Nitrokey HSM and EJBCA Community Edition

[p7cq]

Hi,

I am using EJBCA as a lab PKI for close to 2 years by now. Recently I managed to obtain a HSM and my first thought was to make use of it for EJBCA.
When I try to set up keys before ant runinstall I get the error below when generating keys:

$ pkcs11HSM.sh generate /usr/lib64/pkcs11/opensc-pkcs11.so 4096 defaultKey 0
Using Slot Reference Type: Slot Number.
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.cesecore.keys.token.p11.SunP11SlotListWrapper (file:/opt/ejbca/dist/clientToolBox/lib/cesecore-common.jar) to method sun.security.pkcs11.wrapper.PKCS11.getInstance(java.lang.String,java.lang.String,sun.security.pkcs11.wrapper.CK_C_INITIALIZE_ARGS,boolean)
WARNING: Please consider reporting this to the maintainers of org.cesecore.keys.token.p11.SunP11SlotListWrapper
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
PKCS11 Token [SunPKCS11-opensc-pkcs11.so-slot0] Password:
2022-11-22 18:36:01,664 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA256WithRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing certificate failed: cannot create signer: no such algorithm: SHA256WITHRSA for provider SunPKCS11-opensc-pkcs11.so-slot0
sun.security.pkcs11.P11PSSSignature@6dd93a21: Calling C_SignUpdate
2022-11-22 18:36:01,820 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA256withRSAandMGF1' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DATA_LEN_RANGE
sun.security.pkcs11.P11PSSSignature@368d5c00: Calling C_SignUpdate
2022-11-22 18:36:01,970 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA384withRSAandMGF1' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DATA_LEN_RANGE
sun.security.pkcs11.P11PSSSignature@12a160c2: Calling C_SignUpdate
2022-11-22 18:36:02,127 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA512withRSAandMGF1' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DATA_LEN_RANGE
2022-11-22 18:36:02,130 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA384WithRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing certificate failed: cannot create signer: no such algorithm: SHA384WITHRSA for provider SunPKCS11-opensc-pkcs11.so-slot0
2022-11-22 18:36:02,133 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA512WithRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing certificate failed: cannot create signer: no such algorithm: SHA512WITHRSA for provider SunPKCS11-opensc-pkcs11.so-slot0
2022-11-22 18:36:02,136 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA3-256withRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing certificate failed: cannot create signer: no such algorithm: 2.16.840.1.101.3.4.3.14 for provider SunPKCS11-opensc-pkcs11.so-slot0
2022-11-22 18:36:02,138 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA3-384withRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing certificate failed: cannot create signer: no such algorithm: 2.16.840.1.101.3.4.3.15 for provider SunPKCS11-opensc-pkcs11.so-slot0
2022-11-22 18:36:02,141 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA3-512withRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing certificate failed: cannot create signer: no such algorithm: 2.16.840.1.101.3.4.3.16 for provider SunPKCS11-opensc-pkcs11.so-slot0
2022-11-22 18:36:02,143 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] No valid signing algorithm found for the provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'.
Command could not be executed. See log for stack trace.
2022-11-22 18:36:02,148 ERROR [org.ejbca.ui.cli.HSMKeyTool] Command 'PKCS11HSMKeyTool generate /usr/lib64/pkcs11/opensc-pkcs11.so 4096 defaultKey 0' could not be executed.
org.cesecore.keys.KeyCreationException: Can't create keystore because dummy certificate chain creation failed.
        at org.cesecore.keys.util.KeyStoreTools.generateKeyPair(KeyStoreTools.java:471) ~[cesecore-common.jar:EJBCA 7.10.0.2 Community (31768d4428323576dd0466388ed69cabf5cb779d)]
        at org.cesecore.keys.util.KeyStoreTools.generateRSA(KeyStoreTools.java:302) ~[cesecore-common.jar:EJBCA 7.10.0.2 Community (31768d4428323576dd0466388ed69cabf5cb779d)]
        at org.cesecore.keys.util.KeyStoreTools.generateKeyPair(KeyStoreTools.java:362) ~[cesecore-common.jar:EJBCA 7.10.0.2 Community (31768d4428323576dd0466388ed69cabf5cb779d)]
        at org.ejbca.ui.cli.HSMKeyTool.doIt(HSMKeyTool.java:243) ~[clientToolBox.jar:EJBCA 7.10.0.2 Community (31768d4428323576dd0466388ed69cabf5cb779d)]
        at org.ejbca.ui.cli.HSMKeyTool.execute(HSMKeyTool.java:730) [clientToolBox.jar:EJBCA 7.10.0.2 Community (31768d4428323576dd0466388ed69cabf5cb779d)]
        at org.ejbca.ui.cli.ClientToolBox.executeIfSelected(ClientToolBox.java:40) [clientToolBox.jar:EJBCA 7.10.0.2 Community (31768d4428323576dd0466388ed69cabf5cb779d)]
        at org.ejbca.ui.cli.ClientToolBox.main(ClientToolBox.java:72) [clientToolBox.jar:EJBCA 7.10.0.2 Community (31768d4428323576dd0466388ed69cabf5cb779d)]
Caused by: java.security.cert.CertificateException: Self signing of certificate failed.
        at org.cesecore.keys.util.KeyStoreTools.getSelfCertificate(KeyStoreTools.java:201) ~[cesecore-common.jar:EJBCA 7.10.0.2 Community (31768d4428323576dd0466388ed69cabf5cb779d)]
        at org.cesecore.keys.util.KeyStoreTools.generateKeyPair(KeyStoreTools.java:454) ~[cesecore-common.jar:EJBCA 7.10.0.2 Community (31768d4428323576dd0466388ed69cabf5cb779d)]
        ... 6 more

However, the key was created on the HSM

Private RSA Key [priv-defaultKey]
        Object Flags   : [0x03], private, modifiable
        Usage          : [0x2E], decrypt, sign, signRecover, unwrap
        Access Flags   : [0x1D], sensitive, alwaysSensitive, neverExtract, local
        Algo_refs      : 0
        ModLength      : 4096
        Key ref        : 2 (0x02)
        Native         : yes
        Auth ID        : 01
        ID             : 2cb474526c99d411844fb17e449a39d57a43a676
        MD:guid        : 171b84a7-d10d-a287-d607-74ce5ea8d7cd

I am using OpenJDK 11.0.17, EJBCA CE 7.10.0.2, NitroKey HSM 2.

