|
»
« Return to Thread: Using external key with ncipher HSM
Re: Using external key with ncipher HSM
by Leonardo L. P. da Mata
::
Rate this Message:
I've read the HSM manual and checked that my Security world is a fips level 2.
The NFAST_HOME is ok. I think this a security issue. I'm gonna try
with the system administrator.
Thanks.
On Sun, Oct 19, 2008 at 8:12 AM, Tomas Gustavsson <tomas@...> wrote:
>
> I think you should be able to see if your security world is in fips
> level 2 using nfkminfo commands.
>
> Otherwise "nCipher.sworld not found" sounds like it can not find the
> security world. Did you set NFAST_HOME env variable?
>
> Cheers,
> Tomas
>
> Leonardo L. P. da Mata wrote:
>> Ok, i'm abble to create CAs using nCipher HSM, as I've mentioned
>> (thanks to http://www.linagora.org/ people). Now i need to import
>> external keys and CAs in this HSM.
>>
>> I've tried to use the steps "Importing an existing CA or sub-CA to
>> EJBCA." on the user's manual, but I'm getting some errors.
>>
>> First of all, i didn't create the small world, some old administrators
>> done this job and i can't do it again.
>> I don't know if my security world is a fips 140-2 level 2 as mentioned
>> in: ("The security world has to be initialized in the default FIPS
>> 140-2 Level 2 for this to work. ").
>>
>> After using:
>> c:\nfast\bin\generatekey.exe --import -c cardset jcecsp
>> pemreadfile=teste.pem type=RSA keystore=temp.keysto
>> re
>>
>> And type parameter of the x509 certificate, I'm getting:
>>
>> Card reading complete.
>>
>> Subprocess failed
>> Arguments: java.exe com.ncipher.provider.tools.ImportKey --keystore temp.keystor
>> e --alias imported --ident e48cade40f1528f531b372817ddc969bae071de3 --type com.n
>> cipher.provider.km.KMRSAPrivateKey --certificate C:/nfast/kmdata/tmp/3128_basili
>> sco.cert << {
>> }
>> Errors:
>> FATAL: java.security.KeyStoreException nCipher.sworld not found
>>
>>
>> ERROR: Tcl_Eval of 'store' failed: child process exited abnormally
>> nfgk_operate: SoftwareFailed
>>
>>
>> Is this an issue because i have a different fips level?
>>
>>
>> Just to make sure, what's the difference between a recovery key and a
>> normal key (as the tool asks "recovery: Key recovery? (yes/no) [yes]
>>> ")?
>>
>> Thanks again
>>
>>
>>
>>
>>
>> On Wed, Oct 15, 2008 at 6:51 PM, Leonardo L. P. da Mata
>> <barroca@...> wrote:
>>> I've started a new installation from scratch...
>>> It worked.
>>>
>>> Every time you start jboss you need to use nCipherJboss.cmd/.sh , even
>>> in the first time (generating the AdminCA1). This is something that
>>> should be better explained in the documentation. This when you need to
>>> use nCipher HSM :-).
>>>
>>> In my last installation, i was using the
>>> security.provider.1=com.ncipher.provider.km.nCipherKM
>>> as default security provider in
>>> JAVA_HOME/jre/lib/security/java.security
>>>
>>> But since i couldn't reproduce the error, and changing back to the
>>> original, the error persists. I guess that this isn't a security
>>> problem.
>>>
>>>
>>> I will keep testing the software and updating this thread.
>>>
>>> Thanks again.
>>>
>>>
>>> On Wed, Oct 15, 2008 at 5:02 PM, Johan Eklund <ejbca-support@...> wrote:
>>>> I vaguely recall this as caused by not listing the nCipher provider in some
>>>> JRE configfile.. might have been in JREHOME/lib/security/ or something like
>>>> that.. my theory is that it is using the regular JCE provider on a nCipher
>>>> keystore or maybe vice versa.. but this is pretty vague memories.. =/
>>>>
>>>> /Johan
>>>>
>>>> Leonardo L. P. da Mata skrev:
>>>>> Hello, i've configured ejbca with JCE keys.
>>>>> After the installation i'm getting a strange error.
>>>>> "java.io.IOException: Bad KeyStore file, expecting a 40 character line."
>>>>>
>>>>> it seens that the keystore cannot be loaded.
>>>>> Is the keystore used when starting ejbca the keystore that stores the
>>>>> keys for SSL?(:-o)
>>>>>
>>>>> ejbca.properties contains:
>>>>> ca.tokentype=org.ejbca.core.model.ca.catoken.NFastCAToken
>>>>> ca.tokenpassword=password
>>>>>
>>>>> and catoken.properties contains:
>>>>> keyStore baac258f773b0eb0ac1277e807207f0c63065ced
>>>>> defaultKey defaultRoot1
>>>>> certSignKey signRoot1
>>>>> crlSignKey signRoot1
>>>>> testKey testRoot1
>>>>>
>>>>> these configuration was done before the installation.
>>>>>
>>>>> should i use a different keyStore??
>>>>> Is there any problem configuring the default CA with soft and then
>>>>> using ncipher HSM to generate other CAs?
>>>>>
>>>>> Thanks.
>>>>>
>>>>>
>>>>> INFO: WSSERVLET14: JAX-WS servlet initializing
>>>>> 16:20:18,890 INFO [EARDeployer] Started J2EE application:
>>>>> file:/C:/jboss-4.2.3.
>>>>> GA/server/default/deploy/ejbca.ear
>>>>> 16:20:19,015 INFO [Http11Protocol] Starting Coyote HTTP/1.1 on
>>>>> http-0.0.0.0-808
>>>>> 0
>>>>> 16:20:19,031 ERROR [Http11Protocol] Error starting endpoint
>>>>> java.io.IOException: Bad KeyStore file, expecting a 40 character line.
