连接到SoftHSM java

码: 

String pkcs11cfg = "pkcs11.cfg"; Provider p = new SunPKCS11(pkcs11cfg); Security.addProvider(p); KeyStore ks = KeyStore.getInstance("PKCS11", p); ks.load(null, pin); System.out.println(ks.size()); // prints 0

CFG: 

 name = pkcs11Test library = /usr/local/lib/libsofthsm.so slot = 1

问题是我有一些密钥对,我用pkcs11-tool添加它们。
softhsm的版本是1.2.1
为什么KeyStore中没有任何别名? 如何解决这个问题?

我们很快就会发布SoftHSM 1.3.0。 它支持证书并使用Java进行测试。

SoftHSM.java: 

 import java.io.*; import java.math.*; import java.util.*; import java.security.*; import java.security.interfaces.*; import java.security.cert.*; import sun.security.pkcs11.*; import org.bouncycastle.x509.*; import javax.security.auth.x500.X500Principal; import org.bouncycastle.asn1.x509.BasicConstraints; import org.bouncycastle.asn1.x509.ExtendedKeyUsage; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralNames; import org.bouncycastle.asn1.x509.KeyPurposeId; import org.bouncycastle.asn1.x509.KeyUsage; import org.bouncycastle.asn1.x509.X509Extensions; import org.bouncycastle.x509.X509V3CertificateGenerator; class SoftHSM { public static void main(String args[]) throws Exception { // Set up the Sun PKCS 11 provider String configName = "softhsm.cfg"; Provider p = new SunPKCS11(configName); if (-1 == Security.addProvider(p)) { throw new RuntimeException("could not add security provider"); } // Load the key store char[] pin = "1234".toCharArray(); KeyStore ks = KeyStore.getInstance("PKCS11", p); ks.load(null, pin); // Generate the key SecureRandom sr = new SecureRandom(); KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", p); keyGen.initialize(1024, sr); KeyPair keyPair = keyGen.generateKeyPair(); PrivateKey pk = keyPair.getPrivate(); // Java API requires a certificate chain X509Certificate[] chain = generateV3Certificate(keyPair); ks.setKeyEntry("ALIAS-GOES-HERE", pk, "1234".toCharArray(), chain); ks.store(null); System.out.println("OK"); } public static X509Certificate[] generateV3Certificate(KeyPair pair) throws InvalidKeyException, NoSuchProviderException, SignatureException { Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider()); X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setIssuerDN(new X500Principal("CN=Test Certificate")); certGen.setNotBefore(new Date(System.currentTimeMillis() - 10000)); certGen.setNotAfter(new Date(System.currentTimeMillis() + 10000)); certGen.setSubjectDN(new X500Principal("CN=Test Certificate")); certGen.setPublicKey(pair.getPublic()); certGen.setSignatureAlgorithm("SHA256WithRSA"); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature | KeyUsage.keyEncipherment)); certGen.addExtension(X509Extensions.ExtendedKeyUsage, true, new ExtendedKeyUsage(KeyPurposeId.id_kp_serverAuth)); certGen.addExtension(X509Extensions.SubjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.rfc822Name, "test@test.test"))); X509Certificate[] chain = new X509Certificate[1]; chain[0] = certGen.generateX509Certificate(pair.getPrivate(), "SunPKCS11-SoftHSM"); return chain; } }

softhsm.cfg: 

 name = SoftHSM library = /usr/local/lib/libsofthsm.so slot = 2 attributes(generate, *, *) = { CKA_TOKEN = true } attributes(generate, CKO_CERTIFICATE, *) = { CKA_PRIVATE = false } attributes(generate, CKO_PUBLIC_KEY, *) = { CKA_PRIVATE = false }
Interesting Posts

在JavaFx中编码UDP通信

为什么不对所有整数值使用long

如何用“like”运算符查询lucene?

是否存在使用equals方法进行密钥检查的地图?

绘制方程到笛卡尔平面

在Spring Boot中的每个数据库连接的开头运行SQL语句

此方法必须返回boolean,java类型的结果

JSF:当禁用组件时,其值不会进入请求映射参数。 有解决方法吗?

Java:如何检测(和更改?)System.console的编码?

使用javac和javax.tools.JavaCompiler有什么区别?