Is this HSM supported by EJBCA CE? Am I using the wrong command?

Any hint would be greatly appreciated.

[hesunmark]

Hello,

I stumbled upon the same issue with SunPKCS11(used by EJBCA CE) and NitroKey recently. However, I never got the the bottom of it. Will let you know if I make any progress.

[p7cq]

Thanks!

The workaround I found was to use Java 8; I was able to finalize installation and access the web UI.

You lose TLSv1.3 capability with Java 8 though.

[hesunmark]

Thanks for letting me know! Will try the same and hopefully we can get it running with JDK 11 / 17 in the future.

[p7cq]

Tested with 7.11.0.0 but nothing changed - the same error is thrown when attempting to create the key.

[ghost]

I'm able to create a custom docker image that uses Java 11.0.2 and EJBCA 7.11 which supports both RSA and ECDSA keys.
Upgrading to a newer release of java breaks the cryptotokens as mentioned in the examples above.
My setup also uses a Nitro HSM2, PKCS11/OpenSC as transport.

I'm suspecting a relation with https://bugs.openjdk.org/browse/JDK-8176837

[primetomas]

That is interesting yes, in that case it may be a bug in their PKCS#11 provider, if they don't list the appropriate mechanisms. I know of some historical issue, when SunPKCS11 started checking RSA key length limitations from getMechanismInfo, and nCipher isted max 4096 bit, while actually supporting larger.
You can see what the P11 driver responds to getMechanismInfo by running it through i.e. P11Spy or pkcs11-logger.

[ghost]

I am able to produce log files using p11spy, but I don't feel confident interpreting the output.

As far as I can see the results are opposite of what I expected.

for Java 11.0.2 I get:

# log.2 for 11.0.2, grep matches output for C_GetMechanismInfo
$ grep ^CKM log.2 | sort | uniq
CKM_RSA_PKCS                  : min:1024 max:4096 flags:0x2A01 ( Hardware Decrypt Sign Verify )

but for Java 11.0.17 I get:

$ grep ^CKM log.17 | sort | uniq
CKM_ECDH1_COFACTOR_DERIVE     : min:192 max:521 flags:0x1D80001 ( Hardware Derive F(P) EcParams NamedCurve Uncompress )
CKM_ECDH1_DERIVE              : min:192 max:521 flags:0x1D80001 ( Hardware Derive F(P) EcParams NamedCurve Uncompress )
CKM_ECDSA                     : min:192 max:521 flags:0x1D00801 ( Hardware Sign F(P) EcParams NamedCurve Uncompress )
CKM_ECDSA_SHA1                : min:192 max:521 flags:0x1D00801 ( Hardware Sign F(P) EcParams NamedCurve Uncompress )
CKM_EC_KEY_PAIR_GEN           : min:192 max:521 flags:0x1D10001 ( Hardware KeyPair F(P) EcParams NamedCurve Uncompress )
CKM_GOSTR3411                 : min:0 max:0 flags:0x400 ( Digest )
CKM_MD5                       : min:0 max:0 flags:0x400 ( Digest )
CKM_MD5_RSA_PKCS              : min:1024 max:4096 flags:0x2800 ( Sign Verify )
CKM_RIPEMD160                 : min:0 max:0 flags:0x400 ( Digest )
CKM_RIPEMD160_RSA_PKCS        : min:1024 max:4096 flags:0x2800 ( Sign Verify )
CKM_RSA_PKCS_KEY_PAIR_GEN     : min:1024 max:4096 flags:0x10000 ( KeyPair )
CKM_RSA_PKCS                  : min:1024 max:4096 flags:0x2A01 ( Hardware Decrypt Sign Verify )
CKM_RSA_PKCS_PSS              : min:1024 max:4096 flags:0x2801 ( Hardware Sign Verify )
CKM_RSA_X_509                 : min:1024 max:4096 flags:0x2A01 ( Hardware Decrypt Sign Verify )
CKM_SHA_1                     : min:0 max:0 flags:0x400 ( Digest )
CKM_SHA1_RSA_PKCS             : min:1024 max:4096 flags:0x2800 ( Sign Verify )
CKM_SHA1_RSA_PKCS_PSS         : min:1024 max:4096 flags:0x2800 ( Sign Verify )
CKM_SHA256                    : min:0 max:0 flags:0x400 ( Digest )
CKM_SHA256_RSA_PKCS           : min:1024 max:4096 flags:0x2800 ( Sign Verify )
CKM_SHA256_RSA_PKCS_PSS       : min:1024 max:4096 flags:0x2800 ( Sign Verify )
CKM_SHA384                    : min:0 max:0 flags:0x400 ( Digest )
CKM_SHA384_RSA_PKCS           : min:1024 max:4096 flags:0x2800 ( Sign Verify )
CKM_SHA384_RSA_PKCS_PSS       : min:1024 max:4096 flags:0x2800 ( Sign Verify )
CKM_SHA512                    : min:0 max:0 flags:0x400 ( Digest )
CKM_SHA512_RSA_PKCS           : min:1024 max:4096 flags:0x2800 ( Sign Verify )
CKM_SHA512_RSA_PKCS_PSS       : min:1024 max:4096 flags:0x2800 ( Sign Verify )

which seems to me that .17 has more mechanisms available than .2 - I expected the mechanisms to be missing on the .17 side.

