This discussion is archived
1 2 Previous Next 16 Replies Latest reply: Oct 8, 2011 3:12 PM by 802607 Go to original post RSS
  • 15. Re: java.security.InvalidKeyException: Unsupported key type: SunPKCS11-MyPKCS11
    881648 Newbie
    Currently Being Moderated
    I spoke with CAC issueing center. Since, I can access my AKO emails without any issue using CAC, their conclusion is nothing is wrong with the CAC.

    I want to check to see whether I would be able figure java.security file so that my application uses Windows Key store instead of Java Key Store. The following are the contents of my java.security file
    =======================================================
    security.provider.1=sun.security.provider.Sun
    security.provider.2=sun.security.rsa.SunRsaSign
    security.provider.3=sun.security.ec.SunEC
    security.provider.4=com.sun.net.ssl.internal.ssl.Provider
    security.provider.5=com.sun.crypto.provider.SunJCE
    security.provider.6=sun.security.jgss.SunProvider
    security.provider.7=com.sun.security.sasl.Provider
    security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
    security.provider.9=sun.security.smartcardio.SunPCSC
    security.provider.10=sun.security.mscapi.SunMSCAPI
    security.provider.11=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/pkcs11.cfg
    ========================================================

    At run time I am passing the following VM arguments
    -Djavax.net.ssl.keyStore=NONE
    -Djavax.net.ssl.keyStoreType=PKCS11
    -Djavax.net.debug=all

    What do I have to do if my application has to use Windows Key store?. I understand that sun.security.mscapi.SunMSCAPI is the one which provides
    services to access Windows Key store.



    Thanks,
    Soma.
  • 16. Re: java.security.InvalidKeyException: Unsupported key type: SunPKCS11-MyPKCS11
    802607 Explorer
    Currently Being Moderated
    It has been a while since I looked at this thread.

    If I recall correctly, your .NET program works properly with the CAC and the CAPI DLLs supplied by ActivCard. However, a Java SOAP client fails to communicate with the CAC using PKCS11 libraries. Yet, Firefox works properly with the same card using the ActivCard P11 DLL.

    Have you talked to ActivCard for support on this issue? Seems to me, they should be responsible for helping you get past this problem since its their library that's interacting with the card directly.

    Post your ${java.home}/lib/security/pkcs11.cfg file here so we can see what's defined in there.

    Arshad Noor
    StrongAuth, Inc.
1 2 Previous Next

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points