I'm having trouble issuing certificate to a hard token, What I have is a PKCS12 keystore I have created and want to move it to a hardtoken as a PKCS11.
I can successfully generate keys and certificate and save them in a p12 keystore and can import the p12 file to hardtoken using admin console of this device. But when I try to do the final step programatically I have different result.
Imported p12 file using admin tool what I have in device is
-Signature and key exchange usage
All steps programatically what I have is
and the final result is that end user can't use the device for signing. I'm using SunPKCS11.
KeyStore.PrivateKeyEntry priEntry = new KeyStore.PrivateKeyEntry(keys.getPrivate(), certificateArray);
KeyStore.PasswordProtection password = new KeyStore.PasswordProtection(pass.toCharArray());
store.setEntry("Entry", priEntry, password);
Strange thing is that when I use the following command output is the very same
keytool -keystore NONE -storetype pkcs11 -list
Is it possible that PKCS11 attributes make such difference? I've gone through them and tested what I thought may make a difference but found nothing.