The only thing I see missing on .17 is:

152: C_SignInit
2023-01-30 12:27:09.219
[in] hSession = 0x57c2cb0
pMechanism->type=CKM_RSA_PKCS                 
[in] hKey = 0xc9d8780
Returned:  0 CKR_OK

I can see these "new" algorithms on .17:

Unknown Mechanism (00000046) : min:1024 max:4096 flags:0x2800 ( Sign Verify )
Unknown Mechanism (00000047) : min:1024 max:4096 flags:0x2800 ( Sign Verify )
Unknown Mechanism (00000255) : min:0 max:0 flags:0x400 ( Digest )

I'm a bit at loss for what to look out for and what to check for. What could be the next step?

[primetomas]

The mechanisms themselves doesn't come from Java, they are a response from the Nitrokey P11 library to the call C_GetMechanismInfo made by Java.
Full spy logs from the two versions might tell the full story.

[ghost]

Sorry for the delay. I can now present logs from a reproducible test setup.

I have produced logs for Java 11.0.2 and 11.0.17. We can see a difference in size and 11.0.17 has much longer list of mechanisms.

Java 11.0.2: working -> pkcs11spy_java11.0.2.log
Java 11.0.17: non-working -> pkcs11spy_java11.0.17.log

If the logs contain sensitive material/credentials, those are not in use outside of the test setup.

Do you have any idea what is going on there? I would have expected the 11.0.17 log to actually be shorter and missing things, but it seems to be the opposite.

One idea: the 11.0.17 setup lists broken mechanisms and the test button choses those and breaks. In the 11.0.2 setup it choses a different, but working mechanism.

[primetomas]

For these logs, what command did you run? I don't see any keypair generation command, so assuming it was not a key pair generation? (C_GenerateKeyPair)

The pMechanismList[29] is 29 items long in both cases. The difference is that .17 does C_GetMechanismInfo for all mechanisms found in the pMechanismList.

I don't see anything obvious actually. But the exact command you run to generate the logs would be helpful.

Like a "clientToolBox.sh PKCS11HSMKeyTool test"For these logs, what command did you run? I don't see any keypair generation command, so assuming it was not a key pair generation? (C_GenerateKeyPair)

The pMechanismList[29] is 29 items long in both cases. The difference is that .17 does C_GetMechanismInfo for all mechanisms found in the pMechanismList.

I don't see anything obvious actually. But the exact command you run to generate the logs would be helpful.

Like a "clientToolBox.sh PKCS11HSMKeyTool test"

[ghost]

We used the "test" Button on the Cryptotokens Interface of the EJBA Administation WebUI. It should compare to your "clientToolBox.sh" command.

The key generation in the cryptotoken Interface also fails, but we did not provide logs for that.

I will try to find time to create logs for the "cryptotoken createn" case too.

[ghost]

Aside from that: Using the Java .2 version allowed me to create the cryptotokens, those stay visible with .17 but the test button breaks. I expect the token creation to break as well if starting from a clean setup. I have avoided to create new tokens each time in order to not strain the hardware.

My next test case is:

• Remove existing tokens from hardware
• Plain new ejbca 7 + Java 11.0.2 => create tokens and provide logs
• Remove existing tokens from hardware
• Plain new ejbca 7 + Java 11.0.17 => create tokens and provide logs

Especially I'd like to avoid a complete factory reset of the HSM hardware if that's ok.

[primetomas]

It's always easier to run test with clientToolBox than the UI, it is much cleaner. Using the UI will do a lot of unnecessary things. ClientToolBox is quick, easy, clean tests.

On an existing HSM with some keys on it, that works with .2, I would like to see
"clientToolBox PKCS11HSMKeyTool test" from both versions.

"clientToolBox PKCS11HSMKeyTool" is the best clean tool to do crypto token testing. If it works with this, it works in the UI 99.99% of the time.

[ghost]

This means modifying the Dockerfile to create "-devel" container variants first. I will do that, but I cannot promise results for this week, but I will try.

[primetomas]

For testing the Nitrokey specifically you could just run clientToolBox on a laptop, it's just a standalone local command that does not need EJBCA running at all.

[ghost]

I will give it a try

[ghost]

Output of ejbcaClientToolbox.sh PKCS11HSMKeyTool test ... with a container based on java 11.0.17:

 ./ejbcaClientToolBox.sh PKCS11HSMKeyTool test /usr/lib64/pkcs11/opensc-pkcs11.so i0
Test of keystore with ID i0.
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.cesecore.keys.token.p11.SunP11SlotListWrapper (file:/opt/ejbca/dist/clientToolBox/lib/cesecore-common.jar) to method sun.security.pkcs11.wrapper.PKCS11.getInstance(java.lang.String,java.lang.String,sun.security.pkcs11.wrapper.CK_C_INITIALIZE_ARGS,boolean)
WARNING: Please consider reporting this to the maintainers of org.cesecore.keys.token.p11.SunP11SlotListWrapper
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
PKCS11 Token [SunPKCS11-opensc-pkcs11.so-slot0] Password: 

