CODEWITHSUNDEEP
javadigital-signaturepkcs#11iaik-jce
user3632773
user3632773

Reputation: 11

CKR_DEVICE_ERROR using iaik for digital signature

I'm try to develop a Java Application that is able to do the digital signature on a file with smart card.

I set the PKCS#11 provider in this way:

Security.addProvider(new IAIK());
Properties providerProperties = new Properties();
providerProperties.put("PKCS11_NATIVE_MODULE","path\\asepkcs.dll");
IAIKPkcs11 pkcs11Provider = new IAIKPkcs11(providerProperties);
Security.addProvider(pkcs11Provider);
 Module module = Module.getInstance("path\\asepkcs.dll");

After I read the KeyStore that I load in to smart card before, but when I try to use the method for create the digital sign the application catch the follow exception:

java.security.SignatureException: iaik.pkcs.pkcs11.wrapper.PKCS11Exception: CKR_DEVICE_ERROR                      
at iaik.pkcs.pkcs11.provider.signatures.ExternalHashSignature.pkcs11Sign(ExternalHashSignature.java:294)
at iaik.pkcs.pkcs11.provider.signatures.PKCS11Signature.engineSign(PKCS11Signature.java:638)
at java.security.Signature$Delegate.engineSign(Unknown Source)
at java.security.Signature.sign(Unknown Source)
at sii.tesi.firma.provasc.FirmaScK.main(FirmaScK.java:288)

I'm not be able to understand how I could resolve the CKR_DEVICE_ERROR. I use for the sign the follow methods:

Signature signAlg = Signature.getInstance("SHA1withRSA"); 
signAlg.initSign(privateKey); 
signAlg.update(toBeEncrypted); 
byte[] signatureValue = signAlg.sign();

Upvotes: 1

Views: 7650

Answers (2)

Haring
Haring

Reputation: 11

I fixed CKR_DEVICE_ERROR. The problem was simply that the smartcard was making a bad connection (Omnikey 6121 are badly build)

a paperclip to jam the chip tighter on the board fixed this problem for me.

Upvotes: 1

Manuel
Manuel

Reputation: 4238

DId you use the Pkcs11Wrapper as well? If so, did you specify the java.library.path? The Wrapper version should match the Provider version, or check the readme for more details.

Regarding your code, specify the IAIK provider:

Signature.getInstance("SHA1withRSA", iaikProvider)

and try to add the provider like this:

IAIK.addAsProvider(false);

If that doesn't help check the error log generated by the pkcs11 module.

Upvotes: 0

Related Questions