|
»
« Return to Thread: Using external key with ncipher HSM
Re: Using external key with ncipher HSM
by Miguel Angel Tormo Alfaro-2
::
Rate this Message:
OK then. So your starcos cards should work with the opensc-pkcs11.dll, but not the american banknote ones...
I understand your starcos cards work well with firefox and opensc-pkcs11.dll, right?
El Jueves, 30 de Octubre de 2008 19:26:16 Leonardo L. P. da Mata escribió:
> i have 2 different kinds of cards, starcos and american banknote cards..
>
> the starcos card have been initialized with opensc and they work for
> the browser ssl authentication.
> the american banknote cards came initialized from the factory (i don't
> know why people do that).
>
>
>
> On Thu, Oct 30, 2008 at 3:35 PM, Miguel Angel Tormo Alfaro
> <mlists@...> wrote:
> > That means opensc cannot recognize the format of your cards.
> > Which card are you using? Did you format it with opensc?
> >
> > El Jueves, 30 de Octubre de 2008 18:25:09 Leonardo L. P. da Mata escribió:
> >> i mean, the htmf could open the library, but couldn't use it to read
> >> the cards. It says that the card is not supported.
> >>
> >>
> >> On Thu, Oct 30, 2008 at 3:24 PM, Leonardo L. P. da Mata
> >> <barroca@...> wrote:
> >> > it was hanging on oppening the library (wrong pkcs11 interface). i've
> >> > changed to opensc-pkcs11.dll, but now it can't reconize my cards...
> >> >
> >> >
> >> >
> >> > On Thu, Oct 30, 2008 at 8:05 AM, EJBCA Support
> >> > <ejbca-support@...> wrote:
> >> >> Hi Leonardo
> >> >>
> >> >> I'm assuming you are using the java web start deployment of Tolima. The
> >> >> htmf log files are stored in <USER_HOME>/.hardtokenmgmt<n>_<n>.log can
> >> >> you send it to me.
> >> >>
> >> >> Which tokens are you using and which pkcs11 driver?
> >> >>
> >> >> // Regards Philip
> >> >>
> >> >> Leonardo L. P. da Mata skrev:
> >> >>> Hey, i've advanced a lot in the ejbca installation and it's
> >> >>> integration with htmf, but i still can't use htmf correct. I'm sending
> >> >>> this message here because the htmf list has no discussion at all.
> >> >>>
> >> >>> so, i'm using java 6 and intert explorer to access tolima. I've
> >> >>> generated an administrator card, and it seems to work (i can use this
> >> >>> card with other applications to sign).
> >> >>>
> >> >>> after the administrator authenthicate in the htmf, the ejbca send a message:
> >> >>> 19:09:11,390 INFO [Log4jLogDevice] 29 de Outubro de 2008 19h9min11s
> >> >>> BRST, CAId : -1688117755, AUTHORIZATION,
> >> >>> EVENT_INFO_AUTHORIZEDTORESOURCE, Administrator : C LIENTCERT,
> >> >>> Certificate SNR : 3964574de5f7dca8, CN=AdminCA1,O=EJBCA Sample,C=SE,
> >> >>> User : No user involved, Certificate : No certificate involved,
> >> >>> Comment : Resour ce :
> >> >>>
> >> >>> and the htmf hangs with no answer and no debug information.
> >> >>>
> >> >>> Anyone have any idea why this isn't working?
> >> >>>
> >> >>> BTW, the ant deploy of htmf doesn't substitute all variables correct,
> >> >>> the $*.hostname variables are beeing deployed without beeing
> >> >>> substituded. Maybe this is a bug of htmf (TOLIMA)
> >> >>>
> >> >>>
> >> >>> Thanks.
> >> >>>
> >> >>> On Tue, Oct 21, 2008 at 5:34 AM, Tomas Gustavsson <tomas@...> wrote:
> >> >>>
> >> >>>> Thanks added it to docs for next release.
> >> >>>>
> >> >>>> Cheers,
> >> >>>> Tomas
> >> >>>>
> >> >>>>
> >> >>>> Leonardo L. P. da Mata wrote:
> >> >>>>
> >> >>>>> So, after some time trying to find the problem, i think i could get it solved.
> >> >>>>> The eviroment variable JDK_HOME must be set correct for this to work.
