xipki / pkcs11wrapper Goto Github PK
View Code? Open in Web Editor NEWThis project forked from mikma/pkcs11wrapper
PKCS#11 Wrapper for Java. Deprecated. Please use xipki/ipkcs11wrapper (preferred) or xipki/jpkcs11wrapper instead.
License: Other
This project forked from mikma/pkcs11wrapper
PKCS#11 Wrapper for Java. Deprecated. Please use xipki/ipkcs11wrapper (preferred) or xipki/jpkcs11wrapper instead.
License: Other
Unable to load PKCS11Library.dll
Getting below error when try to load library.
java11_error.txt
Thank you!
Hi Xipki, i would like to use a private key in my HSM Safenet into an SSL Connection, i saw that should use
Provider p = new SunPKCS11("/home/test/pkcs11.cfg")
should i use libcryptoki.so of Safenet or could also use pkcs11wrapper ? I haven't found some examples.
Could you help me ?
Hi,
i trying to use CKM_RSA_PKCS_OAEP to decrypt using an RSA private key. I using this parameters:
Mechanism mech = new Mechanism(PKCS11Constants.CKM_RSA_PKCS_OAEP);
RSAPkcsOaepParameters params = new RSAPkcsOaepParameters(
PKCS11Constants.CKM_SHA_1,
PKCS11Constants.CKG_MGF1_SHA1,
PKCS11Constants.CKZ_SALT_SPECIFIED,
null);
mech.setParameters(params);
but when i try to
session.decryptInit(mech, keyToUse);
i receive always
Unsupported Parameters iaik.pkcs.pkcs11.parameters.RSAPkcsOaepParameters
i tested feature using the same parameters with a .Net PKCS11Interop and it work only using
Net.Pkcs11Interop.HighLevelAPI80.MechanismParams.CkRsaPkcsOaepParams
could you help me ?
Hi Xipki,
i trying to pass CKA_VALUE for a CKK_DES2 test key but i receive always:
Unsupported attribute 0x11 for iaik.pkcs.pkcs11.objects.SecretKey.
I use:
byte[] keyValue = new byte[] { ... };
SecretKey key_template = SecretKey();
((SecretKey) key_template).getLabel().setValue("TESTKEY-LABEL".toCharArray());
key_template.putAttribute(PKCS11Constants.CKA_TOKEN, true);
key_template.putAttribute(PKCS11Constants.CKA_KEY_TYPE, PKCS11Constants.CKK_DES2);
...
key_template.putAttribute(PKCS11Constants.CKA_VALUE, keyValue);
((Session) session).createObject(key_template);
Could you help me ?
When performing any PKCS11 cryptographic operation using Java 11
, I'm getting similar warnings in the console: (example is for GCM encryption)
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by iaik.pkcs.pkcs11.parameters.GCMParameters (file:/C:/Users/{user}/.m2/repository/org/xipki/iaik/sunpkcs11-wrapper/1.4.7/sunpkcs11-wrapper-1.4.7.jar) to constructor sun.security.pkcs11.wrapper.CK_GCM_PARAMS(int,byte[],byte[])
WARNING: Please consider reporting this to the maintainers of iaik.pkcs.pkcs11.parameters.GCMParameters
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
The operation is nevertheless successful, but from the message it looks like it might eventually stop working for newer versions of Java.
Java version: openjdk 11.0.10 2021-01-19
Hi Xipki, i would like to implement a right pattern in case of restart hsm necessary.
I saw that, after i restarted hsm, i received this error on next use
Unknwon mechanism with code: 0x0000000080000384
Which should be a right pattern ?
Hi Xipki,
i trying to generate signature using mechanism PKCS11Constants.CKM_SHA256_RSA_PKCS_PSS and params:
iaik.pkcs.pkcs11.parameters.Parameters mechParams = new RSAPkcsPssParameters(Mechanism.get(PKCS11Constants.CKM_SHA256),
PKCS11Constants.CKG_MGF1_SHA256, new SHA256Digest().getDigestSize());
but i receive always CKR_MECHANISM_INVALID
i saw also that RSAPkcsPssParameters was deprecated but i doesn't found any new pattern.
Could you help me ?
While
pkcs11wrapper/dev/resources/pkcs11t.h
Line 2124 in 5ebda78
Hi Xipki,
i tring to generate an AES CMAC using a 128 bit key but i receive a 64 bit MAC instead 128 bit. I saw that
...References [NIST SP800-38B] and [RFC 4493] recommend that the output MAC is not truncated to less
than 64 bits. The MAC length must be specified before the communication starts, and must not be
changed during the lifetime of the key...
i use a simple code to generate mac but i don't konw how specify MAC length, seems that CKM_AES_CMAC have not parameter
Mechanism mech = new Mechanism(PKCS11Constants.CKM_AES_CMAC);
((Session) session).signInit(mech, (Key) key);
byte[] signedData = ((Session) session).sign(data);
could you help me ?
2021-09-29 update: seems that could be an HSM bug, SafeNet ProtectServer appliance. I opened a case on Thales Customer Support system. I will keep the post updated.
public static String mechanismCodeToString(long mechCode) {
initMechanismMap();
String name = mechCodeNamesAvailable ? mechNames.get(mechCode) : null;
if (name == null) {
name = "Unknwon mechanism with code: 0x" + toFullHex(mechCode);
}
return name;
}
i'm try to cast the keypair generated from the library to java keypair but it throws error casting, because i need to generate csr with the generated keypair from this library
Hello,
Currently I work on a cryptography project where we implement all communication with HSM using sunPKCS11, however in the most current versions of Java the sunPKCS11 package is no longer directly accessible, and being encapsulated in a provider, something that limits a lot of our work, especially the use of DES2 keys among other functions.
This project also directly accesses the sunPKCS11 classes (ex. import sun.security.pkcs11.wrapper.PKCS11). I would like to know if you already have any idea how this will be solved using Java version 11 for example.
All the best, thank you.
https://github.com/xipki/pkcs11wrapper/blob/sunpkcs11/src/java/src/iaik/pkcs/pkcs11/Token.java#L451 is commented out for some reason.
Could you please provide background for its removal or fix it?
Hi xipki,
i trying to use your wrapper instead mikma but i saw that some objects are missing:
iaik.pkcs.pkcs11.objects.AESSecretKey
iaik.pkcs.pkcs11.objects.ECDSAPrivateKey
iaik.pkcs.pkcs11.objects.ECDSAPublicKey
iaik.pkcs.pkcs11.objects.Object
iaik.pkcs.pkcs11.parameters.Parameters
iaik.pkcs.pkcs11.wrapper.PKCS11Constants
iaik.pkcs.pkcs11.wrapper.Functions
and some methods:
Token.closeAllSessions()
Session.destroyObject(PKCS11Object)
have you planning a roadmap for porting ?
regards
Armando
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.