>>>>> at
>>>>> com.ncipher.provider.km.KMKeyStore.engineLoad(KMKeyStore.java:674)
>>>>> at java.security.KeyStore.load(KeyStore.java:1185)
>>>>> at
>>>>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket
>>>>> Factory.java:319)
>>>>> at
>>>>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc
>>>>> ketFactory.java:259)
>>>>> at
>>>>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSE
>>>>> SocketFactory.java:410)
>>>>> at
>>>>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFact
>>>>> ory.java:378)
>>>>> at
>>>>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESo
>>>>> cketFactory.java:135)
>>>>> at
>>>>> org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:497)
>>>>> at
>>>>> org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:514)
>>>>> at
>>>>> org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:203
>>>>> )
>>>>> at
>>>>> org.apache.catalina.connector.Connector.start(Connector.java:1146)
>>>>> at
>>>>> org.jboss.web.tomcat.service.JBossWeb.startConnectors(JBossWeb.java:6
>>>>> 01)
>>>>> at
>>>>> org.jboss.web.tomcat.service.JBossWeb.handleNotification(JBossWeb.jav
>>>>> a:638)
>>>>> at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
>>>>> at
>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
>>>>> sorImpl.java:25)
>>>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>>>> at
>>>>> org.jboss.mx.notification.NotificationListenerProxy.invoke(Notificati
>>>>> onListenerProxy.java:153)
>>>>> at $Proxy46.handleNotification(Unknown Source)
>>>>> at
>>>>> org.jboss.mx.util.JBossNotificationBroadcasterSupport.handleNotificat
>>>>> ion(JBossNotificationBroadcasterSupport.java:127)
>>>>> at
>>>>> org.jboss.mx.util.JBossNotificationBroadcasterSupport.sendNotificatio
>>>>> n(JBossNotificationBroadcasterSupport.java:108)
>>>>> at
>>>>> org.jboss.system.server.ServerImpl.sendNotification(ServerImpl.java:9
>>>>> 16)
>>>>> at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:497)
>>>>> at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)
>>>>> at org.jboss.Main.boot(Main.java:200)
>>>>> at org.jboss.Main$1.run(Main.java:508)
>>>>> at java.lang.Thread.run(Thread.java:619)
>>>>> 16:20:19,046 WARN [JBossWeb] Failed to startConnectors
>>>>> LifecycleException: service.getName(): "jboss.web"; Protocol handler
>>>>> start fai
>>>>> led: java.io.IOException: Bad KeyStore file, expecting a 40 character
>>>>> line.
>>>>> at
>>>>> org.apache.catalina.connector.Connector.start(Connector.java:1153)
>>>>> at
>>>>> org.jboss.web.tomcat.service.JBossWeb.startConnectors(JBossWeb.java:6
>>>>> 01)
>>>>> at
>>>>> org.jboss.web.tomcat.service.JBossWeb.handleNotification(JBossWeb.jav
>>>>> a:638)
>>>>> at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
>>>>> at
>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
>>>>> sorImpl.java:25)
>>>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>>>> at
>>>>> org.jboss.mx.notification.NotificationListenerProxy.invoke(Notificati
>>>>> onListenerProxy.java:153)
>>>>> at $Proxy46.handleNotification(Unknown Source)
>>>>> at
>>>>> org.jboss.mx.util.JBossNotificationBroadcasterSupport.handleNotificat
>>>>> ion(JBossNotificationBroadcasterSupport.java:127)
>>>>> at
>>>>> org.jboss.mx.util.JBossNotificationBroadcasterSupport.sendNotificatio
>>>>> n(JBossNotificationBroadcasterSupport.java:108)
>>>>> at
>>>>> org.jboss.system.server.ServerImpl.sendNotification(ServerImpl.java:9
>>>>> 16)
>>>>> at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:497)
>>>>> at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)
>>>>> at org.jboss.Main.boot(Main.java:200)
>>>>> at org.jboss.Main$1.run(Main.java:508)
>>>>> at java.lang.Thread.run(Thread.java:619)
>>>>> 16:20:19,062 INFO [Server] JBoss (MX MicroKernel) [4.2.3.GA (build:
>>>>> SVNTag=JBos
>>>>> s_4_2_3_GA date=200807181439)] Started in 4m:25s:750ms
>>>>>
>>>>>
>>>>> On Tue, Oct 14, 2008 at 4:24 PM, Leonardo L. P. da Mata
>>>>> <barroca@...> wrote:
>>>>>
>>>>>> To illustrate how am I import the keys, I've imported again, and here
>>>>>> is the result:
>>>>>>
>>>>>> c:\nfast\bin\generatekey --import -c mscapi pkcs11
>>>>>> pemreadfile=teste.pem type=RSA
>>>>>> recovery: Key recovery? (yes/no) [yes] >
>>>>>> plainname: Key name? [] > imported3
>>>>>> nvram: Store blob in NVRAM (will require administrator cardset)? (yes/no)
>>>>>> [no]
>>>>>> key generation parameters:
>>>>>> operation Operation to perform
>>>>>> import
>>>>>> application Application
>>>>>> pkcs11
>>>>>> protect Protected by
>>>>>> token
>>>>>> slot Slot to read cards from 0
>>>>>> recovery Key recovery
>>>>>> yes
>>>>>> verify Verify security of key
>>>>>> yes
>>>>>> type Key type
>>>>>> RSA
>>>>>> pemreadfile PEM file containing RSA key
>>>>>> teste.pe
>>>>>> m
>>>>>> plainname Key name
>>>>>> imported
>>>>>> 3
>>>>>> nvram Store blob in NVRAM (will require administrator cardset)
>>>>>> no
>>>>>>
>>>>>> Loading `mscapi':
>>>>>> Module 1: 0 cards of 1 read
>>>>>> Module 1 slot 0: `mscapi' #1 (`oper')
>>>>>> Module 1 slot 0:- passphrase supplied - reading card
>>>>>> Card reading complete.
>>>>>>
>>>>>> Key successfully imported.