> >> >>>>> This is a problem with ncipher software that is not well documented,
> >> >>>>> but i think it is important to put a note in the User's Guide.
> >> >>>>>
> >> >>>>> Command used:
> >> >>>>> C:\Documents and
> >> >>>>> Settings\barroca\Desktop\server_keys>c:\nfast\bin\generatekey.exe
> >> >>>>> --import -c mscapi jcecsp pemreadfile=unprotected.pem
> >> >>>>> keystore=temp.keystore type=RSA alias=imported1
> >> >>>>> Result:
> >> >>>>> recovery: Key recovery? (yes/no) [yes] >
> >> >>>>> keystorepass: JCE key store password? (hidden)
> >> >>>>> x509country: Country code? [] >
> >> >>>>> x509province: State or province? [] >
> >> >>>>> x509locality: City or locality? [] >
> >> >>>>> x509org: Organisation? [] >
> >> >>>>> x509orgunit: Organisation unit? [] >
> >> >>>>> x509dnscommon: Domain name? [] >
> >> >>>>> x509email: Email address? [] >
> >> >>>>> nvram: Store blob in NVRAM (will require administrator cardset)? (yes/no) [no]
> >> >>>>> key generation parameters:
> >> >>>>> operation Operation to perform import
> >> >>>>>
> >> >>>>> application Application jcecsp
> >> >>>>>
> >> >>>>> protect Protected by token
> >> >>>>> slot Slot to read cards from 0
> >> >>>>> recovery Key recovery yes
> >> >>>>> verify Verify security of key yes
> >> >>>>> type Key type RSA
> >> >>>>> pemreadfile PEM file containing RSA key unprot
> >> >>>>> ected.pem
> >> >>>>> keystore Filename of JCE key store temp.k
> >> >>>>> eystore
> >> >>>>> keystorepass JCE key store password <hidde
> >> >>>>> n>
> >> >>>>> alias JCE key alias import
> >> >>>>> ed1
> >> >>>>> x509country Country code
> >> >>>>> x509province State or province
> >> >>>>> x509locality City or locality
> >> >>>>> x509org Organisation
> >> >>>>> x509orgunit Organisation unit
> >> >>>>> x509dnscommon Domain name
> >> >>>>> x509email Email address
> >> >>>>> nvram Store blob in NVRAM (will require administrator cardset) no
> >> >>>>>
> >> >>>>> Loading `mscapi':
> >> >>>>> Module 1: 0 cards of 1 read
> >> >>>>> Module 1 slot 0: `mscapi' #1 (`oper')
> >> >>>>> Module 1 slot 0:- passphrase supplied - reading card
> >> >>>>> Card reading complete.
> >> >>>>>
> >> >>>>> Subprocess failed
> >> >>>>> Arguments: {C:/Arquivos de programas/Java/jdk1.6.0_07/bin/java.exe} com.ncipher.
> >> >>>>> provider.tools.ImportKey --keystore temp.keystore --alias imported1 --ident d34d
> >> >>>>> 2ec33c1b108ceb2d890094736947514ab4ca --type com.ncipher.provider.km.KMRSAPrivate
> >> >>>>> Key --certificate C:/nfast/kmdata/tmp/436_basilisco.cert << {123456
> >> >>>>> }
> >> >>>>> Errors:
> >> >>>>> FATAL: error creating temp.keystore
> >> >>>>>
> >> >>>>>
> >> >>>>> ERROR: Tcl_Eval of 'store' failed: child process exited abnormally
> >> >>>>> 17:11:36 ERROR: cannot remove kmdata file (C:\nfast\kmdata\local\key_jceshim_d34
> >> >>>>> d2ec33c1b108ceb2d890094736947514ab4ca): No such file or directory
> >> >>>>> nfgk_operate: SoftwareFailed
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> I still need to test if the key is working correct, but when i list
> >> >>>>> keys with nfkminfo, i can see the new imported keys.
> >> >>>>>
> >> >>>>> Thanks.
> >> >>>>>
> >> >>>>>
> >> >>>>> On Mon, Oct 20, 2008 at 12:27 PM, Leonardo L. P. da Mata
> >> >>>>> <barroca@...> wrote:
> >> >>>>>
> >> >>>>>> Hey Brune, the Security World is ok. I've checked the file
> >> >>>>>> permissions, and apparently this is not an issue, because i'm getting
> >> >>>>>> the same problem using the system administrator.
