[Opendnssec-user] SoftHSM and Java

Peter Hudec peter.hudec at swan.sk
Fri Jun 17 14:00:10 UTC 2011


Hi Rickard,

I tried the version 1.2.1 and the latest implementation of Java VM, with the same result.

My goal is to replace the PKCS#12 keysore with the HSM modul. As first I tried to use the softhsm
for it.

As you wrote the trunk version is capable of storing also the certificates, so it's more suitable
for my purposes.

	thanks
		Peter


On 06/17/2011 03:28 PM, Rickard Bellgrim wrote:
> On Fri, Jun 17, 2011 at 3:04 PM, Rickard Bellgrim
> <rickard at opendnssec.org> wrote:
>> On Fri, Jun 17, 2011 at 2:47 PM, Rickard Bellgrim
>> <rickard at opendnssec.org> wrote:
>>> It works with SoftHSM from trunk.
>>>
>>> rickard at fou:~/javatest$ java Main
>>> Alias: MyCert/1.2.840.113549.1.9.1=#16157269636b617264624063657274657a7a612e6e6574,cn=rickard
>>> bellgrim,ou=fou,o=.se,l=stockholm,st=stockholm,c=se/17127753708335508683
>>
>> Ok, the java program only found the cert. Will try to investigate why
>> it could not find the private and public keys.
> 
> It looks ok from the PKCS#11 perspective. All the calls to SoftHSM are
> returned with a positive answer containing the information it asked
> for. There is nothing in the returned data that makes me suspect that
> Java aborts the search. See output from PKCS#11-spy.
> 
> So I think it is more about the Java code and what that function call does.
> 
> (If you want to handle certificates, then I recommend using SoftHSM
> trunk which now has support for it.)
> 
> // Rickard


-- 
Mgr. Peter Hudec
Divízia stratégie a rozvoja
(Research and Development Department)
Oddelenie vývoja

SWAN a.s.
Borská 6, 841 04 Bratislava 4



More information about the Opendnssec-user mailing list