>>>>>> Path to key:
>>>>>> C:\nfast\kmdata\local\key_pkcs11_uc3d9fa9461f5ada90d40e0b1a2420099ea70834bb-9108857e16ec3ee22b9a23373e9c6f24eac8d70b
>>>>>>
>>>>>>
>>>>>>
>>>>>> It seems that the key is correctly imported. "This is surely possible,
>>>>>> but we have not done it so we can't provide you with finished commands
>>>>>> for importing keys for PKCS#11." . Do you think that the message
>>>>>> saying "Key successfully imported." is not true?
>>>>>>
>>>>>> 1)I will try the JCE way.
>>>>>> 2)Since there's no difference between creating a new one, and
>>>>>> importing, the options are a little bit confusing. Maybe the
>>>>>> documentation must be more "step by step" like.. :-)
>>>>>> 3) I notice that also.
>>>>>>
>>>>>>
>>>>>> I will check for other ways to use the HSM and keep giving feedback here.
>>>>>>
>>>>>> Thanks for all the help provided..
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Tue, Oct 14, 2008 at 3:57 PM, Ejbca support
>>>>>> <ejbca-support@...> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> 1) The Howto article is created for the NFastToken way of using nCipher,
>>>>>>> not PKCS#11. You can use nCipher using:
>>>>>>> - PKCS#11
>>>>>>> - NFast JCE Provider
>>>>>>>
>>>>>>> Both ways work, but the howto for importing keys is done for the JCE
>>>>>>> provider.
>>>>>>> When trying to start JBoss using the JCE provider did you use
>>>>>>> EJBCA/bin/nCipherJboss.sh and did you have the nCipher JCE/JCA provider
>>>>>>> installed (it is separate packages in the nCipher install).
>>>>>>>
>>>>>>> When nfkminfo says:
>>>>>>> -----
>>>>>>>
>>>>>>> jboss@host$ $NFAST_HOME/bin/nfkminfo -k
>>>>>>> AppName jcecsp Ident f7e825134fe23f58b1575d8efb487babe7ebd1ed
>>>>>>> AppName jcecsp Ident
>>>>>>> f7e825134fe23f58b1575d8efb487babe7ebd1ed-key-832c8a89fe813dc99ae61e094fe5d195ca3e405d
>>>>>>> -----
>>>>>>> jcecsp means the keys can only be used by the JCE-provider. nCipher does
>>>>>>> it so you have different targets depending on which API you are using. If
>>>>>>> you want to use PKCS#11 you need to import the keys in another way.
>>>>>>> This is surely possible, but we have not done it so we can't provide you
>>>>>>> with finished commands for importing keys for PKCS#11.
>>>>>>>
>>>>>>>
>>>>>>> 2) There is no option for creating an "imported CA", you simply create a
>>>>>>> CA as usual and provide the correct parameters as CAToken parameters.
>>>>>>> From EJBCAs view there is no difference between a CA with keys
>>>>>>> generated in the HSM or created in the HSM. From EJBCAs view the keys
>>>>>>> ARE simply in the HSM and are used in the HSM.
>>>>>>>
>>>>>>> Simply create a new CA using keys on the HSM. Enter a name for the new
>>>>>>> CA and click 'Create CA'.
>>>>>>>
>>>>>>> Which options do not exist? Perhaps the wording "When importing a
>>>>>>> sub-CA" is confusing? Since you don't import a CA, you simply create a
>>>>>>> CA as usual.
>>>>>>>
>>>>>>> 3) "Import CA certificate" is for something completely different, don't
>>>>>>> use that. This function simply imports a CA certificate (as you
>>>>>>> noticed), so you can have external CA certificates imported for various
>>>>>>> verification reasons.
>>>>>>>
>>>>>>> Cheers,
>>>>>>> Tomas
>>>>>>> -----
>>>>>>> PrimeKey Solutions offers a commercial EJBCA support subscription and
>>>>>>> training for EJBCA. Please see www.primekey.se or contact
>>>>>>> info@... for more information.
>>>>>>> http://download.primekey.se/documents/ejbca_subscription.pdf
>>>>>>> http://download.primekey.se/documents/ejbca_training.pdf
>>>>>>>
>>>>>>>
>>>>>>> Leonardo L. P. da Mata wrote:
>>>>>>>
>>>>>>>> Hey, so, I've read the documentation, but i think there are some
>>>>>>>> lacks...
>>>>>>>> Just to make sure, to use the nCipher nShield, i should use the pkcs11
>>>>>>>> interface, right? I've tried to start jboss using the ncipher
>>>>>>>> interface, but it didn't wok. So i suppose that this kind of hsm must
>>>>>>>> use the pkcs11 interface.
>>>>>>>>
>>>>>>>> On the screen:
>>>>>>>> https://localhost:8443/ejbca/adminweb/ca/editcas/editcas.jsp
>>>>>>>>
>>>>>>>> i can't find the option mentioned in the documentation, there's no
>>>>>>>> "create new CA 'ImportedCA'" option, and when i click in the create
>>>>>>>> button, there's no option that can be selected as impotedCA.
>>>>>>>>
>>>>>>>> There are "Import CA keystore" and "import CA certificate". but when i
>>>>>>>> use the option "import CA certificate" i can import my CA certificate,
>>>>>>>> but the key is not stored in the HSM. the CA Token Type is set to Null
>>>>>>>> after the import.
>>>>>>>>
>>>>>>>> We must provide more than 1 type of security solution, that's why I'm
>>>>>>>> testing booth generating keys inside HSM and generating outside and
>>>>>>>> importing then.
>>>>>>>>
>>>>>>>> The next step i will try is to generate User certificates into smart
>>>>>>>> cards, but I'm already testing http://www.hardtokenmgmt.org/.
