotList
[in] tokenPresent = 0x0
[out] pSlotList:
Slot 4294967296
Slot 12884901890
Slot 4
Slot 0
Slot 0
[out] *pulCount = 0x5
Returned:  0 CKR_OK
Available slots:


4: C_GetSlotInfo
[in] slotID = 0x100000000
[out] pInfo:
       slotDescription:        'AKS Ifdh 00 00                  '
                               '                                '
       manufacturerID:         'SafeNet, Inc.                   '
       hardwareVersion:         0.0
       firmwareVersion:         0.0
       flags:                   100000007
         CKF_TOKEN_PRESENT
         CKF_REMOVABLE_DEVICE
         CKF_HW_SLOT
Returned:  0 CKR_OK
Slot 0 (0x100000000): AKS Ifdh 00 00


5: C_GetTokenInfo
[in] slotID = 0x100000000
[out] pInfo:
       label:                  'Yulia                           '
       manufacturerID:         'SafeNet, Inc.                   '
       model:                  'eToken          '
       serialNumber:           '00453c8f        '
       ulMaxSessionCount:       0
       ulSessionCount:          1095216660480
       ulMaxRwSessionCount:     140737488355334
       ulRwSessionCount:        140737488377507
       ulMaxPinLen:             504996911724385955
       ulMinPinLen:             0
       ulTotalPublicMemory:     0
       ulFreePublicMemory:      140735458867160
       ulTotalPrivateMemory:    1
       ulFreePrivateMemory:     140734799803184
       hardwareVersion:         2.0
       firmwareVersion:         0.0
       time:                   '                '
       flags:                   60d
         CKF_RNG
         CKF_LOGIN_REQUIRED
         CKF_USER_PIN_INITIALIZED
         CKF_DUAL_CRYPTO_OPERATIONS
         CKF_TOKEN_INITIALIZED
Returned:  0 CKR_OK
   token label:   Yulia
   token manuf:   SafeNet, Inc.
   token model:   eToken
   token flags:   rng, login required, PIN initialized, token
initialized, other flags=0x200
   serial num  :  00453c8f


6: C_GetSlotInfo
[in] slotID = 0x300000002
[out] pInfo:
       slotDescription:        '                                '
                               '                                '
       manufacturerID:         'SafeNet, Inc.                   '
       hardwareVersion:         0.0
       firmwareVersion:         0.0
       flags:                   6
         CKF_REMOVABLE_DEVICE
         CKF_HW_SLOT
Returned:  0 CKR_OK
Slot 1 (0x300000002):
   (empty)


7: C_GetSlotInfo
[in] slotID = 0x4
[out] pInfo:
       slotDescription:        '                                '
                               '                                '
       manufacturerID:         'SafeNet, Inc.                   '
       hardwareVersion:         0.0
       firmwareVersion:         0.0
       flags:                   200000002
         CKF_REMOVABLE_DEVICE
Returned:  0 CKR_OK
Slot 2 (0x4):
   (empty)


8: C_GetSlotInfo
[in] slotID = 0x0
[out] pInfo:
       slotDescription:        'AKS Ifdh 00 00                  '
                               '                                '
       manufacturerID:         'SafeNet, Inc.                   '
       hardwareVersion:         0.0
       firmwareVersion:         0.0
       flags:                   100000007
         CKF_TOKEN_PRESENT
         CKF_REMOVABLE_DEVICE
         CKF_HW_SLOT
Returned:  0 CKR_OK
Slot 3 (0x0): AKS Ifdh 00 00


