violette
commented
6 years ago Ok, we found out. The provider was not correctly loaded within our API. Thanks.
Closed violette closed 6 years ago
violette
commented
6 years ago Ok, we found out. The provider was not correctly loaded within our API. Thanks.
violette
commented
6 years ago Not an issue
garashis
commented
2 years ago How did you configured provider? I am facing similar issue while CEK decrying with Cloud KMS GCP?
violette
commented
2 years ago @garashis I think your are looking for this:
Enable PKCS11 in java providers: Edit java.security in $JAVA/jre/lib/security (See https://docs.oracle.com/javase/8/docs/technotes/guides/security/p11guide.html 2.2 Configuration) - add a PKCS11 provider or https://docs.oracle.com/en/java/javase/11/security/pkcs11-reference-guide1.html#GUID-C4ABFACB-B2C9-4E71-A313-79F881488BB9 (to adapt to your JDK version)
garashis
commented
2 years ago Thanks for your reply
I am trying to consume Google Cloud KMS key for encryption and decryption purpose. For that I have followed the guide https://github.com/GoogleCloudPlatform/kms-integrations/blob/master/kmsp11/docs/user_guide.md
I am using nimbus-jose-jwt for create JWE and then decrypt it. But I am getting sun.security.pkcs11.wrapper.PKCS11Exception: CKR_MECHANISM_INVALID
Following if condition is failing in c# program of so library created by Google if (parameters_size != sizeof(CK_RSA_PKCS_OAEP_PARAMS)) { return InvalidMechanismParamError( "mechanism parameters must be of type CK_RSA_PKCS_OAEP_PARAMS", SOURCE_LOCATION); } https://github.com/GoogleCloudPlatform/kms-integrations/blob/master/kmsp11/operation/rsaes_oaep.cc
Not sure what I am missing My Cipher is Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding"); cipher.init(2, privateKey);
Hello!
I'm trying to use SoftHSM to signing a JWT but i'm stuck with that error:
I installed soft-hsm 2.5 and initialized the token successfully. I'm working with java "1.8.0_181" I created the config file:
added a new provider in my
java.securityfile: security.provider.1=sun.security.pkcs11.SunPKCS11 /home/vio/Desktop/SecretsService/hsm/hsm.cfgI generated a keypair/certificate with keytool:
When I start my application, the KeyStore is successfully instantiated and the key is part of the aliases.
The issue happens where I try to load the page which signs the JWT. It's like the PKCS11 provider(SunPKCS11-SoftHSM) is here but does not recognize/support the PKCS11 key(Key :SunPKCS11-SoftHSM RSA private key, 2048 bits (id 4, token object, not sensitive, unextractable))...
Also, when I try
pkcs11-tool --module=/usr/local/lib/softhsm/libsofthsm2.so -show-info --list-token-slots --list-mechanisms:Someone could help me with that one? Many thanks :)