> >> >>>>>>
> >> >>>>>> I'm following the steps of ejbca user's guide. When importing a file,
> >> >>>>>> i can't access the keystore of the HSM:
> >> >>>>>>
> >> >>>>>> keystore: Filename of JCE key store? []
> >> >>>>>>
> >> >>>>>>> temp.keystore
> >> >>>>>>>
> >> >>>>>> ERROR: keystore: key store key is missing
> >> >>>>>> keystore: Filename of JCE key store? []
> >> >>>>>>
> >> >>>>>>> 59b8a83024f6d271ac8ec03838d8e3de7c204785
> >> >>>>>>>
> >> >>>>>> ERROR: keystore: cannot open file
> >> >>>>>> keystore: Filename of JCE key store? []
> >> >>>>>>
> >> >>>>>>> c:\nfast\kmdata\local\key_jcecsp_59b8a83024f6d271ac8ec03838d8e3de7c204785
> >> >>>>>>>
> >> >>>>>> ERROR: keystore: invalid keystore
> >> >>>>>> ERROR: keystore: key store key is missing
> >> >>>>>> keystore: Filename of JCE key store? []
> >> >>>>>> ERROR: keystore: invalid filename
> >> >>>>>> keystore: Filename of JCE key store? []
> >> >>>>>>
> >> >>>>>>> c:\nfast\kmdata\local\
> >> >>>>>>>
> >> >>>>>> ERROR: keystore: cannot open file
> >> >>>>>> keystore: Filename of JCE key store? []
> >> >>>>>>
> >> >>>>>>
> >> >>>>>>
> >> >>>>>> temp.keystore contains "59b8a83024f6d271ac8ec03838d8e3de7c204785" as
> >> >>>>>> mentioned in the user guide:
> >> >>>>>> "Windows: 'copy con: temp.keystore' and copypaste the string, press
> >> >>>>>> Ctrl-Z and Enter"
> >> >>>>>>
> >> >>>>>> Thanks again.
> >> >>>>>>
> >> >>>>>> On Mon, Oct 20, 2008 at 10:22 AM, Bruno Bonfils <asyd@...> wrote:
> >> >>>>>>
> >> >>>>>>> On Mon 20 October, Leonardo L. P. da Mata wrote:
> >> >>>>>>>
> >> >>>>>>>> I've read the HSM manual and checked that my Security world is a fips level 2.
> >> >>>>>>>> The NFAST_HOME is ok. I think this a security issue. I'm gonna try
> >> >>>>>>>> with the system administrator.
> >> >>>>>>>>
> >> >>>>>>> Hi,
> >> >>>>>>>
> >> >>>>>>> in order to create some key protected by the HSM, you need to create a
> >> >>>>>>> Security World, and OCS (Operator Card Set). This procedure is well
> >> >>>>>>> documented in the HSM documentations. However I may help if you trouble
> >> >>>>>>> (ps: I work at Linagora and I used to work with EJBCA and nCipher).
> >> >>>>>>>
> >> >>>>>>> If you really already have a security world, check the file permissions,
> >> >>>>>>> I don't know how is going on windows, but on unix environnement,
> >> >>>>>>> nCipher's default permissions only allow root to read/write the security
> >> >>>>>>> world's files.
> >> >>>>>>>
> >> >>>>>>> BEst regards
> >> >>>>>>>
> >> >>>>>>> --
> >> >>>>>>> http://asyd.net/home/ - Home Page
> >> >>>>>>> http://guses.org/home/ - French Speaking (Open)Solaris User Group
> >> >>>>>>>
> >> >>>>>>> -------------------------------------------------------------------------
> >> >>>>>>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> >> >>>>>>> Build the coolest Linux based applications with Moblin SDK & win great prizes
> >> >>>>>>> Grand prize is a trip for two to an Open Source event anywhere in the world
> >> >>>>>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> >> >>>>>>> _______________________________________________
> >> >>>>>>> Ejbca-develop mailing list
> >> >>>>>>> Ejbca-develop@...
