DEVHIDE
Login Or Sign up

CKR_USER_NOT_LOGGED_IN when generating key pair using sunPKCS11 provider

2.5k Views Asked by At

When trying to generate rsa key pair with sun PKCS11 provider, method generateKeyPair() throws ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_USER_NOT_LOGGED_IN

My code looks like this:

Provider prov = ... // initialize provider

KeyStore ks = KeyStore.getInstance("PKCS11", prov);
ks.load(null, "pass".toCharArray());

KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", prov);
keyGen.initialize(2048);
KeyPair kp = keyGen.generateKeyPair();    // exception thrown here

I tried using AuthProvider right after provider initialization like so:

AuthProvider aprov = (AuthProvider) prov;
aprov.login(null, callbacks -> {
    log.error("@@@ Inside callbacks {}", callbacks.length);
});
aprov.setCallbackHandler(callbacks -> {
    log.error("@@@ Inside setCallBackHandler {}", callbacks.length);
});

But I don't see any logging output, so that means lambdas are not executed.

The ultimate goal is to generate RSA key pair and store it in keystore (HSM) via PKCS11.

I tried openjdk 8 and oracle jdk 8. Also when listing aliases from keystore, I get an empty list, but I know there is one entry. Adding -Djava.security.debug=sunpkcs11 changed nothing.

pkcs#11 hsm sunpkcs11
Original Q&A
1

There are 1 best solutions below

0
Drifter On BEST ANSWER

The problem in my case was wrong slot number in provider configuration. The selected slot was labeled as "accelerator" which does not support the creation of "private objects" - from HSM documentation.

After switching to a different slot, key generation and storage into keystore works.

Related Questions in PKCS#11

Related Questions in HSM

Related Questions in SUNPKCS11

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.