>>>>>>>>
>>>>>>>> Thanks, I appreciate the help. Hope to help the company that I'm
>>>>>>>> working for to be another reference installation.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, Oct 14, 2008 at 5:28 AM, Tomas Gustavsson <tomas@...>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>> Hi Leonardo,
>>>>>>>>>
>>>>>>>>> Did you read the chapter in the User Guide at ejbca.org called
>>>>>>>>> "Importing an existing CA or sub-CA to EJBCA"? It's under the
>>>>>>>>> HSM->nCopher section. This text explains exactly how you can import
>>>>>>>>> existing keys (stored on disc) to create a CA in EJBCA.
>>>>>>>>> It also explains how you create the CA in EJBCA.
>>>>>>>>>
>>>>>>>>> We have done this and it works, no options in JBoss. Since the keys
>>>>>>>>> are
>>>>>>>>> imported into nCipher, it is simply just like any other CA with keys
>>>>>>>>> on
>>>>>>>>> the nCipher HSM. There is no difference between this CA and a CA where
>>>>>>>>> keys are generated inside the HSM (which is the recommended way for
>>>>>>>>> security reasons of-course).
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Tomas
>>>>>>>>> -----
>>>>>>>>> PrimeKey Solutions offers a commercial EJBCA support subscription and
>>>>>>>>> training for EJBCA. Please see www.primekey.se or contact
>>>>>>>>> info@... for more information.
>>>>>>>>> http://download.primekey.se/documents/ejbca_subscription.pdf
>>>>>>>>> http://download.primekey.se/documents/ejbca_training.pdf
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Leonardo L. P. da Mata wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> Hello,
>>>>>>>>>>
>>>>>>>>>> I'm developing the pki infrastructure for the Official Press of Minas
>>>>>>>>>> Gerais Estate ,in Brazil, and I'm having some problems on generating
>>>>>>>>>> keys outside a HSM and importing then inside the HSM.
>>>>>>>>>>
>>>>>>>>>> The server is a Windows XP, and I'm using nCipher nShield HSM. I was
>>>>>>>>>> able to import the keys using generatekey --import, the keys are
>>>>>>>>>> listed using nfkminfo tool, but i don't know how to use these keys to
>>>>>>>>>> create a new CA. Is it possible to use external keys to create new
>>>>>>>>>> CAs?
>>>>>>>>>>
>>>>>>>>>> Is there any special change to use imported keys in the
>>>>>>>>>> administration
>>>>>>>>>> GUI? Do I need to set parameters when I start JBOSS to use external
>>>>>>>>>> keys?
>>>>>>>>>>
>>>>>>>>>> Is there any other source of information different then ejbca.org?
>>>>>>>>>>
>>>>>>>>>> I'm using ejbca-3.7.1 and jboss-4.2.3-GA
>>>>>>>>>>
>>>>>>>>>> Thanks.
>>>>>>>>>>
>>>>>>>>>> BTW, we are planning to develop the tools as free-software.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> -------------------------------------------------------------------------
>>>>>>>>> This SF.Net email is sponsored by the Moblin Your Move Developer's
>>>>>>>>> challenge
>>>>>>>>> Build the coolest Linux based applications with Moblin SDK & win great
>>>>>>>>> prizes
>>>>>>>>> Grand prize is a trip for two to an Open Source event anywhere in the
>>>>>>>>> world
>>>>>>>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>>>>>>>>> _______________________________________________
>>>>>>>>> Ejbca-develop mailing list
>>>>>>>>> Ejbca-develop@...
>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> -------------------------------------------------------------------------
>>>>>>> This SF.Net email is sponsored by the Moblin Your Move Developer's
>>>>>>> challenge
>>>>>>> Build the coolest Linux based applications with Moblin SDK & win great
>>>>>>> prizes
>>>>>>> Grand prize is a trip for two to an Open Source event anywhere in the
>>>>>>> world
>>>>>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>>>>>>> _______________________________________________
>>>>>>> Ejbca-develop mailing list
>>>>>>> Ejbca-develop@...
>>>>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>>>>>
>>>>>>>
>>>>>> --
>>>>>> Leonardo Luiz Padovani da Mata
>>>>>> barroca@...
>>>>>>
>>>>>> "May the force be with you, always"
>>>>>> "Nerd Pride... eu tenho. Voce tem?"
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> PrimeKey Solutions offers a commercial EJBCA support subscription and
>>>> training for EJBCA. Please see www.primekey.se or contact info@...
>>>> for more information.
>>>> http://download.primekey.se/documents/ejbca_subscription.pdf
>>>> http://download.primekey.se/documents/ejbca_training.pdf
>>>>
>>>>
>>>>
>>>> -------------------------------------------------------------------------
>>>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
>>>> Build the coolest Linux based applications with Moblin SDK & win great
>>>> prizes
>>>> Grand prize is a trip for two to an Open Source event anywhere in the world
>>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>>>> _______________________________________________
>>>> Ejbca-develop mailing list
>>>> Ejbca-develop@...
>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>>
>>>>
>>>
>>>
>>> --
>>> Leonardo Luiz Padovani da Mata
>>> barroca@...
>>>
>>> "May the force be with you, always"
>>> "Nerd Pride... eu tenho. Voce tem?"
>>>
>>
>>
>>
>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Ejbca-develop mailing list
> Ejbca-develop@...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
--
Leonardo Luiz Padovani da Mata
barroca@...
"May the force be with you, always"
"Nerd Pride... eu tenho. Voce tem?"
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Ejbca-develop mailing list
Ejbca-develop@...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
The NFAST_HOME is ok. I think this a security issue. I'm gonna try
with the system administrator.
Thanks.
On Sun, Oct 19, 2008 at 8:12 AM, Tomas Gustavsson <tomas@...> wrote:
>
> I think you should be able to see if your security world is in fips
> level 2 using nfkminfo commands.
>
> Otherwise "nCipher.sworld not found" sounds like it can not find the
> security world. Did you set NFAST_HOME env variable?