> >> >>>>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >> >>>>>>>
> >> >>>>>>>
> >> >>>>>> --
> >> >>>>>> Leonardo Luiz Padovani da Mata
> >> >>>>>> barroca@...
> >> >>>>>>
> >> >>>>>> "May the force be with you, always"
> >> >>>>>> "Nerd Pride... eu tenho. Voce tem?"
> >> >>>>>>
> >> >>>>>>
> >> >>>>>
> >> >>>>>
> >> >>>> -------------------------------------------------------------------------
> >> >>>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> >> >>>> Build the coolest Linux based applications with Moblin SDK & win great prizes
> >> >>>> Grand prize is a trip for two to an Open Source event anywhere in the world
> >> >>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> >> >>>> _______________________________________________
> >> >>>> Ejbca-develop mailing list
> >> >>>> Ejbca-develop@...
> >> >>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >> >>>>
> >> >>>>
> >> >>>
> >> >>>
> >> >>>
> >> >>>
> >> >>
> >> >>
> >> >> -------------------------------------------------------------------------
> >> >> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> >> >> Build the coolest Linux based applications with Moblin SDK & win great prizes
> >> >> Grand prize is a trip for two to an Open Source event anywhere in the world
> >> >> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> >> >> _______________________________________________
> >> >> Ejbca-develop mailing list
> >> >> Ejbca-develop@...
> >> >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >> >>
> >> >
> >> >
> >> >
> >> > --
> >> > Leonardo Luiz Padovani da Mata
> >> > barroca@...
> >> >
> >> > "May the force be with you, always"
> >> > "Nerd Pride... eu tenho. Voce tem?"
> >> >
> >>
> >>
> >>
> >
> >
> >
> > -------------------------------------------------------------------------
> > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> > Build the coolest Linux based applications with Moblin SDK & win great prizes
> > Grand prize is a trip for two to an Open Source event anywhere in the world
> > http://moblin-contest.org/redirect.php?banner_id=100&url=/
> > _______________________________________________
> > Ejbca-develop mailing list
> > Ejbca-develop@...
> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >
>
>
>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Ejbca-develop mailing list
Ejbca-develop@...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
I understand your starcos cards work well with firefox and opensc-pkcs11.dll, right?
El Jueves, 30 de Octubre de 2008 19:26:16 Leonardo L. P. da Mata escribió:
> i have 2 different kinds of cards, starcos and american banknote cards..
>
> the starcos card have been initialized with opensc and they work for
> the browser ssl authentication.
> the american banknote cards came initialized from the factory (i don't
> know why people do that).
>
>
>
> On Thu, Oct 30, 2008 at 3:35 PM, Miguel Angel Tormo Alfaro
> <mlists@...> wrote:
> > That means opensc cannot recognize the format of your cards.
> > Which card are you using? Did you format it with opensc?
> >
> > El Jueves, 30 de Octubre de 2008 18:25:09 Leonardo L. P. da Mata escribió:
> >> i mean, the htmf could open the library, but couldn't use it to read
> >> the cards. It says that the card is not supported.
> >>
> >>
> >> On Thu, Oct 30, 2008 at 3:24 PM, Leonardo L. P. da Mata
> >> <barroca@...> wrote:
> >> > it was hanging on oppening the library (wrong pkcs11 interface). i've
> >> > changed to opensc-pkcs11.dll, but now it can't reconize my cards...
> >> >
> >> >
> >> >
> >> > On Thu, Oct 30, 2008 at 8:05 AM, EJBCA Support
> >> > <ejbca-support@...> wrote:
> >> >> Hi Leonardo
> >> >>
> >> >> I'm assuming you are using the java web start deployment of Tolima. The
> >> >> htmf log files are stored in <USER_HOME>/.hardtokenmgmt<n>_<n>.log can
> >> >> you send it to me.
> >> >>
> >> >> Which tokens are you using and which pkcs11 driver?
> >> >>
> >> >> // Regards Philip
> >> >>
> >> >> Leonardo L. P. da Mata skrev:
> >> >>> Hey, i've advanced a lot in the ejbca installation and it's
> >> >>> integration with htmf, but i still can't use htmf correct. I'm sending
> >> >>> this message here because the htmf list has no discussion at all.
