Creating token key entry with SunPKCS11
Hi:
I have a problem creating a key entry in a smart card using PKCS11. I use a PKCS12 file as my input which is correctly loaded, I can parse the certificate chain. Then I try to load the key onto the card, but this fails in the C_CreateObject native method:
java.security.KeyStoreException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DEVICE_MEMORY
at sun.security.pkcs11.P11KeyStore.engineSetEntry(P11KeyStore.java:1104)
at java.security.KeyStore.setEntry(Unknown Source)
at com.safelayer.certmgr.Pkcs12Import.main(Pkcs12Import.java:88)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DEVICE_MEMORY
at sun.security.pkcs11.wrapper.PKCS11.C_CreateObject(Native Method)
at sun.security.pkcs11.P11KeyStore.storePkey(P11KeyStore.java:1873)
at sun.security.pkcs11.P11KeyStore.engineSetEntry(P11KeyStore.java:1100)
... 2 more
It appears that I have correctly registered the provider and got the key store, but some permission is missing to create the object. I tried to add
attributes(*,*,*) ={ CKA_TRUSTED =true}
to the configuration, but no luck. How do I configure the provider such that I can manage certificates on the card?
Thanks, Erik
