Closed bse-sja closed 2 years ago
Thank you for reporting this, what version of Java did you use?
java version "1.8.0_331" Java(TM) SE Runtime Environment (build 1.8.0_331-b09) Java HotSpot(TM) Client VM (build 25.331-b09, mixed mode, sharing)
I've pushed a fix, could you give it a try please?
Now I get the following error:
C:\Users\sadams\Dropbox\jsign>java -jar ./jsign-4.1-SNAPSHOT.jar --storetype YUBIKEY test.exe
jsign: Couldn't sign test.exe
java.security.ProviderException: Failed to create a SunPKCS11 provider from the configuration --name=yubikey
library = "C:\\Program Files (x86)\\Yubico\\Yubico PIV Tool\\bin\\libykcs11.dll"
at net.jsign.ProviderUtils.createSunPKCS11Provider(ProviderUtils.java:52)
at net.jsign.YubiKey.getProvider(YubiKey.java:40)
at net.jsign.SignerHelper.build(SignerHelper.java:325)
at net.jsign.SignerHelper.sign(SignerHelper.java:518)
at net.jsign.JsignCLI.execute(JsignCLI.java:117)
at net.jsign.JsignCLI.main(JsignCLI.java:40)
Caused by: java.lang.reflect.InvocationTargetException
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
at java.lang.reflect.Constructor.newInstance(Unknown Source)
at net.jsign.ProviderUtils.createSunPKCS11Provider(ProviderUtils.java:49)
... 5 more
Caused by: java.security.ProviderException: Initialization failed
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:377)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:104)
... 10 more
Caused by: java.io.IOException: The specified module could not be found.
C:\Program Files (x86)\Yubico\Yubico PIV Tool\bin\libykcs11.dll
at sun.security.pkcs11.wrapper.PKCS11.connect(Native Method)
at sun.security.pkcs11.wrapper.PKCS11.<init>(PKCS11.java:144)
at sun.security.pkcs11.wrapper.PKCS11.getInstance(PKCS11.java:157)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:314)
... 11 more
Try `java -jar jsign.jar --help' for more information.
DLL is there and piv-tool is working.
dir "c:\Program Files (x86)\Yubico\Yubico PIV Tool\bin\libykcs11.dll"
Directory of c:\Program Files (x86)\Yubico\Yubico PIV Tool\bin
02/23/2022 10:30 AM 156,568 libykcs11.dll
1 File(s) 156,568 bytes
0 Dir(s) 389,148,426,240 bytes free
C:\Users\sadams\Dropbox\jsign>yubico-piv-tool -a status
Version: 5.4.3
Serial Number: 174........
.....
Did you add C:\Program Files (x86)\Yubico\Yubico PIV Tool\bin
to your PATH?
Ok. Fixed PATH and now I get:
java -jar ./jsign-4.1-SNAPSHOT.jar --storetype YUBIKEY test.exe
jsign: Failed to load the keystore null
java.security.KeyStoreException: keystore type 'PKCS11' is not supported
at net.jsign.KeyStoreUtils.load(KeyStoreUtils.java:77)
at net.jsign.SignerHelper.build(SignerHelper.java:352)
at net.jsign.SignerHelper.sign(SignerHelper.java:518)
at net.jsign.JsignCLI.execute(JsignCLI.java:117)
at net.jsign.JsignCLI.main(JsignCLI.java:40)
Caused by: java.security.KeyStoreException: PKCS11 not found
at java.security.KeyStore.getInstance(Unknown Source)
at net.jsign.KeyStoreUtils.load(KeyStoreUtils.java:72)
... 4 more
Caused by: java.security.NoSuchAlgorithmException: no such algorithm: PKCS11 for provider SunPKCS11-yubikey
at sun.security.jca.GetInstance.getService(Unknown Source)
at sun.security.jca.GetInstance.getInstance(Unknown Source)
at java.security.Security.getImpl(Unknown Source)
... 6 more
Try `java -jar jsign.jar --help' for more information.
I've got this error as well but I wasn't sure if this was specific to my environment.
The workaround is to create a SunPKCS11 configuration file, for example yubikey.conf
, with:
name=yubikey
library = "C:\Program Files (x86)\Yubico\Yubico PIV Tool\bin\libykcs11.dll"
slotListIndex = 2
and then use the parameters --storetype PKCS11 --keystore=yubikey.conf
I'd be interested to know if the value 2 for slotListIndex
works for you.
I'm not sure to understand why this is required, I'm pretty sure it worked before without this.
I've pushed another change to set the slot automatically, could you try again with --storetype YUBIKEY
please?
Works for me now with the following command: java -jar ./jsign-4.1-SNAPSHOT.jar --alias "X.509 Certificate for PIV Authentication" --storetype YUBIKEY --storepass xxxxxx test.exe Thanks!
Great! Thank you for the feedback
Have jsign 4.1-Snapshot working with yubikey under linux.
But I get the following failure under windows (yubikey PIV tools are installed):