[Opendnssec-user] PKCS11Exception: CKR_DATA_LEN_RANGE using softhsm2

roko roko98 at yahoo.com
Fri Dec 5 05:44:13 UTC 2014


Hi all
I'm getting this error:
Caused by: java.security.ProviderException: update() failed
        at sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:565)
        at sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:464)
        at sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:452)
        at javax.crypto.Cipher.update(DashoA13*..)
        at javax.crypto.CipherOutputStream.write(DashoA13*..)
        at javax.crypto.CipherOutputStream.write(DashoA13*..)
        ... 42 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DATA_LEN_RANGE
        at sun.security.pkcs11.wrapper.PKCS11.C_EncryptUpdate(Native Method)
        at sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:517)
        ... 51 more

trying to use softhsm-2.0.0b1 with SunPKCS11 (java 1.6.45).  The same code works fine with a regular java key store.  I'm doing something like this:
    public void start() {
        try {
            Provider p = new SunPKCS11(configFile);
            
            if (-1 == Security.addProvider(p)) {
                throw new RuntimeException("could not add security provider " + p.getName());
            }
            
            KeyStore keystore = KeyStore.getInstance("PKCS11", p);
            keystore.load(null, pin.toCharArray());
            key = keystore.getKey(keyAlias, pin.toCharArray());
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
    
    public InputStream getInputStream(File file) throws IOException {
        try {
            Cipher decryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            decryptCipher.init(Cipher.DECRYPT_MODE, key, new IvParameterSpec(iv));
            return new CipherInputStream(new FileInputStream(file), decryptCipher);
        } catch (Exception e) {
            throw new IOException(e);
        }
    }

    public OutputStream getOutputStream(File file) throws IOException {
        try {
            Cipher encryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            encryptCipher.init(Cipher.ENCRYPT_MODE, key, new IvParameterSpec(iv));
            return new CipherOutputStream(new FileOutputStream(file), encryptCipher);
        } catch (Exception e) {
            throw new IOException(e);
        }
    }

Is this maybe a known limitation for softhsm2 ? there is some workaround ? Thx for your help.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20141205/8d57c43c/attachment.htm>


More information about the Opendnssec-user mailing list