>
> Cheers,
> Tomas
>
> Leonardo L. P. da Mata wrote:
>> Ok, i'm abble to create CAs using nCipher HSM, as I've mentioned
>> (thanks to http://www.linagora.org/ people). Now i need to import
>> external keys and CAs in this HSM.
>>
>> I've tried to use the steps "Importing an existing CA or sub-CA to
>> EJBCA." on the user's manual, but I'm getting some errors.
>>
>> First of all, i didn't create the small world, some old administrators
>> done this job and i can't do it again.
>> I don't know if my security world is a fips 140-2 level 2 as mentioned
>> in: ("The security world has to be initialized in the default FIPS
>> 140-2 Level 2 for this to work. ").
>>
>> After using:
>> c:\nfast\bin\generatekey.exe --import -c cardset jcecsp
>> pemreadfile=teste.pem type=RSA keystore=temp.keysto
>> re
>>
>> And type parameter of the x509 certificate, I'm getting:
>>
>> Card reading complete.
>>
>> Subprocess failed
>> Arguments: java.exe com.ncipher.provider.tools.ImportKey --keystore temp.keystor
>> e --alias imported --ident e48cade40f1528f531b372817ddc969bae071de3 --type com.n
>> cipher.provider.km.KMRSAPrivateKey --certificate C:/nfast/kmdata/tmp/3128_basili
>> sco.cert << {
>> }
>> Errors:
>> FATAL: java.security.KeyStoreException nCipher.sworld not found
>>
>>
>> ERROR: Tcl_Eval of 'store' failed: child process exited abnormally
>> nfgk_operate: SoftwareFailed
>>
>>
>> Is this an issue because i have a different fips level?
>>
>>
>> Just to make sure, what's the difference between a recovery key and a
>> normal key (as the tool asks "recovery: Key recovery? (yes/no) [yes]
>>> ")?
>>
>> Thanks again
>>
>>
>>
>>
>>
>> On Wed, Oct 15, 2008 at 6:51 PM, Leonardo L. P. da Mata
>> <barroca@...> wrote:
>>> I've started a new installation from scratch...
>>> It worked.
>>>
>>> Every time you start jboss you need to use nCipherJboss.cmd/.sh , even
>>> in the first time (generating the AdminCA1). This is something that
>>> should be better explained in the documentation. This when you need to
>>> use nCipher HSM :-).
>>>
>>> In my last installation, i was using the
>>> security.provider.1=com.ncipher.provider.km.nCipherKM
>>> as default security provider in
>>> JAVA_HOME/jre/lib/security/java.security
>>>
>>> But since i couldn't reproduce the error, and changing back to the
>>> original, the error persists. I guess that this isn't a security
>>> problem.
>>>
>>>
>>> I will keep testing the software and updating this thread.
>>>
>>> Thanks again.
>>>
>>>
>>> On Wed, Oct 15, 2008 at 5:02 PM, Johan Eklund <ejbca-support@...> wrote:
>>>> I vaguely recall this as caused by not listing the nCipher provider in some
>>>> JRE configfile.. might have been in JREHOME/lib/security/ or something like
>>>> that.. my theory is that it is using the regular JCE provider on a nCipher
>>>> keystore or maybe vice versa.. but this is pretty vague memories.. =/
>>>>
>>>> /Johan
>>>>
>>>> Leonardo L. P. da Mata skrev:
>>>>> Hello, i've configured ejbca with JCE keys.
>>>>> After the installation i'm getting a strange error.
>>>>> "java.io.IOException: Bad KeyStore file, expecting a 40 character line."
>>>>>
>>>>> it seens that the keystore cannot be loaded.
>>>>> Is the keystore used when starting ejbca the keystore that stores the
>>>>> keys for SSL?(:-o)
>>>>>
>>>>> ejbca.properties contains:
>>>>> ca.tokentype=org.ejbca.core.model.ca.catoken.NFastCAToken
>>>>> ca.tokenpassword=password
>>>>>
>>>>> and catoken.properties contains:
>>>>> keyStore baac258f773b0eb0ac1277e807207f0c63065ced
>>>>> defaultKey defaultRoot1
>>>>> certSignKey signRoot1
>>>>> crlSignKey signRoot1
>>>>> testKey testRoot1
>>>>>
>>>>> these configuration was done before the installation.
>>>>>
>>>>> should i use a different keyStore??
>>>>> Is there any problem configuring the default CA with soft and then
>>>>> using ncipher HSM to generate other CAs?
>>>>>
>>>>> Thanks.
>>>>>
>>>>>
>>>>> INFO: WSSERVLET14: JAX-WS servlet initializing
>>>>> 16:20:18,890 INFO [EARDeployer] Started J2EE application:
>>>>> file:/C:/jboss-4.2.3.
>>>>> GA/server/default/deploy/ejbca.ear
>>>>> 16:20:19,015 INFO [Http11Protocol] Starting Coyote HTTP/1.1 on
>>>>> http-0.0.0.0-808
>>>>> 0
>>>>> 16:20:19,031 ERROR [Http11Protocol] Error starting endpoint
>>>>> java.io.IOException: Bad KeyStore file, expecting a 40 character line.