> >> >>>
> >> >>> so, i'm using java 6 and intert explorer to access tolima. I've
> >> >>> generated an administrator card, and it seems to work (i can use this
> >> >>> card with other applications to sign).
> >> >>>
> >> >>> after the administrator authenthicate in the htmf, the ejbca send a message:
> >> >>> 19:09:11,390 INFO [Log4jLogDevice] 29 de Outubro de 2008 19h9min11s
> >> >>> BRST, CAId : -1688117755, AUTHORIZATION,
> >> >>> EVENT_INFO_AUTHORIZEDTORESOURCE, Administrator : C LIENTCERT,
> >> >>> Certificate SNR : 3964574de5f7dca8, CN=AdminCA1,O=EJBCA Sample,C=SE,
> >> >>> User : No user involved, Certificate : No certificate involved,
> >> >>> Comment : Resour ce :
> >> >>>
> >> >>> and the htmf hangs with no answer and no debug information.
> >> >>>
> >> >>> Anyone have any idea why this isn't working?
> >> >>>
> >> >>> BTW, the ant deploy of htmf doesn't substitute all variables correct,
> >> >>> the $*.hostname variables are beeing deployed without beeing
> >> >>> substituded. Maybe this is a bug of htmf (TOLIMA)
> >> >>>
> >> >>>
> >> >>> Thanks.
> >> >>>
> >> >>> On Tue, Oct 21, 2008 at 5:34 AM, Tomas Gustavsson <tomas@...> wrote:
> >> >>>
> >> >>>> Thanks added it to docs for next release.
> >> >>>>
> >> >>>> Cheers,
> >> >>>> Tomas
> >> >>>>
> >> >>>>
> >> >>>> Leonardo L. P. da Mata wrote:
> >> >>>>
> >> >>>>> So, after some time trying to find the problem, i think i could get it solved.
> >> >>>>> The eviroment variable JDK_HOME must be set correct for this to work.
> >> >>>>> This is a problem with ncipher software that is not well documented,
> >> >>>>> but i think it is important to put a note in the User's Guide.
> >> >>>>>
> >> >>>>> Command used:
> >> >>>>> C:\Documents and
> >> >>>>> Settings\barroca\Desktop\server_keys>c:\nfast\bin\generatekey.exe
> >> >>>>> --import -c mscapi jcecsp pemreadfile=unprotected.pem
> >> >>>>> keystore=temp.keystore type=RSA alias=imported1
> >> >>>>> Result:
> >> >>>>> recovery: Key recovery? (yes/no) [yes] >
> >> >>>>> keystorepass: JCE key store password? (hidden)
> >> >>>>> x509country: Country code? [] >
> >> >>>>> x509province: State or province? [] >
> >> >>>>> x509locality: City or locality? [] >
> >> >>>>> x509org: Organisation? [] >
> >> >>>>> x509orgunit: Organisation unit? [] >
> >> >>>>> x509dnscommon: Domain name? [] >
> >> >>>>> x509email: Email address? [] >
> >> >>>>> nvram: Store blob in NVRAM (will require administrator cardset)? (yes/no) [no]
> >> >>>>> key generation parameters:
> >> >>>>> operation Operation to perform import
> >> >>>>>
> >> >>>>> application Application jcecsp
> >> >>>>>
> >> >>>>> protect Protected by token
> >> >>>>> slot Slot to read cards from 0
> >> >>>>> recovery Key recovery yes
> >> >>>>> verify Verify security of key yes
> >> >>>>> type Key type RSA
> >> >>>>> pemreadfile PEM file containing RSA key unprot
> >> >>>>> ected.pem
> >> >>>>> keystore Filename of JCE key store temp.k
> >> >>>>> eystore
> >> >>>>> keystorepass JCE key store password <hidde
> >> >>>>> n>
> >> >>>>> alias JCE key alias import
> >> >>>>> ed1
> >> >>>>> x509country Country code
> >> >>>>> x509province State or province
> >> >>>>> x509locality City or locality
> >> >>>>> x509org Organisation
> >> >>>>> x509orgunit Organisation unit
> >> >>>>> x509dnscommon Domain name
> >> >>>>> x509email Email address
> >> >>>>> nvram Store blob in NVRAM (will require administrator cardset) no
> >> >>>>>
> >> >>>>> Loading `mscapi':
> >> >>>>> Module 1: 0 cards of 1 read
> >> >>>>> Module 1 slot 0: `mscapi' #1 (`oper')
> >> >>>>> Module 1 slot 0:- passphrase supplied - reading card
> >> >>>>> Card reading complete.
