open-eid / digidoc4j

DigiDoc for Java. Javadoc:
http://open-eid.github.io/digidoc4j
GNU Lesser General Public License v2.1
73 stars 39 forks source link

Unable to load PKCS11 token #85

Closed lucat94 closed 3 years ago

lucat94 commented 3 years ago

I'm trying to sign an xml file with xades with digidoc4j-cli. I followed all the steps for pkcs11-tool, when i try to run the command:

java -jar digidoc4j-util.jar -xades -digFile file.xml base64_encoded_sha256_digest text/xml -pkcs11 /path/to/opensc-pkcs11.so pin 0 -sigOutputPath file_signed.xml

i get the following error in console:

04.11.2020 10:54:35.511 ERROR [main] [org.digidoc4j.main.DigiDoc4J.main:57] - Utility error (please apply DEBUG level for stacktrace): Unable to load PKCS11 token: [/path/to/opensc-pkcs11.so pin 0]
Unable to load PKCS11 token: [/path/to/opensc-pkcs11.so pin 0]%

someone knows what could be the problem?

naare commented 3 years ago

Typically there is two problems in case of that error:

  1. The driver you are trying to use is not suitable for given token
  2. The token is not in the specified slot, in your case slot 0
lucat94 commented 3 years ago

@naare Thank you for the answer, you were right, I changed the driver and now digidoc4j-cli starts the operations but I get another error:

04.11.2020 16:30:10.155 ERROR [main] [o.d.signers.PKCS11SignatureToken.signRSA:199] - Failed to sign with PKCS#11: Supplied key (sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
04.11.2020 16:30:10.157 WARN  [main] [o.d.DetachedXadesSignatureBuilder.invokeSigningProcess:286] - PROBLEM with signing: 3C64733A5369676E6564 -> null
04.11.2020 16:30:10.157 ERROR [main] [org.digidoc4j.main.DigiDoc4J.main:57] - Utility error (please apply DEBUG level for stacktrace): Signature is not initialized

am I missing something in the documentation?

naare commented 3 years ago

The error suggests that there is something wrong with the key you are trying to sign. Typically tokens have several keys/certificates for different purposes on different slots. Currently it seems that DD4J recognizes the encryptionAlgo from key as RSA but later is not able to use it as RSA instance. I suggest to take a look on the the token with some other tooL and make sure you are using correct slot for signing. More info is needed on the token to assist you further.

naare commented 3 years ago

Closing this as no further feedback is given.