An issue with keytool and PKCS11

Wang Weijun weijun.wang at oracle.com
Thu Jan 21 00:36:54 UTC 2016


Can you add a -debug option and show me the full output?

You can also add a -J-Djava.security.debug=all but I am not sure if the output is useful.

--Max

> On Jan 12, 2016, at 9:38 AM, Mark Joseph <mark at p6r.com> wrote:
> 
> Hi,
> 
>    We are a PKCS#11 vendor and we are in the process of integrating our C library with keytool and jarsigner.   
> 
> We are executing the following comand line.  
> 
> keytool  -keystore NONE -storetype PKCS11 -storepass 12345678 -providerName SunPKCS11-P6Rtoken -providerclass sun.security.pkcs11.SunPKCS11 -providerarg E:\work\SKC_OPT_2015_2\p6r.cfg -genkeypair -keyalg RSA -keysize 2048 -alias p6rsignkey -v
> 
> We are doing this on Windows, and we are using the latest Java keytool out of the JDK.  
> Our library is 64 bits and the Java version we have installed is 64 bits.
> 
> Now what we are seeing is strange.    The above worked one time with the key pair being generated and stored in our PKCS11 library.
> 
> Then we reset everything and continued to do testing and the result was that keytool again created a Certificate and a Private key and placed them into our PKCS11 library.  
> 
> However, instead of finishing by creating the key pair by calling our PKCS11 library it just stopped and returned.   There was no error or exception printed out.  
> 
> So we are stuck not knowing what is wrong?    Any one seen this before or have a way we can see why the keytool is "aborting" out of running?
> 
> 
> 
> Best,
> Mark Joseph
> P6R, Inc




More information about the security-dev mailing list