> >> >>>>>
> >> >>>>> Subprocess failed
> >> >>>>> Arguments: {C:/Arquivos de programas/Java/jdk1.6.0_07/bin/java.exe} com.ncipher.
> >> >>>>> provider.tools.ImportKey --keystore temp.keystore --alias imported1 --ident d34d
> >> >>>>> 2ec33c1b108ceb2d890094736947514ab4ca --type com.ncipher.provider.km.KMRSAPrivate
> >> >>>>> Key --certificate C:/nfast/kmdata/tmp/436_basilisco.cert << {123456
> >> >>>>> }
> >> >>>>> Errors:
> >> >>>>> FATAL: error creating temp.keystore
> >> >>>>>
> >> >>>>>
> >> >>>>> ERROR: Tcl_Eval of 'store' failed: child process exited abnormally
> >> >>>>> 17:11:36 ERROR: cannot remove kmdata file (C:\nfast\kmdata\local\key_jceshim_d34
> >> >>>>> d2ec33c1b108ceb2d890094736947514ab4ca): No such file or directory
> >> >>>>> nfgk_operate: SoftwareFailed
> >> >>>>>
> >> >>>>>
> >> >>>>>
> >> >>>>> I still need to test if the key is working correct, but when i list
> >> >>>>> keys with nfkminfo, i can see the new imported keys.
> >> >>>>>
> >> >>>>> Thanks.
> >> >>>>>
> >> >>>>>
> >> >>>>> On Mon, Oct 20, 2008 at 12:27 PM, Leonardo L. P. da Mata
> >> >>>>> <barroca@...> wrote:
> >> >>>>>
> >> >>>>>> Hey Brune, the Security World is ok. I've checked the file
> >> >>>>>> permissions, and apparently this is not an issue, because i'm getting
> >> >>>>>> the same problem using the system administrator.
> >> >>>>>>
> >> >>>>>> I'm following the steps of ejbca user's guide. When importing a file,
> >> >>>>>> i can't access the keystore of the HSM:
> >> >>>>>>
> >> >>>>>> keystore: Filename of JCE key store? []
> >> >>>>>>
> >> >>>>>>> temp.keystore
> >> >>>>>>>
> >> >>>>>> ERROR: keystore: key store key is missing
> >> >>>>>> keystore: Filename of JCE key store? []
> >> >>>>>>
> >> >>>>>>> 59b8a83024f6d271ac8ec03838d8e3de7c204785
> >> >>>>>>>
> >> >>>>>> ERROR: keystore: cannot open file
> >> >>>>>> keystore: Filename of JCE key store? []
> >> >>>>>>
> >> >>>>>>> c:\nfast\kmdata\local\key_jcecsp_59b8a83024f6d271ac8ec03838d8e3de7c204785
> >> >>>>>>>
> >> >>>>>> ERROR: keystore: invalid keystore
> >> >>>>>> ERROR: keystore: key store key is missing
> >> >>>>>> keystore: Filename of JCE key store? []
> >> >>>>>> ERROR: keystore: invalid filename
> >> >>>>>> keystore: Filename of JCE key store? []
> >> >>>>>>
> >> >>>>>>> c:\nfast\kmdata\local\
> >> >>>>>>>
> >> >>>>>> ERROR: keystore: cannot open file
> >> >>>>>> keystore: Filename of JCE key store? []
> >> >>>>>>
> >> >>>>>>
> >> >>>>>>
> >> >>>>>> temp.keystore contains "59b8a83024f6d271ac8ec03838d8e3de7c204785" as
> >> >>>>>> mentioned in the user guide:
> >> >>>>>> "Windows: 'copy con: temp.keystore' and copypaste the string, press
> >> >>>>>> Ctrl-Z and Enter"
> >> >>>>>>
> >> >>>>>> Thanks again.
> >> >>>>>>
> >> >>>>>> On Mon, Oct 20, 2008 at 10:22 AM, Bruno Bonfils <asyd@...> wrote:
> >> >>>>>>
> >> >>>>>>> On Mon 20 October, Leonardo L. P. da Mata wrote:
> >> >>>>>>>
> >> >>>>>>>> I've read the HSM manual and checked that my Security world is a fips level 2.