Testing of key: testRSA2048
Private part:
SunPKCS11-opensc-pkcs11.so-slot0 RSA private key, 2048 bitstoken object, sensitive, unextractable)
RSA key:
  modulus: 8e52371dbfaa0962409358de4effded303049d55812f4ad067329ac45d0285fc14c4c93d0664cecb3208a290544baf44df57c896fe500f818215ed4c0768684b6a5dfa14ad78d1775f5bde7f8e7eb7ba684a5d1ce714ef0ee0c15925c4e8f65850b8556dedac85fa8e686fda02de5478ad84c18f4507b887315c98a8a56285ad52be3f0035a2419128797851a8b88f6fdd8676533833e0277bad70355cdb6ff408376f11e4d5653c26d8bac176a081b3108f44d697c933951ba58e216138c243401c0c629e2f002bd242fc592a0fd9f8c39ceb3b8e8fd9fc62f0637192441dff98db3fb5ef87e841116903700a818014001fefe08edb6100951ecb2b31b37dfd
  public exponent: 10001
Security related private key attributes:  No CESeCoreUtils in classpath.
java.security.NoSuchAlgorithmException: No such algorithm: RSA/ECB/PKCS1Padding
	at java.base/javax.crypto.Cipher.getInstance(Cipher.java:725)
	at java.base/javax.crypto.Cipher.getInstance(Cipher.java:625)
	at org.ejbca.ui.cli.KeyStoreContainerTest$Crypto.prepare(KeyStoreContainerTest.java:237)
	at org.ejbca.ui.cli.KeyStoreContainerTest$NormalTest.test(KeyStoreContainerTest.java:492)
	at org.ejbca.ui.cli.KeyStoreContainerTest$NormalTest.doIt(KeyStoreContainerTest.java:516)
	at org.ejbca.ui.cli.KeyStoreContainerTest.startNormal(KeyStoreContainerTest.java:145)
	at org.ejbca.ui.cli.KeyStoreContainerTest.test(KeyStoreContainerTest.java:84)
	at org.ejbca.ui.cli.HSMKeyTool.doIt(HSMKeyTool.java:670)
	at org.ejbca.ui.cli.HSMKeyTool.execute(HSMKeyTool.java:730)
	at org.ejbca.ui.cli.ClientToolBox.executeIfSelected(ClientToolBox.java:40)
	at org.ejbca.ui.cli.ClientToolBox.main(ClientToolBox.java:72)
2023-03-09 10:33:08,620 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA1WithRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,621 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA1withRSAandMGF1' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,621 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA256WithRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,621 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA256withRSAandMGF1' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,622 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA384withRSAandMGF1' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,622 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA512withRSAandMGF1' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,623 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA384WithRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,623 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA512WithRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,623 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA3-256withRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,623 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA3-384withRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,624 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA3-512withRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,624 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] No valid signing algorithm found for the provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'.
java.security.GeneralSecurityException: Not possible to find working signing algorithm for key with alias 'testRSA2048' using the provider 'SunPKCS11-opensc-pkcs11.so-slot0'.
	at org.ejbca.ui.cli.KeyStoreContainerTest$Sign.<init>(KeyStoreContainerTest.java:351)
	at org.ejbca.ui.cli.KeyStoreContainerTest$NormalTest.doIt(KeyStoreContainerTest.java:524)
	at org.ejbca.ui.cli.KeyStoreContainerTest.startNormal(KeyStoreContainerTest.java:145)
	at org.ejbca.ui.cli.KeyStoreContainerTest.test(KeyStoreContainerTest.java:84)
	at org.ejbca.ui.cli.HSMKeyTool.doIt(HSMKeyTool.java:670)
	at org.ejbca.ui.cli.HSMKeyTool.execute(HSMKeyTool.java:730)
	at org.ejbca.ui.cli.ClientToolBox.executeIfSelected(ClientToolBox.java:40)
	at org.ejbca.ui.cli.ClientToolBox.main(ClientToolBox.java:72)
Signing not possible with this key. See exception.
Crypto not possible with this key. See exception

Testing of key: testRSA4096
Private part:
SunPKCS11-opensc-pkcs11.so-slot0 RSA private key, 4096 bitstoken object, sensitive, unextractable)
RSA key:
  modulus: 9e88b90f9db790092c22a5f9f5dd719c0a4fd87398ad65c53d2b9635ce27d230ba3bd84bcb35f9f57977a68aa6774e8a7704d9abb6ec0fd13950e58dfe4e7d61c2ce847d19e1673deb4588f5e13e2ae119bdf01b75c59c6b511260dd259144b9f5e1c2fddcdbe495377a38e5f30fa9fe51bd10ffed4cbab57a2e2152b1cad2380a21a353df03d16518653054a2f11a09c1726a51c31df184dd9be242f388c1c47135d84f17a9c89e77e44377e724efcff2d23825331fb8f317f3d2328c19c819b05296b0c85f54f272c421e12c96c197f48a0659ed309f3a400d75678ed0a8c6e3ed18c8a348573b1551142c6f4d80e2c2daec88bac05e6707bb2f5c6725404688bd0c95243bc5baaa034ffbc43e9d87fd896cdb85059dff13b0847bf5d130c30415401135240817a904e662f8a4490e62602e1cd455c798be799074a9f590fd0f6a89178cb22370a2d809800ab4cc2151079f9f79e461bf6a866886541be728bcd594879a3f3042299b197148b579dcabb01e66590ca423fb0d8e254cc2dcf90e25915e8a57b4ad20e55980512c2d2294de7429a892c843f0c352beaf61525d5d3b7c47732e361b4e56bc0763f8069bf1ca9a55c623b86107744033fa4b27f38db45e5be17934fa9ff353583d2dd885e465316205446dad80b92a618300af30b39b1564b0e6817602f8890d366435afdc8c70039faa6cdca165689868867685
  public exponent: 10001
Security related private key attributes:  No CESeCoreUtils in classpath.
java.security.NoSuchAlgorithmException: No such algorithm: RSA/ECB/PKCS1Padding
	at java.base/javax.crypto.Cipher.getInstance(Cipher.java:725)
	at java.base/javax.crypto.Cipher.getInstance(Cipher.java:625)
	at org.ejbca.ui.cli.KeyStoreContainerTest$Crypto.prepare(KeyStoreContainerTest.java:237)
	at org.ejbca.ui.cli.KeyStoreContainerTest$NormalTest.test(KeyStoreContainerTest.java:492)
	at org.ejbca.ui.cli.KeyStoreContainerTest$NormalTest.doIt(KeyStoreContainerTest.java:516)
	at org.ejbca.ui.cli.KeyStoreContainerTest.startNormal(KeyStoreContainerTest.java:145)
	at org.ejbca.ui.cli.KeyStoreContainerTest.test(KeyStoreContainerTest.java:84)
	at org.ejbca.ui.cli.HSMKeyTool.doIt(HSMKeyTool.java:670)
	at org.ejbca.ui.cli.HSMKeyTool.execute(HSMKeyTool.java:730)
	at org.ejbca.ui.cli.ClientToolBox.executeIfSelected(ClientToolBox.java:40)
	at org.ejbca.ui.cli.ClientToolBox.main(ClientToolBox.java:72)
2023-03-09 10:33:08,628 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA1WithRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,629 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA1withRSAandMGF1' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,629 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA256WithRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,630 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA256withRSAandMGF1' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,630 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA384withRSAandMGF1' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,630 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA512withRSAandMGF1' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,631 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA384WithRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,631 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA512WithRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,631 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA3-256withRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,631 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA3-384withRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,632 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA3-512withRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,633 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] No valid signing algorithm found for the provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'.
java.security.GeneralSecurityException: Not possible to find working signing algorithm for key with alias 'testRSA4096' using the provider 'SunPKCS11-opensc-pkcs11.so-slot0'.
	at org.ejbca.ui.cli.KeyStoreContainerTest$Sign.<init>(KeyStoreContainerTest.java:351)
	at org.ejbca.ui.cli.KeyStoreContainerTest$NormalTest.doIt(KeyStoreContainerTest.java:524)
	at org.ejbca.ui.cli.KeyStoreContainerTest.startNormal(KeyStoreContainerTest.java:145)
	at org.ejbca.ui.cli.KeyStoreContainerTest.test(KeyStoreContainerTest.java:84)
	at org.ejbca.ui.cli.HSMKeyTool.doIt(HSMKeyTool.java:670)
	at org.ejbca.ui.cli.HSMKeyTool.execute(HSMKeyTool.java:730)
	at org.ejbca.ui.cli.ClientToolBox.executeIfSelected(ClientToolBox.java:40)
	at org.ejbca.ui.cli.ClientToolBox.main(ClientToolBox.java:72)
Signing not possible with this key. See exception.
Crypto not possible with this key. See exception

