[Opendnssec-user] SoftHSM and Java

Peter Hudec peter.hudec at swan.sk
Mon Jun 20 13:26:32 UTC 2011

Hi Rickard,

I played al little bit with trunk version, but was not able to import certificate file
by cli.
The input file must be in PKCS8 format so how do I convert the CRT file from PEM
to PKCS8, while the PKCS8 is only for storing the private keys?

Please could you /or anybody else/ send my some stupid proof example how to store
the cert file in the softhsm? /cli version/. I tried olso the switch --type
but maybe with wrong file type ;(


On 06/17/2011 03:28 PM, Rickard Bellgrim wrote:
> On Fri, Jun 17, 2011 at 3:04 PM, Rickard Bellgrim
> <rickard at opendnssec.org> wrote:
>> On Fri, Jun 17, 2011 at 2:47 PM, Rickard Bellgrim
>> <rickard at opendnssec.org> wrote:
>>> It works with SoftHSM from trunk.
>>> rickard at fou:~/javatest$ java Main
>>> Alias: MyCert/1.2.840.113549.1.9.1=#16157269636b617264624063657274657a7a612e6e6574,cn=rickard
>>> bellgrim,ou=fou,o=.se,l=stockholm,st=stockholm,c=se/17127753708335508683
>> Ok, the java program only found the cert. Will try to investigate why
>> it could not find the private and public keys.
> It looks ok from the PKCS#11 perspective. All the calls to SoftHSM are
> returned with a positive answer containing the information it asked
> for. There is nothing in the returned data that makes me suspect that
> Java aborts the search. See output from PKCS#11-spy.
> So I think it is more about the Java code and what that function call does.
> (If you want to handle certificates, then I recommend using SoftHSM
> trunk which now has support for it.)
> // Rickard

Mgr. Peter Hudec
Divízia stratégie a rozvoja
(Research and Development Department)
Oddelenie vývoja

SWAN a.s.
Borská 6, 841 04 Bratislava 4

More information about the Opendnssec-user mailing list