> >> >>>>>>>> The NFAST_HOME is ok. I think this a security issue. I'm gonna try
> >> >>>>>>>> with the system administrator.
> >> >>>>>>>>
> >> >>>>>>> Hi,
> >> >>>>>>>
> >> >>>>>>> in order to create some key protected by the HSM, you need to create a
> >> >>>>>>> Security World, and OCS (Operator Card Set). This procedure is well
> >> >>>>>>> documented in the HSM documentations. However I may help if you trouble
> >> >>>>>>> (ps: I work at Linagora and I used to work with EJBCA and nCipher).
> >> >>>>>>>
> >> >>>>>>> If you really already have a security world, check the file permissions,
> >> >>>>>>> I don't know how is going on windows, but on unix environnement,
> >> >>>>>>> nCipher's default permissions only allow root to read/write the security
> >> >>>>>>> world's files.
> >> >>>>>>>
> >> >>>>>>> BEst regards
> >> >>>>>>>
> >> >>>>>>> --
> >> >>>>>>> http://asyd.net/home/ - Home Page
> >> >>>>>>> http://guses.org/home/ - French Speaking (Open)Solaris User Group
> >> >>>>>>>
> >> >>>>>>> -------------------------------------------------------------------------
> >> >>>>>>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> >> >>>>>>> Build the coolest Linux based applications with Moblin SDK & win great prizes
> >> >>>>>>> Grand prize is a trip for two to an Open Source event anywhere in the world
> >> >>>>>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> >> >>>>>>> _______________________________________________
> >> >>>>>>> Ejbca-develop mailing list
> >> >>>>>>> Ejbca-develop@...
> >> >>>>>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >> >>>>>>>
> >> >>>>>>>
> >> >>>>>> --
> >> >>>>>> Leonardo Luiz Padovani da Mata
> >> >>>>>> barroca@...
> >> >>>>>>
> >> >>>>>> "May the force be with you, always"
> >> >>>>>> "Nerd Pride... eu tenho. Voce tem?"
> >> >>>>>>
> >> >>>>>>
> >> >>>>>
> >> >>>>>
> >> >>>> -------------------------------------------------------------------------
> >> >>>> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> >> >>>> Build the coolest Linux based applications with Moblin SDK & win great prizes
> >> >>>> Grand prize is a trip for two to an Open Source event anywhere in the world
> >> >>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> >> >>>> _______________________________________________
> >> >>>> Ejbca-develop mailing list
> >> >>>> Ejbca-develop@...
> >> >>>> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >> >>>>
> >> >>>>
> >> >>>
> >> >>>
> >> >>>
> >> >>>
> >> >>
> >> >>
> >> >> -------------------------------------------------------------------------
> >> >> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> >> >> Build the coolest Linux based applications with Moblin SDK & win great prizes
> >> >> Grand prize is a trip for two to an Open Source event anywhere in the world
> >> >> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> >> >> _______________________________________________
> >> >> Ejbca-develop mailing list
> >> >> Ejbca-develop@...
> >> >> https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >> >>
> >> >
> >> >
> >> >
> >> > --
> >> > Leonardo Luiz Padovani da Mata
> >> > barroca@...
> >> >
> >> > "May the force be with you, always"
> >> > "Nerd Pride... eu tenho. Voce tem?"
> >> >
> >>
> >>
> >>
> >
> >
> >
> > -------------------------------------------------------------------------
> > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> > Build the coolest Linux based applications with Moblin SDK & win great prizes
> > Grand prize is a trip for two to an Open Source event anywhere in the world
> > http://moblin-contest.org/redirect.php?banner_id=100&url=/
> > _______________________________________________
> > Ejbca-develop mailing list
> > Ejbca-develop@...
> > https://lists.sourceforge.net/lists/listinfo/ejbca-develop
> >
>
>
>
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Ejbca-develop mailing list
Ejbca-develop@...
https://lists.sourceforge.net/lists/listinfo/ejbca-develop
« Return to Thread: Using external key with ncipher HSM
| Free embeddable forum powered by Nabble | Forum Help |
