Reputation: 637
LunaCryptokiException: function 'CrystokiConnect failed' returns 0x0 as non root user
I have used Luna SA with SDK for generating keypairs.
When am trying to list the keystore (as non root user) its throwing below exception. If I try as root user, it does list and works fine.
I have given read write permission to non root user.
keytool error: java.security.KeyStoreException: LUNA not found
java.security.KeyStoreException: LUNA not found
Caused by: com.safenetinc.luna.LunaCryptokiException: function 'CrystokiConnect failed' returns 0x0
at com.safenetinc.luna.LunaCryptokiException.ThrowNew(LunaCryptokiException.java:)
at com.safenetinc.luna.LunaAPI.Initialize(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
Any help, how can I list key stores as a non root user?
Upvotes: 3
Views: 7288
Answers (5)
Reputation: 637
parent folder, where certificates resides to connect hsm for handshake and luna bin folder should have read and execute permission for non root users who are using the client.
Which I missed!
Upvotes: 0
Reputation: 4019
From their official guide:
To allow non-root users or applications access your attached HSMs and partitions, assign the users to the hsmusers group. The users you assign to the hsmusers group must exist on the client workstation. Users you add to the hsmusers group are able to access your attached HSMs and partitions. Users who are not part of the hsmusers group are not able to access your attached HSMs and partitions.
sudo gpasswd --add <username> hsmusers
Upvotes: 1
Reputation: 133
I had the same issue even after providing proper permission to /usr/safenet/lunaclient/. Got it resolved after giving 755 permission to /usr/safenet/ folder
chmod -R 755 /usr/safenet/
Upvotes: 0
Reputation: 61
I was having the same issue and I also had to fix the permissions of the file /etc/Chrystoki.conf.
Upvotes: 0
Reputation: 667
I had the same issue and it got resolved once we provided proper permission to /usr/safenet/lunaclient/
chmod -R 777 /usr/safenet/lunaclient/
Upvotes: 2
Related Questions
- An internal error occurred. the private key that you are importing might require a cryptographic service provider that is not installed on your system
- Error when authenticating with a Keycloak cluster
- Exception while connecting to KeyVault from Azure VM
- CryptographyClient Decrypt throws 'Key does not exist' exception
- KeyVault getting a secret out fails
- Cannot create resource in keycloak - Getting unknown exception
- Getting user keycloak Not Found exception
- Error when Encrypt secret value - Operation returned an invalid status code 'BadRequest'
- Connection failed to hsm luna SA 'C_Initialize' returns 0x30
- CryptographicException KeySet does not exists