Testing of key: testRSA1024
Private part:
SunPKCS11-opensc-pkcs11.so-slot0 RSA private key, 1024 bitstoken object, sensitive, unextractable)
RSA key:
  modulus: deb3cdf85e71eddba73e1a00345bb6cb117150125f5eb3df29b59eb035401c220907ea4c417612c40313382eb660f3990092f31da8e99ec8e00249864faf37b56a36efa922d8348cc51c8c1f02063929b9ed228de005c4f483aaa0d38db5da95e49233d469f11408c2b5df7945235d8c45a93e6021e30cc634dba59403f8086d
  public exponent: 10001
Security related private key attributes:  No CESeCoreUtils in classpath.
java.security.NoSuchAlgorithmException: No such algorithm: RSA/ECB/PKCS1Padding
	at java.base/javax.crypto.Cipher.getInstance(Cipher.java:725)
	at java.base/javax.crypto.Cipher.getInstance(Cipher.java:625)
	at org.ejbca.ui.cli.KeyStoreContainerTest$Crypto.prepare(KeyStoreContainerTest.java:237)
	at org.ejbca.ui.cli.KeyStoreContainerTest$NormalTest.test(KeyStoreContainerTest.java:492)
	at org.ejbca.ui.cli.KeyStoreContainerTest$NormalTest.doIt(KeyStoreContainerTest.java:516)
	at org.ejbca.ui.cli.KeyStoreContainerTest.startNormal(KeyStoreContainerTest.java:145)
	at org.ejbca.ui.cli.KeyStoreContainerTest.test(KeyStoreContainerTest.java:84)
	at org.ejbca.ui.cli.HSMKeyTool.doIt(HSMKeyTool.java:670)
	at org.ejbca.ui.cli.HSMKeyTool.execute(HSMKeyTool.java:730)
	at org.ejbca.ui.cli.ClientToolBox.executeIfSelected(ClientToolBox.java:40)
	at org.ejbca.ui.cli.ClientToolBox.main(ClientToolBox.java:72)
2023-03-09 10:33:08,636 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA1WithRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,637 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA1withRSAandMGF1' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,638 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA256WithRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,638 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA256withRSAandMGF1' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,639 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA384withRSAandMGF1' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,639 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA512withRSAandMGF1' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,640 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA384WithRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,641 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA512WithRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,642 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA3-256withRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,642 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA3-384withRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,642 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA3-512withRSA' not working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'. Exception: Signing failed
2023-03-09 10:33:08,643 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] No valid signing algorithm found for the provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'.
java.security.GeneralSecurityException: Not possible to find working signing algorithm for key with alias 'testRSA1024' using the provider 'SunPKCS11-opensc-pkcs11.so-slot0'.
	at org.ejbca.ui.cli.KeyStoreContainerTest$Sign.<init>(KeyStoreContainerTest.java:351)
	at org.ejbca.ui.cli.KeyStoreContainerTest$NormalTest.doIt(KeyStoreContainerTest.java:524)
	at org.ejbca.ui.cli.KeyStoreContainerTest.startNormal(KeyStoreContainerTest.java:145)
	at org.ejbca.ui.cli.KeyStoreContainerTest.test(KeyStoreContainerTest.java:84)
	at org.ejbca.ui.cli.HSMKeyTool.doIt(HSMKeyTool.java:670)
	at org.ejbca.ui.cli.HSMKeyTool.execute(HSMKeyTool.java:730)
	at org.ejbca.ui.cli.ClientToolBox.executeIfSelected(ClientToolBox.java:40)
	at org.ejbca.ui.cli.ClientToolBox.main(ClientToolBox.java:72)
Signing not possible with this key. See exception.
Crypto not possible with this key. See exception

