Forum Stats

  • 3,828,014 Users
  • 2,260,848 Discussions
  • 7,897,430 Comments

Discussions

PKCS11 token, receiving error CKR_ATTRIBUTE_TYPE_INVALID when executing keystore.getKey()

User_KZASH
User_KZASH Member Posts: 39 Blue Ribbon
edited Mar 6, 2018 6:56AM in Java Programming

Best Answer

Answers

  • handat
    handat Member Posts: 4,688 Gold Crown
    edited Feb 18, 2018 8:40PM

    The error is generated in the native dll code and the Java wrapper is just propagating the error back. You need to use some tools like https://github.com/Pkcs11Interop/pkcs11-logger  to be able to troubleshoot the source of your problem. My guess would be that one of your keys does not have an ID associated with it since I've seen that happening before, but you will need to get more details using some PKCS11 logger tools to find what the cause of your issue is.

    User_KZASH
  • User_KZASH
    User_KZASH Member Posts: 39 Blue Ribbon
    edited Feb 19, 2018 2:06AM

    Thank you, I installed pkcs11 loggier and I found out that the problem is at the attribute CKA_MODULUS.

    But I have no ideea what to do next. Can I fix this?

    This is the end of the log file:

    0x00001940 : 0x000018ac : ****************************** 2018-02-19 08:53:54 ***0x00001940 : 0x000018ac : Calling C_GetAttributeValue0x00001940 : 0x000018ac : Input0x00001940 : 0x000018ac :  hSession: 3594684000x00001940 : 0x000018ac :  hObject: 3594690480x00001940 : 0x000018ac :  pTemplate: 1505A5480x00001940 : 0x000018ac :  ulCount: 10x00001940 : 0x000018ac :   *** Begin attribute template ***0x00001940 : 0x000018ac :   Attribute 00x00001940 : 0x000018ac :    Attribute: 288 (CKA_MODULUS)0x00001940 : 0x000018ac :    pValue: 000000000x00001940 : 0x000018ac :    ulValueLen: 00x00001940 : 0x000018ac :   *** End attribute template ***0x00001940 : 0x000018ac : Output0x00001940 : 0x000018ac :  pTemplate: 1505A5480x00001940 : 0x000018ac :  ulCount: 10x00001940 : 0x000018ac :   *** Begin attribute template ***0x00001940 : 0x000018ac :   Attribute 00x00001940 : 0x000018ac :    Attribute: 288 (CKA_MODULUS)0x00001940 : 0x000018ac :    pValue: 000000000x00001940 : 0x000018ac :    ulValueLen: 42949672950x00001940 : 0x000018ac :   *** End attribute template ***0x00001940 : 0x000018ac : Returning 18 (CKR_ATTRIBUTE_TYPE_INVALID)
  • handat
    handat Member Posts: 4,688 Gold Crown
    edited Feb 19, 2018 2:51AM

    What type of key is it? Is it a RSA key or some other type of key? I think if I remember correctly,  CKA_MODULUS is mandatory for RSA key. Maybe you try it with another type of key and see how it responds?

    User_KZASH
  • User_KZASH
    User_KZASH Member Posts: 39 Blue Ribbon
    edited Feb 19, 2018 3:36AM

    Key is a RSA, 2048bits. This key is not written by me, this certificate is brought from a certificate authority and delivered directly on this token.

    Here is the full output of the pkcs11 logger: http://cc123.caido.ro/pkcs11.txt

    I generated a new test certificate with private and public keys RSA 2048  and I imported it on the USB token.

    Now when I run the application I receive CKR_ATTRIBUTE_TYPE_INVALID on another line: "keystorePkcs11.load(null, pass);"

    The attribute that generates this error is now CKA_ID. Does this means that my new generated certificate has something missing(I made a mistake when I generated it)?

    0x00000fc8 : 0x00000ffc : ****************************** 2018-02-19 10:23:56 ***0x00000fc8 : 0x00000ffc : Calling C_GetAttributeValue0x00000fc8 : 0x00000ffc : Input0x00000fc8 : 0x00000ffc :  hSession: 3596650080x00000fc8 : 0x00000ffc :  hObject: 3614019040x00000fc8 : 0x00000ffc :  pTemplate: 151E19000x00000fc8 : 0x00000ffc :  ulCount: 10x00000fc8 : 0x00000ffc :   *** Begin attribute template ***0x00000fc8 : 0x00000ffc :   Attribute 00x00000fc8 : 0x00000ffc :    Attribute: 258 (CKA_ID)0x00000fc8 : 0x00000ffc :    pValue: 000000000x00000fc8 : 0x00000ffc :    ulValueLen: 00x00000fc8 : 0x00000ffc :   *** End attribute template ***0x00000fc8 : 0x00000ffc : Output0x00000fc8 : 0x00000ffc :  pTemplate: 151E19000x00000fc8 : 0x00000ffc :  ulCount: 10x00000fc8 : 0x00000ffc :   *** Begin attribute template ***0x00000fc8 : 0x00000ffc :   Attribute 00x00000fc8 : 0x00000ffc :    Attribute: 258 (CKA_ID)0x00000fc8 : 0x00000ffc :    pValue: 000000000x00000fc8 : 0x00000ffc :    ulValueLen: 42949672950x00000fc8 : 0x00000ffc :   *** End attribute template ***0x00000fc8 : 0x00000ffc : Returning 18 (CKR_ATTRIBUTE_TYPE_INVALID)

  • User_KZASH
    User_KZASH Member Posts: 39 Blue Ribbon
    edited Feb 19, 2018 4:02AM

    I fixed the CKA_ID error, now I receive the same error on the test certificate(the error that is coused by the CKA_MODULUS attribute).

    When I imported my test certificate there were also auto imoprted another 2 certificates for the authority and intermediate authority. These 2 had no CKA_ID. I deleted them from the certificate and CKA_ID attribute was no longer a problem..

    Could I write on the USB token the CKA_MODULUS attribute to fix the problem?

  • User_KZASH
    User_KZASH Member Posts: 39 Blue Ribbon
    edited Feb 21, 2018 4:09AM

    I used OpenSC and using this application I can successfully crypt and decrypt using vendors DLL.

    So the solution sould be in Java as long as this DLL(cryptoide_pkcs11.dll) is working fine with openSC.

    Maybe there is a solution in the vendor DLL but I don't have acces to this source code.

  • User_KZASH
    User_KZASH Member Posts: 39 Blue Ribbon
    edited Mar 6, 2018 6:56AM Answer ✓

    Longmai(the token vendor) provided new DLL and problem is solved

This discussion has been closed.