1 2 Previous Next 16 Replies Latest reply: Oct 8, 2011 5:12 PM by Arshad Noor Go to original post RSS
      • 15. Re: java.security.InvalidKeyException: Unsupported key type: SunPKCS11-MyPKCS11
        881648
        I spoke with CAC issueing center. Since, I can access my AKO emails without any issue using CAC, their conclusion is nothing is wrong with the CAC.

        I want to check to see whether I would be able figure java.security file so that my application uses Windows Key store instead of Java Key Store. The following are the contents of my java.security file
        =======================================================
        security.provider.1=sun.security.provider.Sun
        security.provider.2=sun.security.rsa.SunRsaSign
        security.provider.3=sun.security.ec.SunEC
        security.provider.4=com.sun.net.ssl.internal.ssl.Provider
        security.provider.5=com.sun.crypto.provider.SunJCE
        security.provider.6=sun.security.jgss.SunProvider
        security.provider.7=com.sun.security.sasl.Provider
        security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
        security.provider.9=sun.security.smartcardio.SunPCSC
        security.provider.10=sun.security.mscapi.SunMSCAPI
        security.provider.11=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/pkcs11.cfg
        ========================================================

        At run time I am passing the following VM arguments
        -Djavax.net.ssl.keyStore=NONE
        -Djavax.net.ssl.keyStoreType=PKCS11
        -Djavax.net.debug=all

        What do I have to do if my application has to use Windows Key store?. I understand that sun.security.mscapi.SunMSCAPI is the one which provides
        services to access Windows Key store.



        Thanks,
        Soma.
        • 16. Re: java.security.InvalidKeyException: Unsupported key type: SunPKCS11-MyPKCS11
          Arshad Noor
          It has been a while since I looked at this thread.

          If I recall correctly, your .NET program works properly with the CAC and the CAPI DLLs supplied by ActivCard. However, a Java SOAP client fails to communicate with the CAC using PKCS11 libraries. Yet, Firefox works properly with the same card using the ActivCard P11 DLL.

          Have you talked to ActivCard for support on this issue? Seems to me, they should be responsible for helping you get past this problem since its their library that's interacting with the card directly.

          Post your ${java.home}/lib/security/pkcs11.cfg file here so we can see what's defined in there.

          Arshad Noor
          StrongAuth, Inc.
          1 2 Previous Next