9: C_GetTokenInfo
[in] slotID = 0x0
[out] pInfo:
       label:                  'Yulia                           '
       manufacturerID:         'SafeNet, Inc.                   '
       model:                  'eToken          '
       serialNumber:           '00453c8f        '
       ulMaxSessionCount:       0
       ulSessionCount:          1095216660480
       ulMaxRwSessionCount:     140737488355334
       ulRwSessionCount:        140737488377507
       ulMaxPinLen:             504996911724385955
       ulMinPinLen:             0
       ulTotalPublicMemory:     0
       ulFreePublicMemory:      140735458867160
       ulTotalPrivateMemory:    1
       ulFreePrivateMemory:     140734799803184
       hardwareVersion:         2.0
       firmwareVersion:         0.0
       time:                   '                '
       flags:                   60d
         CKF_RNG
         CKF_LOGIN_REQUIRED
         CKF_USER_PIN_INITIALIZED
         CKF_DUAL_CRYPTO_OPERATIONS
         CKF_TOKEN_INITIALIZED
Returned:  0 CKR_OK
   token label:   Yulia
   token manuf:   SafeNet, Inc.
   token model:   eToken
   token flags:   rng, login required, PIN initialized, token
initialized, other flags=0x200
   serial num  :  00453c8f


10: C_GetSlotInfo
[in] slotID = 0x0
[out] pInfo:
       slotDescription:        'AKS Ifdh 00 00                  '
                               '                                '
       manufacturerID:         'SafeNet, Inc.                   '
       hardwareVersion:         0.0
       firmwareVersion:         0.0
       flags:                   100000007
         CKF_TOKEN_PRESENT
         CKF_REMOVABLE_DEVICE
         CKF_HW_SLOT
Returned:  0 CKR_OK
Slot 4 (0x0): AKS Ifdh 00 00


11: C_GetTokenInfo
[in] slotID = 0x0
[out] pInfo:
       label:                  'Yulia                           '
       manufacturerID:         'SafeNet, Inc.                   '
       model:                  'eToken          '
       serialNumber:           '00453c8f        '
       ulMaxSessionCount:       0
       ulSessionCount:          1095216660480
       ulMaxRwSessionCount:     140737488355334
       ulRwSessionCount:        140737488377507
       ulMaxPinLen:             504996911724385955
       ulMinPinLen:             0
       ulTotalPublicMemory:     0
       ulFreePublicMemory:      140735458867160
       ulTotalPrivateMemory:    1
       ulFreePrivateMemory:     140734799803184
       hardwareVersion:         2.0
       firmwareVersion:         0.0
       time:                   '                '
       flags:                   60d
         CKF_RNG
         CKF_LOGIN_REQUIRED
         CKF_USER_PIN_INITIALIZED
         CKF_DUAL_CRYPTO_OPERATIONS
         CKF_TOKEN_INITIALIZED
Returned:  0 CKR_OK
   token label:   Yulia
   token manuf:   SafeNet, Inc.
   token model:   eToken
   token flags:   rng, login required, PIN initialized, token
initialized, other flags=0x200
   serial num  :  00453c8f


12: C_Finalize
Returned:  0 CKR_OK


Thanks for your help
Christophe
On 11/30/2010 06:08 PM, Martin Paljak wrote:

> Hello,
>
> On Nov 30, 2010, at 5:53 PM, Christophe Lemoine wrote:
>
>> Hi,
>>
>> I'm trying to use this token on MacOSX from a java application and
>> struggle with some issues:
>>        - The Aladdin library does not work at all from pkcs11-tool or
>> from a java application (keytool for example). It works fine in Firefox
>
> Can you send the output of pkcs11-tool with the Aladdin library?
> Bonus: could you send the output of Aladdin PKCS#11 module + pkcs11-spy + pkcs11-tool?
>
>
>>        - So I decided to switch to opensc drivers. This time it works
>> fine with pkcs11-tool, but still not from java. When I start keytool, I
>> get the following exception:
>> Caused by: java.io.IOException:
>> dlopen(/Library/OpenSC/lib/opensc-pkcs11.so, 1): no suitable image
>> found.  Did find:
>>          /Library/OpenSC/lib/opensc-pkcs11.so: no matching architecture
>> in universal wrapper/Library/OpenSC/lib/opensc-pkcs11.so
> What version of OS X are you using?
> How did you install OpenSC?  (MacInstaller from wiki?)
> What is the output of "file /Library/OpenSC/lib/opensc-pkcs11.so"?
>
> How do you run your Java application (32 or 64bit mode?)
>
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user