>>>>> at
>>>>> com.ncipher.provider.km.KMKeyStore.engineLoad(KMKeyStore.java:674)
>>>>> at java.security.KeyStore.load(KeyStore.java:1185)
>>>>> at
>>>>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getStore(JSSESocket
>>>>> Factory.java:319)
>>>>> at
>>>>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeystore(JSSESoc
>>>>> ketFactory.java:259)
>>>>> at
>>>>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.getKeyManagers(JSSE
>>>>> SocketFactory.java:410)
>>>>> at
>>>>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.init(JSSESocketFact
>>>>> ory.java:378)
>>>>> at
>>>>> org.apache.tomcat.util.net.jsse.JSSESocketFactory.createSocket(JSSESo
>>>>> cketFactory.java:135)
>>>>> at
>>>>> org.apache.tomcat.util.net.JIoEndpoint.init(JIoEndpoint.java:497)
>>>>> at
>>>>> org.apache.tomcat.util.net.JIoEndpoint.start(JIoEndpoint.java:514)
>>>>> at
>>>>> org.apache.coyote.http11.Http11Protocol.start(Http11Protocol.java:203
>>>>> )
>>>>> at
>>>>> org.apache.catalina.connector.Connector.start(Connector.java:1146)
>>>>> at
>>>>> org.jboss.web.tomcat.service.JBossWeb.startConnectors(JBossWeb.java:6
>>>>> 01)
>>>>> at
>>>>> org.jboss.web.tomcat.service.JBossWeb.handleNotification(JBossWeb.jav
>>>>> a:638)
>>>>> at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
>>>>> at
>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
>>>>> sorImpl.java:25)
>>>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>>>> at
>>>>> org.jboss.mx.notification.NotificationListenerProxy.invoke(Notificati
>>>>> onListenerProxy.java:153)
>>>>> at $Proxy46.handleNotification(Unknown Source)
>>>>> at
>>>>> org.jboss.mx.util.JBossNotificationBroadcasterSupport.handleNotificat
>>>>> ion(JBossNotificationBroadcasterSupport.java:127)
>>>>> at
>>>>> org.jboss.mx.util.JBossNotificationBroadcasterSupport.sendNotificatio
>>>>> n(JBossNotificationBroadcasterSupport.java:108)
>>>>> at
>>>>> org.jboss.system.server.ServerImpl.sendNotification(ServerImpl.java:9
>>>>> 16)
>>>>> at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:497)
>>>>> at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)
>>>>> at org.jboss.Main.boot(Main.java:200)
>>>>> at org.jboss.Main$1.run(Main.java:508)
>>>>> at java.lang.Thread.run(Thread.java:619)
>>>>> 16:20:19,046 WARN [JBossWeb] Failed to startConnectors
>>>>> LifecycleException: service.getName(): "jboss.web"; Protocol handler
>>>>> start fai
>>>>> led: java.io.IOException: Bad KeyStore file, expecting a 40 character
>>>>> line.
>>>>> at
>>>>> org.apache.catalina.connector.Connector.start(Connector.java:1153)
>>>>> at
>>>>> org.jboss.web.tomcat.service.JBossWeb.startConnectors(JBossWeb.java:6
>>>>> 01)
>>>>> at
>>>>> org.jboss.web.tomcat.service.JBossWeb.handleNotification(JBossWeb.jav
>>>>> a:638)
>>>>> at sun.reflect.GeneratedMethodAccessor4.invoke(Unknown Source)
>>>>> at
>>>>> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAcces
>>>>> sorImpl.java:25)
>>>>> at java.lang.reflect.Method.invoke(Method.java:597)
>>>>> at
>>>>> org.jboss.mx.notification.NotificationListenerProxy.invoke(Notificati
>>>>> onListenerProxy.java:153)
>>>>> at $Proxy46.handleNotification(Unknown Source)
>>>>> at
>>>>> org.jboss.mx.util.JBossNotificationBroadcasterSupport.handleNotificat
>>>>> ion(JBossNotificationBroadcasterSupport.java:127)
>>>>> at
>>>>> org.jboss.mx.util.JBossNotificationBroadcasterSupport.sendNotificatio
>>>>> n(JBossNotificationBroadcasterSupport.java:108)
>>>>> at
>>>>> org.jboss.system.server.ServerImpl.sendNotification(ServerImpl.java:9
>>>>> 16)
>>>>> at org.jboss.system.server.ServerImpl.doStart(ServerImpl.java:497)
>>>>> at org.jboss.system.server.ServerImpl.start(ServerImpl.java:362)
>>>>> at org.jboss.Main.boot(Main.java:200)
>>>>> at org.jboss.Main$1.run(Main.java:508)
>>>>> at java.lang.Thread.run(Thread.java:619)
>>>>> 16:20:19,062 INFO [Server] JBoss (MX MicroKernel) [4.2.3.GA (build:
>>>>> SVNTag=JBos
>>>>> s_4_2_3_GA date=200807181439)] Started in 4m:25s:750ms
>>>>>
>>>>>
>>>>> On Tue, Oct 14, 2008 at 4:24 PM, Leonardo L. P. da Mata
>>>>> <barroca@...> wrote:
>>>>>
>>>>>> To illustrate how am I import the keys, I've imported again, and here
>>>>>> is the result:
>>>>>>
>>>>>> c:\nfast\bin\generatekey --import -c mscapi pkcs11
>>>>>> pemreadfile=teste.pem type=RSA
>>>>>> recovery: Key recovery? (yes/no) [yes] >
>>>>>> plainname: Key name? [] > imported3
>>>>>> nvram: Store blob in NVRAM (will require administrator cardset)? (yes/no)
>>>>>> [no]
>>>>>> key generation parameters:
>>>>>> operation Operation to perform
>>>>>> import
>>>>>> application Application
>>>>>> pkcs11
>>>>>> protect Protected by
>>>>>> token
>>>>>> slot Slot to read cards from 0
>>>>>> recovery Key recovery
>>>>>> yes
>>>>>> verify Verify security of key
>>>>>> yes
>>>>>> type Key type
>>>>>> RSA
>>>>>> pemreadfile PEM file containing RSA key
>>>>>> teste.pe
>>>>>> m
>>>>>> plainname Key name
>>>>>> imported
>>>>>> 3
>>>>>> nvram Store blob in NVRAM (will require administrator cardset)
>>>>>> no
>>>>>>
>>>>>> Loading `mscapi':
>>>>>> Module 1: 0 cards of 1 read
>>>>>> Module 1 slot 0: `mscapi' #1 (`oper')
>>>>>> Module 1 slot 0:- passphrase supplied - reading card
>>>>>> Card reading complete.
>>>>>>
>>>>>> Key successfully imported.
