An issue with keytool and PKCS11

Mark Joseph mark at
Tue Jan 12 01:38:37 UTC 2016


   We are a PKCS#11 vendor and we are in the process of integrating our C library with keytool and jarsigner.   

We are executing the following comand line.  

keytool  -keystore NONE -storetype PKCS11 -storepass 12345678 -providerName SunPKCS11-P6Rtoken -providerclass -providerarg E:\work\SKC_OPT_2015_2\p6r.cfg -genkeypair -keyalg RSA -keysize 2048 -alias p6rsignkey -v

We are doing this on Windows, and we are using the latest Java keytool out of the JDK.  
Our library is 64 bits and the Java version we have installed is 64 bits.

Now what we are seeing is strange.    The above worked one time with the key pair being generated and stored in our PKCS11 library.

Then we reset everything and continued to do testing and the result was that keytool again created a Certificate and a Private key and placed them into our PKCS11 library.  

However, instead of finishing by creating the key pair by calling our PKCS11 library it just stopped and returned.   There was no error or exception printed out.  

So we are stuck not knowing what is wrong?    Any one seen this before or have a way we can see why the keytool is "aborting" out of running?

Mark Joseph
P6R, Inc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the security-dev mailing list