This discussion is archived
1 Reply Latest reply: Dec 11, 2012 2:17 AM by 979199 RSS

Unable to establish SSL connection using Java PKCS11

968407 Newbie
Currently Being Moderated
I am currently trying to establish SSL connectivity using eToken via PKCS11.
The PKCS11 provider is setup and I can read the 3 stored certificates as a key Store Object.
But I am getting the following exception while trying to establish SSL connectivity.
I am using JDK 6.0(java version "1.6.0_31-rev).

at Source)
Caused by: Unsupported key type: SunPKCS11-aladdin-0 RSA private key, 2048 bits (id 147980297, token object, sensitive, unextractable)
at javax.crypto.Cipher.b(DashoA13*..)
at javax.crypto.Cipher.a(DashoA13*..)

KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
KeyStore keyStore = getClientKeyStore(); //read Smart Card Token to get the Certificate
kmf.init(keyStore, "mycardPin".toCharArray()); //#### hard coded the i/p parms

TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
KeyStore trustStore = KeyStore.getInstance("JKS");
trustStore.load(new FileInputStream("C:\\Users\\usr1\\Desktop\\Certifi cates\\mycertca.jks"), "mycardPin".toCharArray());

SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
factory = sslContext.getSocketFactory();
sslClient = (SSLSocket) factory.createSocket(host, port);
sslClient.startHandshake(); //<--- code is breaking here with the above exception

I am struggling like anything for the last 4 days to get rid of this issue. Please let me know is there any work-around to fix this issue.
I really appreciate your help.
  • 1. Re: Unable to establish SSL connection using Java PKCS11
    979199 Newbie
    Currently Being Moderated
    have You found the solution. I have similar problem but now it is not repeatable. I'm not sure what was the reason (this InvalidKeyException apeared only once). I'm using JDK7 (java version 1.7.0_09-b05).

    Caused by: Unsupported key type: SunPKCS11-GemSafe RSA private key, 1024 bits (id 2, token object, sensitive, unextractable)
         at javax.crypto.Cipher.passCryptoPermCheck(
         at javax.crypto.Cipher.checkCryptoPerm(
         at javax.crypto.Cipher.init(
         at$CipherAdapter.engineInitSign(Unknown Source)
         at$Delegate.init(Unknown Source)
         at$Delegate.chooseProvider(Unknown Source)
         at$Delegate.engineInitSign(Unknown Source)
         at Source)
         at Source)
         at$Delegate.engineInitSign(Unknown Source)
         at Source)
         at$CertificateVerify.<init>(Unknown Source)
         ... 53 more


  • Correct Answers - 10 points
  • Helpful Answers - 5 points