Java Access Token PKCS11 Not found Provider

Question

Hello I'm trying to access the keystore from my smartcard in Java. And I'm using the following code..

I'm using the Pkcs11 implementation of OpenSc http://www.opensc-project.org/opensc

File windows.cnf =

name=dnie
library=C:\WINDOWS\system32\opensc-pkcs11.dll

Java Code =

String configName = "windows.cnf"
 String PIN = "####";
 Provider p = new sun.security.pkcs11.SunPKCS11(configName);
 Security.addProvider(p);
 KeyStore keyStore = KeyStore.getInstance("PKCS11", "SunPKCS11-dnie");  =)(= 
 char[] pin = PIN.toCharArray();
 keyStore.load(null, pin);

When the execution goes by the line with =)(= throws me the following exception

java.security.KeyStoreException: PKCS11 not found

    at java.security.KeyStore.getInstance(KeyStore.java:635)
    at ObtenerDatos.LeerDatos(ObtenerDatos.java:52)
    at ObtenerDatos.obtenerNombre(ObtenerDatos.java:19)
    at main.main(main.java:27)
Caused by: java.security.NoSuchAlgorithmException: no such algorithm: PKCS11 for provider SunPKCS11-dnie
        at sun.security.jca.GetInstance.getService(GetInstance.java:70)
        at sun.security.jca.GetInstance.getInstance(GetInstance.java:190)
        at java.security.Security.getImpl(Security.java:662)
        at java.security.KeyStore.getInstance(KeyStore.java:632)

I think the problem is "SunPKCS11-dnie", but I don't know to put there. I had tried with a lot of combinations...

Anyone can help me...

score 8 · Answer 1 · edited Dec 03 '12 at 09:08

8

I was also getting the error as below:

Caused by: java.security.NoSuchAlgorithmException: no such algorithm: PKCS11 for provider SunPKCS11

I am running the application from a jar through bat file.

I bat file I replaced the code : java - jar sign.jar with code: java -Djava.security.debug=sunpkcs11,pkcs11 -jar SigningUtility.jar

And it solved the issue.

edited Dec 03 '12 at 09:08

SchmitzIT

9,227
9
65
92

answered Dec 03 '12 at 08:51

BK Elizabeth

479
5
15

I don't see how giving the debug options would resolve this issue. Possibly you called this from a different working directory? – Maarten Bodewes Jul 26 '14 at 14:09
Adding the `-Djava.security.debug=sunpkcs11,pkcs11` also worked for me (without any other changes to working dir or java executable -- using java 8 BTW). – Fabio Zadrozny Mar 17 '18 at 17:28

score 4 · Accepted Answer · edited May 23 '17 at 12:33

4

I am not sure the problem is the name. It looks correct. ColinD's suggestion to pass the Provider instance should rule it out as a problem.

I am guessing that the problem is with the PKCS11 support. Like, you don't have a card in your reader, or the native code cannot access the reader. Have you tried using this driver in conjunction with some "known good" software, like Firefox or Thunderbird's security modules?

edited May 23 '17 at 12:33

Community

1
1

answered Jan 28 '11 at 23:40

erickson

265,237
58
395
493

1

I found the .dll for my smartCard reader (asepkcs.dll). And I tried again with the same code (with the @ColinD's recomendations) and Works! So the problem was the .dll . You have to have the correct dll for you device. – oracleruiz Feb 10 '11 at 17:55

ColinD · Answer 3 · 2011-01-30T20:37:22.167

3

Why don't you just pass the Provider directly as the second argument to KeyStore.getInstance(String, Provider). In your code you'd just do:

KeyStore keyStore = KeyStore.getInstance("PKCS11", p);

edited Jan 30 '11 at 20:37

answered Jan 28 '11 at 23:30

ColinD

108,630
30
201
202

Good suggestion. This is how I do it. Although the name looks correct in the code, it would be good to eliminate naming as a problem. – erickson Jan 28 '11 at 23:38
What do you mean exactly? maybe, KeyStore keyStore = KeyStore.getInstance("PKCS11", "opensc") ?? – oracleruiz Jan 30 '11 at 20:02
2

@oracleruiz: `KeyStore` has an overload of `getInstance` that takes a `Provider` directly as the second argument: [KeyStore.getInstance(String, Provider)](http://download.oracle.com/javase/1.5.0/docs/api/java/security/KeyStore.html#getInstance%28java.lang.String,%20java.security.Provider%29). See my edit, though @erickson is right that it could be something else in which case that would still fail. – ColinD Jan 30 '11 at 20:34
@oracleruiz: Yeah. Looking at it further, this exception is pretty much exactly what I see when there's no card in the reader. – ColinD Jan 31 '11 at 22:17

score -1 · Answer 4 · edited Dec 04 '16 at 07:58

Try the below code:

// Create instance of SunPKCS11 provider
String pkcs11Config = "name=eToken\nlibrary=C:\\Windows\\System32\\eps2003csp11.dll";
java.io.ByteArrayInputStream pkcs11ConfigStream = new java.io.ByteArrayInputStream(pkcs11Config.getBytes());
sun.security.pkcs11.SunPKCS11 providerPKCS11 = new sun.security.pkcs11.SunPKCS11(pkcs11ConfigStream);
java.security.Security.addProvider(providerPKCS11);

// Get provider KeyStore and login with PIN
String pin = "12345678";
java.security.KeyStore keyStore = java.security.KeyStore.getInstance("PKCS11", providerPKCS11);
keyStore.load(null, pin.toCharArray());

it is working fine for me.

Java Access Token PKCS11 Not found Provider

4 Answers4

Linked