[Opendnssec-user] SoftHSM and Java

Peter Hudec peter.hudec at swan.sk
Fri Jun 17 14:00:10 UTC 2011

Hi Rickard,

I tried the version 1.2.1 and the latest implementation of Java VM, with the same result.

My goal is to replace the PKCS#12 keysore with the HSM modul. As first I tried to use the softhsm
for it.

As you wrote the trunk version is capable of storing also the certificates, so it's more suitable
for my purposes.


On 06/17/2011 03:28 PM, Rickard Bellgrim wrote:
> On Fri, Jun 17, 2011 at 3:04 PM, Rickard Bellgrim
> <rickard at opendnssec.org> wrote:
>> On Fri, Jun 17, 2011 at 2:47 PM, Rickard Bellgrim
>> <rickard at opendnssec.org> wrote:
>>> It works with SoftHSM from trunk.
>>> rickard at fou:~/javatest$ java Main
>>> Alias: MyCert/1.2.840.113549.1.9.1=#16157269636b617264624063657274657a7a612e6e6574,cn=rickard
>>> bellgrim,ou=fou,o=.se,l=stockholm,st=stockholm,c=se/17127753708335508683
>> Ok, the java program only found the cert. Will try to investigate why
>> it could not find the private and public keys.
> It looks ok from the PKCS#11 perspective. All the calls to SoftHSM are
> returned with a positive answer containing the information it asked
> for. There is nothing in the returned data that makes me suspect that
> Java aborts the search. See output from PKCS#11-spy.
> So I think it is more about the Java code and what that function call does.
> (If you want to handle certificates, then I recommend using SoftHSM
> trunk which now has support for it.)
> // Rickard

Mgr. Peter Hudec
Divízia stratégie a rozvoja
(Research and Development Department)
Oddelenie vývoja

SWAN a.s.
Borská 6, 841 04 Bratislava 4

More information about the Opendnssec-user mailing list