<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>Thanks Rickard, and to Thomas Calderon for providing the patch. I was able to write a key/certificate chain to SoftHSM using Java, with this patch in place. I did need the CKA_TOKEN = true attribute in my configuration, so that the Java library didn't try and make a session key then copy it later - but that's fine. </div><div><br></div><div>Thanks for the great support,</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>Adam</div><div><br></div><div><br></div><br><div><div>On 15/04/2011, at 6:58 PM, Rickard Bellgrim wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>SoftHSM does not currently support certificates (CKO_CERTIFICATE) that is why you get that message. However, there is a patch available that will add support for certificates. See:</div><div><a href="http://trac.opendnssec.org/ticket/100">http://trac.opendnssec.org/ticket/100</a></div><div><br></div><div>It sounds to me that we should spend some time to integrate this work into SoftHSM, so that others can benefit from it.</div><div><br></div><div>// Rickard</div><br><div><div>On 14 apr 2011, at 22.37, Adam Knight wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>I don't honestly know why the key isn't created as a token key in the first place. When I put CKA_TOKEN = true into the SoftHSM configuration file, I get an "Object class not supported" error from C_CreateObject. That is the default case in a switch statement that checks the key type - meaning that the object Java tries to create is not detected as a CKO_PUBLIC_KEY or CKO_PRIVATE_KEY. When I print out oClass, it is set to 1 (CKO_CERTIFICATE). </div><div><br></div><div>The error in C_CreateObject does happen at the right place in the Java code though - when I try and set the private key into the key store. </div><div><br></div><div><div>X509Certificate[] chain = makeCertificateChain(keyPair);</div><div>ks.setKeyEntry("ALIAS-GOES-HERE", pk, "1111".toCharArray(), chain); // THIS LINE</div></div><div><br></div><div>I suspect the CKO_CERTIFICATE oClass is caused by me calling setKeyEntry and passing in the certificate chain - Java associates Private Keys with Certificates - which of course have the Public Key. I can try saving my key as a SecretKey rather than a PrivateKey, and see if that helps - then I won't have to store the certificate chain. I think this will also fail though as a CKO_SECRET_KEY won't pass the switch statement in C_CreateObject.</div><div><br></div><div>It sort of feels like we're working around the way Java just wants to do things - <a href="http://download.oracle.com/javase/6/docs/api/index.html?java/security/KeyStore.html">http://download.oracle.com/javase/6/docs/api/index.html?java/security/KeyStore.html</a>. I mean having a common interface to a keystore is nice, but one that does what you want is much better :)</div></div></blockquote></div><br></div></blockquote></div><br><div>
<span><img height="29" width="115" id="57ae99a6-07c2-4b4c-88e9-b9c0b458b8a5" apple-width="yes" apple-height="yes" src="cid:4109830A-4532-4726-9372-80F8830211E6@local.aotea.co.nz"></span><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-align: auto; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><br class="Apple-interchange-newline"><br><span class="Apple-style-span" style="border-collapse: separate; color: rgb(0, 0, 0); font-family: Helvetica; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: 2; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-border-horizontal-spacing: 0px; -webkit-border-vertical-spacing: 0px; -webkit-text-decorations-in-effect: none; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; font-size: medium; "><div><span class="Apple-style-span" style="font-family: Calibri, Verdana, Helvetica, Arial; font-size: 17px; "><span class="Apple-style-span" style="font-size: 9px; color: rgb(128, 128, 128); "><span class="Apple-style-span" style="color: rgb(0, 0, 0); font-size: medium; "><b><font size="1"><span style="font-size: 7pt; ">ADAM_KNIGHT</span></font></b></span></span></span></div><div><span class="Apple-style-span" style="font-family: Calibri, Verdana, Helvetica, Arial; font-size: 17px; "><span class="Apple-style-span" style="font-size: 9px; "><span class="Apple-style-span" style="font-size: medium; "><font size="1"><span style="font-size: 7pt; "><font class="Apple-style-span" color="#666666">DEVELOPER</font></span></font></span></span></span></div><div><span class="Apple-style-span" style="font-family: Calibri, Verdana, Helvetica, Arial; font-size: 17px; "><span class="Apple-style-span" style="font-size: 9px; "><span class="Apple-style-span" style="font-size: medium; "><font size="1"><span style="font-size: 7pt; "><font class="Apple-style-span" color="#666666">M +64 21 88 00 03</font></span></font></span></span></span></div><div><span class="Apple-style-span" style="font-family: Calibri, Verdana, Helvetica, Arial; font-size: 17px; "><span class="Apple-style-span" style="font-size: 9px; "><span class="Apple-style-span" style="font-size: medium; "><font size="1"><span style="font-size: 7pt; "><font class="Apple-style-span" color="#666666">P +64 9 445 9196</font></span></font></span></span></span></div><div><font class="Apple-style-span" face="Calibri, Verdana, Helvetica, Arial" size="1"><span class="Apple-style-span" style="font-size: 9px; "><font class="Apple-style-span" color="#666666"><br></font></span></font></div><div><span class="Apple-style-span" style="font-family: Calibri, Verdana, Helvetica, Arial; font-size: 17px; "><span class="Apple-style-span" style="font-size: 9px; "><span class="Apple-style-span" style="font-size: medium; "><font size="1"><span style="font-size: 7pt; "><font class="Apple-style-span" color="#666666">LOFT 01 / 2 QUEENS PARADE</font></span></font></span></span></span></div><div><span class="Apple-style-span" style="font-family: Calibri, Verdana, Helvetica, Arial; font-size: 9px; "><font class="Apple-style-span" color="#666666">THE WHARF</font></span></div><div><span class="Apple-style-span" style="font-family: Calibri, Verdana, Helvetica, Arial; font-size: 9px; "><font class="Apple-style-span" color="#666666">PO BOX 32_131 </font></span></div><div><font class="Apple-style-span" face="Calibri, Verdana, Helvetica, Arial" size="1"><span class="Apple-style-span" style="font-size: 9px; "><font class="Apple-style-span" color="#666666"><br></font></span></font></div><div><span class="Apple-style-span" style="font-family: Calibri, Verdana, Helvetica, Arial; font-size: 17px; "><span class="Apple-style-span" style="font-size: 9px; "><span class="Apple-style-span" style="font-size: medium; "><font size="1"><span style="font-size: 7pt; "><font class="Apple-style-span" color="#666666">DEVONPORT</font></span></font></span></span></span></div><div><span class="Apple-style-span" style="font-family: Calibri, Verdana, Helvetica, Arial; font-size: 9px; "><font class="Apple-style-span" color="#666666">AUCKLAND</font></span></div><div><span class="Apple-style-span" style="font-family: Calibri, Verdana, Helvetica, Arial; font-size: 9px; "><font class="Apple-style-span" color="#666666">NEW ZEALAND</font></span></div><div><font class="Apple-style-span" face="Calibri, Verdana, Helvetica, Arial" size="1"><span class="Apple-style-span" style="font-size: 9px; "><br></span></font></div><div><span class="Apple-style-span" style="font-family: Calibri, Verdana, Helvetica, Arial; font-size: 17px; "><span class="Apple-style-span" style="font-size: 9px; "><span class="Apple-style-span" style="font-size: medium; "><font size="1"><span style="font-size: 7pt; "><span class="Apple-style-span" style="font-weight: bold; "><font class="Apple-style-span" color="#40B4D2">AOTEA.CO.NZ</font></span></span></font></span></span></span></div></span></span>
</div>
<br></body></html>