SunPKCS11 Provider anomalous behavior
Hi,
I抦 testing a smart card, and it抯 manufacture
PKCS#11 implementation through the Sun PKCS11
Provider. The smart card contains some X.509 certificates and the associated private keys.
I access the certificates and private keys through the
key store, but when using it to cipher I get an
unexpected behavior. When I try to cipher with the
private key the provider calls the C_SignInit family of
functions (PKCS#11 C API) and when I try to cipher
with the public key, the correct C function is called but
it returns CKR_KEY_TYPE_INCONSISTENT.
Where is the code:
Provider pkcs11Prov =new SunPKCS11(configName);
Security.addProvider(pkcs11Prov);
KeyStore keyStore = KeyStore.getInstance("PKCS11");
?java.security.cert.Certificate cert = keyStore.getCertificate(certAlias);
PrivateKey pk = (PrivateKey) keyStore.getKey(certAlias, pin);
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", pkcs11Prov);
cipher.init(Cipher.ENCRYPT_MODE, pk);// results
in the call of C_SignInit
cipher.init(Cipher.ENCRYPT_MODE, cert.getPublicKey());//throws
InvalidKeyException (init() failed) because the C_EncryptInit returned
CKR_KEY_TYPE_INCONSISTENT
I must add that I抦 absolutely sure about the
reported behavior because after some suspects I
started intercepting and logging all calls to the DLL.
Does anyone has o clue why this is appending?
Thanks,
Lu韘 M. Costa
