PKCS11 not found

3,886 views
Skip to first unread message

Marek K

unread,
Feb 13, 2014, 4:22:54 AM2/13/14
to jsig...@googlegroups.com
Hi Josef,

I set up JSignPdf to use smartcard with library=c:/windows/system32/beidpkcs11.dll, however I get this error when I try to sign using PKCS11:

DEBUG Relaxing SSL security.
INFO  Starting JSignPdf
INFO  Checking input and output PDF paths.
java.security.KeyStoreException: PKCS11 not found
        at java.security.KeyStore.getInstance(Unknown Source)
        at net.sf.jsignpdf.utils.KeyStoreUtils.loadKeyStore(KeyStoreUtils.java:359)
        at net.sf.jsignpdf.utils.KeyStoreUtils.getPkInfo(KeyStoreUtils.java:424)
        at net.sf.jsignpdf.SignerLogic.signFile(SignerLogic.java:130)
        at net.sf.jsignpdf.SignerLogic.run(SignerLogic.java:109)
        at java.lang.Thread.run(Unknown Source)
Caused by: java.security.NoSuchAlgorithmException: PKCS11 KeyStore not available
        at sun.security.jca.GetInstance.getInstance(Unknown Source)
        at java.security.Security.getImpl(Unknown Source)
        ... 6 more
WARN  Keystore was not loaded succesfully. Check if the keystore type, path and password are valid.
ERROR Problem occured
java.lang.NullPointerException: Keystore was not loaded succesfully. Check if the keystore type, path and password are valid.
        at net.sf.jsignpdf.utils.KeyStoreUtils.getKeyAliasInternal(KeyStoreUtils.java:216)
        at net.sf.jsignpdf.utils.KeyStoreUtils.getPkInfo(KeyStoreUtils.java:426)
        at net.sf.jsignpdf.SignerLogic.signFile(SignerLogic.java:130)
        at net.sf.jsignpdf.SignerLogic.run(SignerLogic.java:109)
        at java.lang.Thread.run(Unknown Source)
INFO  Finished: Creating of signature failed.

If I execute "JSignPdfC.exe -kst PKCS11 -lk" I get this output,

DEBUG Relaxing SSL security.
INFO  Getting keystore type instance: PKCS11
INFO  Getting key alias
INFO  Key aliases in the keystore:
Authentication
Signature

WINDOWS-MY keystore works correctly.

Could you please help me with this?

-- Marek

Josef Cacek

unread,
Feb 13, 2014, 4:39:22 AM2/13/14
to JSignPdf forum
Hi Marek,

did you uncomment following line in conf/conf.properties?
#pkcs11config.path=conf/pkcs11.cfg

The property description says:
# pkcs11config.path is a path (either absolute or relative to the
working directory) to PKCS#11 provider configuration;
# if the file exists it's used to register a new SunPKCS11 provider instance
# as described in
http://download.oracle.com/javase/6/docs/technotes/guides/security/p11guide.html

Regards,
-- Josef
> --
> You received this message because you are subscribed to the Google Groups
> "JSignPdf" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to jsignpdf+u...@googlegroups.com.
> To post to this group, send email to jsig...@googlegroups.com.
> Visit this group at http://groups.google.com/group/jsignpdf.
> For more options, visit https://groups.google.com/groups/opt_out.

Marek K

unread,
Feb 13, 2014, 4:47:43 AM2/13/14
to jsig...@googlegroups.com
Hi,

yes, I did. The communication with the card happens with -kst PKCS11 -lk parameters, I can see it as the LED on the reader is blinking.

Dňa štvrtok, 13. februára 2014 10:39:22 UTC+1 Josef Cacek napísal(-a):

Josef Cacek

unread,
Feb 13, 2014, 4:52:22 AM2/13/14
to JSignPdf forum
OK, try also to uncomment following lines in the same file:
#certificate.checkKeyUsage=false
#certificate.checkValidity=false

If it helps, then either the certificate properties or validity seems
to be incorrect.

If it doesn't help, then I don't have any idea why it could fail.

-- Josef

Marek K

unread,
Feb 13, 2014, 5:17:47 AM2/13/14
to jsig...@googlegroups.com
It didn't help. Could it be broken driver implementation?

Josef Cacek

unread,
Jun 11, 2014, 5:21:01 PM6/11/14
to JSignPdf forum
Marek, could you try the version 1.5.3, please?
There was a bug in handling PKCS11, when JSignPdf GUI was used.

Thanks in advance,
-- Josef


On Thu, Feb 13, 2014 at 11:17 AM, Marek K <m0k...@gmail.com> wrote:
It didn't help. Could it be broken driver implementation?

--

Rajendra Prasad

unread,
Jun 12, 2014, 8:33:44 AM6/12/14
to jsig...@googlegroups.com
Reply all
Reply to author
Forward
0 new messages