1 Reply Latest reply: Jul 30, 2012 9:00 AM by 950902 RSS

    hard token issue, pkcs11 to pkcs12

    950902
      I'm having trouble issuing certificate to a hard token, What I have is a PKCS12 keystore I have created and want to move it to a hardtoken as a PKCS11.

      I can successfully generate keys and certificate and save them in a p12 keystore and can import the p12 file to hardtoken using admin console of this device. But when I try to do the final step programatically I have different result.

      Imported p12 file using admin tool what I have in device is
      -Serial number
      -Signature and key exchange usage
      Certificate
      Private Key
      Public key

      All steps programatically what I have is
      -Serial number
      -Signing &encryption
      Certificate
      Private Key

      and the final result is that end user can't use the device for signing. I'm using SunPKCS11.

      KeyStore.PrivateKeyEntry priEntry = new KeyStore.PrivateKeyEntry(keys.getPrivate(), certificateArray);
      KeyStore.PasswordProtection password = new KeyStore.PasswordProtection(pass.toCharArray());
      store.setEntry("Entry", priEntry, password);

      Strange thing is that when I use the following command output is the very same
      keytool -keystore NONE -storetype pkcs11 -list

      Is it possible that PKCS11 attributes make such difference? I've gone through them and tested what I thought may make a difference but found nothing.