1 Reply Latest reply: Dec 11, 2012 4:17 AM by 979199 RSS

    Unable to establish SSL connection using Java PKCS11

    968407
      I am currently trying to establish SSL connectivity using eToken via PKCS11.
      The PKCS11 provider is setup and I can read the 3 stored certificates as a key Store Object.
      But I am getting the following exception while trying to establish SSL connectivity.
      I am using JDK 6.0(java version "1.6.0_31-rev).

      at java.lang.Thread.run(Unknown Source)
      Caused by: java.security.InvalidKeyException: Unsupported key type: SunPKCS11-aladdin-0 RSA private key, 2048 bits (id 147980297, token object, sensitive, unextractable)
      at sun.security.mscapi.RSACipher.engineGetKeySize(RSA Cipher.java:384)
      at javax.crypto.Cipher.b(DashoA13*..)
      at javax.crypto.Cipher.a(DashoA13*..)

      Code:
      -----
      KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
      KeyStore keyStore = getClientKeyStore(); //read Smart Card Token to get the Certificate
      kmf.init(keyStore, "mycardPin".toCharArray()); //#### hard coded the i/p parms


      TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
      KeyStore trustStore = KeyStore.getInstance("JKS");
      trustStore.load(new FileInputStream("C:\\Users\\usr1\\Desktop\\Certifi cates\\mycertca.jks"), "mycardPin".toCharArray());
      tmf.init(trustStore);

      SSLContext sslContext = SSLContext.getInstance("TLS");
      sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
      factory = sslContext.getSocketFactory();
      sslClient = (SSLSocket) factory.createSocket(host, port);
      sslClient.startHandshake(); //<--- code is breaking here with the above exception

      I am struggling like anything for the last 4 days to get rid of this issue. Please let me know is there any work-around to fix this issue.
      I really appreciate your help.
        • 1. Re: Unable to establish SSL connection using Java PKCS11
          979199
          Hi,
          have You found the solution. I have similar problem but now it is not repeatable. I'm not sure what was the reason (this InvalidKeyException apeared only once). I'm using JDK7 (java version 1.7.0_09-b05).

          Caused by: java.security.InvalidKeyException: Unsupported key type: SunPKCS11-GemSafe RSA private key, 1024 bits (id 2, token object, sensitive, unextractable)
               at sun.security.mscapi.RSACipher.engineGetKeySize(RSACipher.java:404)
               at javax.crypto.Cipher.passCryptoPermCheck(Cipher.java:1052)
               at javax.crypto.Cipher.checkCryptoPerm(Cipher.java:1010)
               at javax.crypto.Cipher.init(Cipher.java:1209)
               at java.security.Signature$CipherAdapter.engineInitSign(Unknown Source)
               at java.security.Signature$Delegate.init(Unknown Source)
               at java.security.Signature$Delegate.chooseProvider(Unknown Source)
               at java.security.Signature$Delegate.engineInitSign(Unknown Source)
               at java.security.Signature.initSign(Unknown Source)
               at sun.security.ssl.RSASignature.engineInitSign(Unknown Source)
               at java.security.Signature$Delegate.engineInitSign(Unknown Source)
               at java.security.Signature.initSign(Unknown Source)
               at sun.security.ssl.HandshakeMessage$CertificateVerify.<init>(Unknown Source)
               ... 53 more