>>>>>> Path to key:
>>>>>> C:\nfast\kmdata\local\key_pkcs11_uc3d9fa9461f5ada90d40e0b1a2420099ea70834bb-9108857e16ec3ee22b9a23373e9c6f24eac8d70b
>>>>>>
>>>>>>
>>>>>>
>>>>>> It seems that the key is correctly imported. "This is surely possible,
>>>>>> but we have not done it so we can't provide you with finished commands
>>>>>> for importing keys for PKCS#11." . Do you think that the message
>>>>>> saying "Key successfully imported." is not true?
>>>>>>
>>>>>> 1)I will try the JCE way.
>>>>>> 2)Since there's no difference between creating a new one, and
>>>>>> importing, the options are a little bit confusing. Maybe the
>>>>>> documentation must be more "step by step" like.. :-)
>>>>>> 3) I notice that also.
>>>>>>
>>>>>>
>>>>>> I will check for other ways to use the HSM and keep giving feedback here.
>>>>>>
>>>>>> Thanks for all the help provided..
>>>>>>
>>>>>>
>>>>>>
>>>>>> On Tue, Oct 14, 2008 at 3:57 PM, Ejbca support
>>>>>> <ejbca-support@...> wrote:
>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> 1) The Howto article is created for the NFastToken way of using nCipher,
>>>>>>> not PKCS#11. You can use nCipher using:
>>>>>>> - PKCS#11
>>>>>>> - NFast JCE Provider
>>>>>>>
>>>>>>> Both ways work, but the howto for importing keys is done for the JCE
>>>>>>> provider.
>>>>>>> When trying to start JBoss using the JCE provider did you use
>>>>>>> EJBCA/bin/nCipherJboss.sh and did you have the nCipher JCE/JCA provider
>>>>>>> installed (it is separate packages in the nCipher install).
>>>>>>>
>>>>>>> When nfkminfo says:
>>>>>>> -----
>>>>>>>
>>>>>>> jboss@host$ $NFAST_HOME/bin/nfkminfo -k
>>>>>>> AppName jcecsp Ident f7e825134fe23f58b1575d8efb487babe7ebd1ed
>>>>>>> AppName jcecsp Ident
>>>>>>> f7e825134fe23f58b1575d8efb487babe7ebd1ed-key-832c8a89fe813dc99ae61e094fe5d195ca3e405d
>>>>>>> -----
>>>>>>> jcecsp means the keys can only be used by the JCE-provider. nCipher does
>>>>>>> it so you have different targets depending on which API you are using. If
>>>>>>> you want to use PKCS#11 you need to import the keys in another way.
>>>>>>> This is surely possible, but we have not done it so we can't provide you
>>>>>>> with finished commands for importing keys for PKCS#11.
>>>>>>>
>>>>>>>
>>>>>>> 2) There is no option for creating an "imported CA", you simply create a
>>>>>>> CA as usual and provide the correct parameters as CAToken parameters.
>>>>>>> From EJBCAs view there is no difference between a CA with keys
>>>>>>> generated in the HSM or created in the HSM. From EJBCAs view the keys
>>>>>>> ARE simply in the HSM and are used in the HSM.
>>>>>>>
>>>>>>> Simply create a new CA using keys on the HSM. Enter a name for the new
>>>>>>> CA and click 'Create CA'.
>>>>>>>
>>>>>>> Which options do not exist? Perhaps the wording "When importing a
>>>>>>> sub-CA" is confusing? Since you don't import a CA, you simply create a
>>>>>>> CA as usual.
>>>>>>>
>>>>>>> 3) "Import CA certificate" is for something completely different, don't
>>>>>>> use that. This function simply imports a CA certificate (as you
>>>>>>> noticed), so you can have external CA certificates imported for various
>>>>>>> verification reasons.
>>>>>>>
>>>>>>> Cheers,
>>>>>>> Tomas
>>>>>>> -----
>>>>>>> PrimeKey Solutions offers a commercial EJBCA support subscription and
>>>>>>> training for EJBCA. Please see www.primekey.se or contact
>>>>>>> info@... for more information.
>>>>>>> http://download.primekey.se/documents/ejbca_subscription.pdf
>>>>>>> http://download.primekey.se/documents/ejbca_training.pdf
>>>>>>>
>>>>>>>
>>>>>>> Leonardo L. P. da Mata wrote:
>>>>>>>
>>>>>>>> Hey, so, I've read the documentation, but i think there are some
>>>>>>>> lacks...
>>>>>>>> Just to make sure, to use the nCipher nShield, i should use the pkcs11
>>>>>>>> interface, right? I've tried to start jboss using the ncipher
>>>>>>>> interface, but it didn't wok. So i suppose that this kind of hsm must
>>>>>>>> use the pkcs11 interface.
>>>>>>>>
>>>>>>>> On the screen:
>>>>>>>> https://localhost:8443/ejbca/adminweb/ca/editcas/editcas.jsp
>>>>>>>>
>>>>>>>> i can't find the option mentioned in the documentation, there's no
>>>>>>>> "create new CA 'ImportedCA'" option, and when i click in the create
>>>>>>>> button, there's no option that can be selected as impotedCA.
>>>>>>>>
>>>>>>>> There are "Import CA keystore" and "import CA certificate". but when i
>>>>>>>> use the option "import CA certificate" i can import my CA certificate,
>>>>>>>> but the key is not stored in the HSM. the CA Token Type is set to Null
>>>>>>>> after the import.
>>>>>>>>
>>>>>>>> We must provide more than 1 type of security solution, that's why I'm
>>>>>>>> testing booth generating keys inside HSM and generating outside and
>>>>>>>> importing then.
>>>>>>>>
>>>>>>>> The next step i will try is to generate User certificates into smart
>>>>>>>> cards, but I'm already testing http://www.hardtokenmgmt.org/.
>>>>>>>>
>>>>>>>> Thanks, I appreciate the help. Hope to help the company that I'm
>>>>>>>> working for to be another reference installation.