Testing of key: testP384
Private part:
SunPKCS11-opensc-pkcs11.so-slot0 EC private key, 384 bitstoken object, sensitive, unextractable)
Elliptic curve key:
  Named curve: P-384
  the affine x-coordinate: 32dc9ff5a3ea5c4c3401c28c2e83ccb6df05f89746ec2084d443842abcd1af44dbe4c0d4ee2bbd0e35d5346b00501ef5
  the affine y-coordinate: 5f428e16121e5afbe2e1c3e69691086b3e0448646618668b56685c8d75d76ded6e6439aae103f67eb53135d23d04dcf7
Security related private key attributes:  No CESeCoreUtils in classpath.
2023-03-09 10:33:08,889 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA384withECDSA' working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'.
Signature test of key testP384: signature length 104; first byte 30; verifying true
Signings per second: 6
No encryption possible with this key.

Testing of key: testP256
Private part:
SunPKCS11-opensc-pkcs11.so-slot0 EC private key, 256 bitstoken object, sensitive, unextractable)
Elliptic curve key:
  Named curve: P-256
  the affine x-coordinate: ca45b4f24f6737f6e33e819a0bb69e0926b4f60796dca28f578c7282fec87901
  the affine y-coordinate: 7c78536a0ff560c0f2bd3db5c298132bd830b6a1fb467c831db2ffcea1d3532e
Security related private key attributes:  No CESeCoreUtils in classpath.
2023-03-09 10:33:09,444 INFO  [org.cesecore.keys.util.SignWithWorkingAlgorithm] Signature algorithm 'SHA256withECDSA' working for provider 'SunPKCS11-opensc-pkcs11.so-slot0 version 11'.
Signature test of key testP256: signature length 72; first byte 30; verifying true
Signings per second: 8
No encryption possible with this key.

[ghost]

I'm only noticing references to RSA/ECB/PKCS1Padding, but that's it. Does this help you?

I notice the comments in discussion 100 to be very similar and a release of 7.10.1 was promised to address such an issue. We're testing with 7.11. I do not know if those are related.

[primetomas]

I managed to find my Nitrokey HSM now and ran some tests myself. For some reason RSA using the Java PKCS#11 provider does not work. You can do just a signing test with:
./ejbcaClientToolBox.sh PKCS11HSMKeyTool test /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so 0 1:10 rsaKey2048

But using P11NG (which is Enterprise unfortunately) it does work.
./p11ng-cli.sh signperformancetest --lib-file /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so --slot 0 --password 648219 --time-limit 5000 --alias rsaKey2048 --signature-algorithm SHA256WithRSA

So there is nothing bad with the HSM or P11 driver, or Java per se.

So either Java must have changed something, or opensc. I will see if I can figure out more, although it's always a PITA to debug PKCS#11.

[primetomas]

EC works though with Java PKCS#11 Provider as well, which is odd...

[primetomas]

The "fix" in issue 100 was actually for something else, Java had changed parameters for for initializing the P11 library, which we fixed so that part works with all java versions. This is something else, which I assume is generic for the Java PKCS#11 provider.
(note that it works with other HSMs like SoftHSM2 and other real HSMs)

[ghost]

I think it is fair to say that we (my coworker and me) do feel with you regarding the pain with debugging p11. And it's always difficult to share enough but not too much information.

We actually had a look into the enterprise version of EJBCA a while ago, but never came to a final conclusion/solution/negotiation for reasons currently unknown to me. I think there was outstanding communication that we were waiting for or something, I'm not sure. I'm only responsible for technical aspects.

Still, I cannot wrap my head around what exactly gets broken between java 11.0.2->.17 so bad that this breaks the application.

From my experience I'd say that something is filtering available compatible methods/algorithms and the final list of available options does not match (e.g. "can be used for signing" missing etc) or another new but incompatible algorithm is being offered and chosen over the one that we'd want. I was not able to tell this from the P11 output.

Is there anything further that we can assist with?

[primetomas]

I actually found out the issue by enabling PKCS11 debugging in Java and comparing output from Nitrokey and SoftHSM2.
Using -Djava.security.debug=sunpkcs11 I discovered this message in the output, only for Nitrokey.
"DISABLED due to legacy"

The answer is here, we're not the only ones running into this :-)
https://stackoverflow.com/questions/70094324/migrating-from-jdk10-to-jdk11-sslconnection-ckr-key-type-inconsistent

So it is due to the mechanismInfo being reported back as:
Mechanism CKM_RSA_PKCS:
ulMinKeySize: 1024
ulMaxKeySize: 4096
flags: 10753 = CKF_HW | CKF_DECRYPT | CKF_SIGN | CKF_VERIFY

Where Java thinks that if it has CKF_DECRYPT it must also have CKF_ENCRYPT.

I'm not sure if this is an issue with Nitrokey or OpenSC though. The docs here doesn't say anything about it.
https://docs.nitrokey.com/hsm/linux/

There is also an unresolved issue report for it in OpenJDK: https://bugs.openjdk.org/browse/JDK-8293345
Which hints at OpenSC?

I could not find anything in Nitrokey's Github repo about it.
https://github.com/Nitrokey

That explains why it works with P11NG, because we don't disable mechanisms that the HSM provides.

[primetomas]

It seems it is OpenSC that sets meachnismInfo to only CKF_DECRYPT without CKF_ENCRYPT.
I did manage to get it working in the Admin UI, i.e. running EJBCA, by configuring pkcs11.disableHashingSignMechanisms=false in conf/cesecore.properties. Then it will use like CKM_SHA256_RSA_PKCS instead, which is ok for SIGN/VERIFY.

clientToolBox does not read and use that parameter unfortunately, so that only works in the running application. This is fixed for the next release.

Many tracks here...