>>>>>>>>
>>>>>>>>
>>>>>>>> On Tue, Oct 14, 2008 at 5:28 AM, Tomas Gustavsson <tomas@...>
>>>>>>>> wrote:
>>>>>>>>
>>>>>>>>
>>>>>>>>> Hi Leonardo,
>>>>>>>>>
>>>>>>>>> Did you read the chapter in the User Guide at ejbca.org called
>>>>>>>>> "Importing an existing CA or sub-CA to EJBCA"? It's under the
>>>>>>>>> HSM->nCopher section. This text explains exactly how you can import
>>>>>>>>> existing keys (stored on disc) to create a CA in EJBCA.
>>>>>>>>> It also explains how you create the CA in EJBCA.
>>>>>>>>>
>>>>>>>>> We have done this and it works, no options in JBoss. Since the keys
>>>>>>>>> are
>>>>>>>>> imported into nCipher, it is simply just like any other CA with keys
>>>>>>>>> on
>>>>>>>>> the nCipher HSM. There is no difference between this CA and a CA where
>>>>>>>>> keys are generated inside the HSM (which is the recommended way for
>>>>>>>>> security reasons of-course).
>>>>>>>>>
>>>>>>>>> Regards,
>>>>>>>>> Tomas
>>>>>>>>> -----
>>>>>>>>> PrimeKey Solutions offers a commercial EJBCA support subscription and
>>>>>>>>> training for EJBCA. Please see www.primekey.se or contact
>>>>>>>>> info@... for more information.
>>>>>>>>> http://download.primekey.se/documents/ejbca_subscription.pdf
>>>>>>>>> http://download.primekey.se/documents/ejbca_training.pdf
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Leonardo L. P. da Mata wrote:
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>> Hello,
>>>>>>>>>>
>>>>>>>>>> I'm developing the pki infrastructure for the Official Press of Minas
>>>>>>>>>> Gerais Estate ,in Brazil, and I'm having some problems on generating
>>>>>>>>>> keys outside a HSM and importing then inside the HSM.
>>>>>>>>>>
>>>>>>>>>> The server is a Windows XP, and I'm using nCipher nShield HSM. I was
>>>>>>>>>> able to import the keys using generatekey --import, the keys are
>>>>>>>>>> listed using nfkminfo tool, but i don't know how to use these keys to
>>>>>>>>>> create a new CA. Is it possible to use external keys to create new
>>>>>>>>>> CAs?
>>>>>>>>>>
>>>>>>>>>> Is there any special change to use imported keys in the
>>>>>>>>>> administration
>>>>>>>>>> GUI? Do I need to set parameters when I start JBOSS to use external
>>>>>>>>>> keys?
>>>>>>>>>>
>>>>>>>>>> Is there any other source of information different then ejbca.org?
>>>>>>>>>>
>>>>>>>>>> I'm using ejbca-3.7.1 and jboss-4.2.3-GA
>>>>>>>>>>
>>>>>>>>>> Thanks.
>>>>>>>>>>
>>>>>>>>>> BTW, we are planning to develop the tools as free-software.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>> -------------------------------------------------------------------------
>>>>>>>>> This SF.Net email is sponsored by the Moblin Your Move Developer's
>>>>>>>>> challenge
>>>>>>>>> Build the coolest Linux based applications with Moblin SDK & win great
>>>>>>>>> prizes
>>>>>>>>> Grand prize is a trip for two to an Open Source event anywhere in the
>>>>>>>>> world
>>>>>>>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>>>>>>>>> _______________________________________________
>>>>>>>>> Ejbca-develop mailing list
>>>>>>>>> Ejbca-develop@...
>>>>>>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>> -------------------------------------------------------------------------
>>>>>>> This SF.Net email is sponsored by the Moblin Your Move Developer's
>>>>>>> challenge
>>>>>>> Build the coolest Linux based applications with Moblin SDK & win great
>>>>>>> prizes
>>>>>>> Grand prize is a trip for two to an Open Source event anywhere in the
>>>>>>> world
>>>>>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>>>>>>> _______________________________________________
>>>>>>> Ejbca-develop mailing list
>>>>>>> Ejbca-develop@...
>>>>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>>>>>
>>>>>>>
>>>>>> --
>>>>>> Leonardo Luiz Padovani da Mata
>>>>>> barroca@...
>>>>>>
>>>>>> "May the force be with you, always"
>>>>>> "Nerd Pride... eu tenho. Voce tem?"
>>>>>>
>>>>>>
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> PrimeKey Solutions offers a commercial EJBCA support subscription and
>>>> training for EJBCA. Please see www.primekey.se or contact info@...
>>>> for more information.
>>>> http://download.primekey.se/documents/ejbca_subscription.pdf
>>>> http://download.primekey.se/documents/ejbca_training.pdf
>>>>
>>>>
>>>>
>>>> -------------------------------------------------------------------------
>>>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
>>>> Build the coolest Linux based applications with Moblin SDK & win great
>>>> prizes
>>>> Grand prize is a trip for two to an Open Source event anywhere in the world
>>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
>>>> _______________________________________________
>>>> Ejbca-develop mailing list
>>>> Ejbca-develop@...
>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>>>>
>>>>
>>>
>>>
>>> --
>>> Leonardo Luiz Padovani da Mata
>>> barroca@...
>>>
>>> "May the force be with you, always"
>>> "Nerd Pride... eu tenho. Voce tem?"
>>>
>>
>>
>>
>
>
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> _______________________________________________
> Ejbca-develop mailing list
> Ejbca-develop@...
> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
>
--
Leonardo Luiz Padovani da Mata
barroca@...
"May the force be with you, always"
"Nerd Pride... eu tenho. Voce tem?"
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Ejbca-develop mailing list
Ejbca-develop@...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
« Return to Thread: Using external key with ncipher HSM
| Free embeddable forum powered by Nabble | Forum Help |