[ghost]

Thanks for the thorough analysis. I will try to find time to look into this again. I think I remember opensc/pkcs11/java to allow for configuration files for overriding aspects. I think I've seen such overrides for some other HSM implementation.

[ghost]

Just a short feedback: I was unavailable and did not yet have time to spend time on this.

[ghost]

I've been trying to wrap my mine around this once more, but I'm unable to make progress.

Writing a configuration file with attributes for opensc did not improve things, albeit I only tried attribute(,...PRIVATE...,) { CKA_ENCRYPT = true} and actually have not much knowledge how this integrates. So the idea of overriding things with "Accept that this always supports encryption" seems to be a dead end for me right now.

I've tries using the smartcard-hsm driver which seems to half-way work with pkcs15-tool, but produces "empty output" when used with wildfly+ejbca.

Unfortunately I cannot map logfiles to attempts today and my concentration level isn't very high.

Any other ideas?

[primetomas]

Did you try my approach with "pkcs11.disableHashingSignMechanisms=false in conf/cesecore.properties"?
Note that clientToolBox didn't read this property until in the next release (bug fixed).

[ghost]

I have just tried this using java -Dpkcs11.... as parameters to the wildfly startup (also seeing the parameter in the process list).

This does not make a difference. My next plan is to contact the hardware vendor to verify they have implemented technical support for the required Mechanisms for CKF_ENCRYPT and really are just missing the flag. That way we will either be able to trace where it gets lost or will get added the required mechanisms if they're missing.

Chances are that CKF_ENCRYPT hasn't been set because it works anyway (until you use a recent java) or that CKF_ENCRYPT has not been set because the C_encrypt... family of functions aren't completly implemented.

I expect just a missing flag CKF_ENCRYPT because Java 11.0.2 would probably have been broken if the mechanisms weren't complete.

We might need to reevaluate p11ng later.

[ghost]

I have internally escalated this issue in order to get vendor support and will cease to work on this issue until I have feedback.

I expect this to cause a firmware update to our hardware for either the flag or adding functions.

I do think that CKF_DECRYPT without CKF_ENCRYPT is really an invalid combination for RSA mechanmisms for the expected use cases of this hardware.

[primetomas]

Maybe it's possible to modify key attributes with some other pkcs11 tool, to enable CKF_ENCRYPT as well on the key. If that is possible, it "should" start working.

[ghost]

Unfortunately that's one thing I tried already this week:

• readers.conf (pcscd)
• opensc
• sunpkcs11
  SunPKCS11 allows for a config file, usually used to override/add attributes for specific hardware. However I was not able to construct a config file that overrode the missing CKF_ENCRYPT.

[primetomas]

I think you need to actually modify the object as stored in the HSM. SunPKCS11 attributes file is just for creating new objects, setting CKA attributes. From my reading there seems to be an issue in OpenSC on this topic, and now when you say it, it's for CKF, so probably nothing that can be changed on the HSM object. That was a bad idea, sorry for the confusion.

[ghost]

I guess I will take another look.

[ghost]

No, it's fine. You're absolutely right with suggesting p11ng, I think it's the way to go for us.

[CardContact]

Can you try the SmartCard-HSM specific PKCS#11 module from here ?

While OpenSC reports

RSA-PKCS, keySize={1024,4096}, hw, decrypt, sign, verify

our module reports

RSA-PKCS, keySize={1024,4096}, hw, encrypt, decrypt, sign, verify

Maybe that solves the issue.

There is also a per key report of the capabilities and there only indicating CKF_DECRYPT is correct for a RSA private key.

CKF_DECRYPT also has nothing to do with RSA signing, so it puzzles me why sunpkcs11 is confused.

But anyway, sunpkcs11 does no have a good track record IMHO. That is why we recommend to use the native JCE Provider instead (not sure if that can be used with EJCBA though).

[p7cq]

I installed the module and pkcs11-tool has the same output as yours for OpenSC and CardContact, respectively:

$ pkcs11-tool --module /usr/lib64/pkcs11/opensc-pkcs11.so --list-mechanisms | grep " RSA-PKCS, "
Using slot 0 with a present token (0x0)
  RSA-PKCS, keySize={1024,4096}, hw, decrypt, sign, verify

$ pkcs11-tool --module /usr/local/lib/libsc-hsm-pkcs11.so --list-mechanisms | grep " RSA-PKCS, "
Using slot 0 with a present token (0x1)
  RSA-PKCS, keySize={1024,4096}, hw, encrypt, decrypt, sign, verify

Unfortunately, pkcs11HSM.sh still fails:

$ pkcs11HSM.sh generate /usr/local/lib/libsc-hsm-pkcs11.so 4096 schsmTestKey i0
Using Slot Reference Type: Slot Index.
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by org.cesecore.keys.token.p11.SunP11SlotListWrapper (file:/opt/ejbca/dist/clientToolBox/lib/cesecore-common.jar) to method sun.security.pkcs11.wrapper.PKCS11.getInstance(java.lang.String,java.lang.String,sun.security.pkcs11.wrapper.CK_C_INITIALIZE_ARGS,boolean)
WARNING: Please consider reporting this to the maintainers of org.cesecore.keys.token.p11.SunP11SlotListWrapper
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
PKCS11 Token [SunPKCS11-libsc-hsm-pkcs11.so-slot0] Password:
Command could not be executed. See log for stack trace.
2023-05-18 11:16:44,447 ERROR [org.ejbca.ui.cli.HSMKeyTool] Command 'PKCS11HSMKeyTool generate /usr/local/lib/libsc-hsm-pkcs11.so 4096 schsmTestKey i0' could not be executed.
java.security.KeyStoreException: KeyStore instantiation failed
        at java.security.KeyStore$Builder$2.getKeyStore(KeyStore.java:2240) ~[?:?]
        at org.ejbca.util.keystore.KeyStoreToolsFactory.getInstance(KeyStoreToolsFactory.java:74) ~[clientToolBox.jar:EJBCA 7.10.0.2 Community (31768d4428323576dd0466388ed69cabf5cb779d)]
        at org.ejbca.util.keystore.KeyStoreToolsFactory.getInstance(KeyStoreToolsFactory.java:48) ~[clientToolBox.jar:EJBCA 7.10.0.2 Community (31768d4428323576dd0466388ed69cabf5cb779d)]
        at org.ejbca.util.keystore.KeyStoreToolsFactory.getInstance(KeyStoreToolsFactory.java:94) ~[clientToolBox.jar:EJBCA 7.10.0.2 Community (31768d4428323576dd0466388ed69cabf5cb779d)]
        at org.ejbca.ui.cli.HSMKeyTool.doIt(HSMKeyTool.java:239) ~[clientToolBox.jar:EJBCA 7.10.0.2 Community (31768d4428323576dd0466388ed69cabf5cb779d)]
        at org.ejbca.ui.cli.HSMKeyTool.execute(HSMKeyTool.java:730) [clientToolBox.jar:EJBCA 7.10.0.2 Community (31768d4428323576dd0466388ed69cabf5cb779d)]
        at org.ejbca.ui.cli.ClientToolBox.executeIfSelected(ClientToolBox.java:40) [clientToolBox.jar:EJBCA 7.10.0.2 Community (31768d4428323576dd0466388ed69cabf5cb779d)]
        at org.ejbca.ui.cli.ClientToolBox.main(ClientToolBox.java:72) [clientToolBox.jar:EJBCA 7.10.0.2 Community (31768d4428323576dd0466388ed69cabf5cb779d)]
Caused by: java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Empty input
        at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:115) ~[?:?]
        at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:355) ~[?:?]
        at sun.security.pkcs11.P11KeyStore.loadCert(P11KeyStore.java:1193) ~[jdk.crypto.cryptoki:?]
        at sun.security.pkcs11.P11KeyStore.mapLabels(P11KeyStore.java:2361) ~[jdk.crypto.cryptoki:?]
        at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:851) ~[jdk.crypto.cryptoki:?]
        at java.security.KeyStore.load(KeyStore.java:1513) ~[?:?]
        at java.security.KeyStore$Builder$2$1.run(KeyStore.java:2210) ~[?:?]
        at java.security.KeyStore$Builder$2$1.run(KeyStore.java:2191) ~[?:?]
        at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
        at java.security.KeyStore$Builder$2.getKeyStore(KeyStore.java:2237) ~[?:?]
        ... 7 more
Caused by: java.io.IOException: Empty input
        at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:111) ~[?:?]
        at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:355) ~[?:?]
        at sun.security.pkcs11.P11KeyStore.loadCert(P11KeyStore.java:1193) ~[jdk.crypto.cryptoki:?]
        at sun.security.pkcs11.P11KeyStore.mapLabels(P11KeyStore.java:2361) ~[jdk.crypto.cryptoki:?]
        at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:851) ~[jdk.crypto.cryptoki:?]
        at java.security.KeyStore.load(KeyStore.java:1513) ~[?:?]
        at java.security.KeyStore$Builder$2$1.run(KeyStore.java:2210) ~[?:?]
        at java.security.KeyStore$Builder$2$1.run(KeyStore.java:2191) ~[?:?]
        at java.security.AccessController.doPrivileged(Native Method) ~[?:?]
        at java.security.KeyStore$Builder$2.getKeyStore(KeyStore.java:2237) ~[?:?]
        ... 7 more

When I tried to access the HSM from Java using the module I got the same error:

SunPKCS11 loading D:\pkcs11.cfg
Information for provider SunPKCS11-NitroKeyHSM
Library info:
  cryptokiVersion: 2.20
  manufacturerID: CardContact (www.cardcontact.de)
  flags: 0
  libraryDescription: SmartCard-HSM via PC/SC         
  libraryVersion: 2.12
sunpkcs11: Initializing PKCS#11 library C:/Windows/System32/sc-hsm-pkcs11.dll
All slots: 1
Slots with tokens: 1
[...]
sunpkcs11: login succeeded
java.security.cert.CertificateException: Could not parse certificate: java.io.IOException: Empty input
	at java.base/sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:115)
	at java.base/java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:355)
	at jdk.crypto.cryptoki/sun.security.pkcs11.P11KeyStore.loadCert(P11KeyStore.java:1193)
	at jdk.crypto.cryptoki/sun.security.pkcs11.P11KeyStore.mapLabels(P11KeyStore.java:2361)
	at jdk.crypto.cryptoki/sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:769)
	at java.base/java.security.KeyStore.load(KeyStore.java:1479)
	at org.example.Test.main(Test.java:24)
Caused by: java.io.IOException: Empty input
	at java.base/sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:111)
	... 6 more

This is the snippet I used (Java 11):

import javax.crypto.Cipher;
import java.security.*;
import java.util.Enumeration;

/*
VM args:
-Djava.security.debug=sunpkcs11,pkcs11keystore

pkcs11.cfg:
name = NitroKeyHSM
library = "C:/Windows/System32/sc-hsm-pkcs11.dll"
slotListIndex = 0
*/
public class Test {
    public static void main(String[] args) {
        char[] pin = "change this".toCharArray();
        String configName = "D:\\pkcs11.cfg";
        Provider p = Security.getProvider("SunPKCS11"); // add security.provider.13=SunPKCS11 in java.security
        p = p.configure(configName);
        Security.addProvider(p);
        try {
            KeyStore ks = KeyStore.getInstance("PKCS11");
            ks.load(null, pin);
            Enumeration<String> aliases = ks.aliases();
            while (aliases.hasMoreElements()) {
                String alias = aliases.nextElement();
                System.err.println(alias);
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

I guess I need to use the native JCE provider you mentioned, but I'm not sure how to use it and it wouldn't help on this issue anyway.

[p7cq]

Could not parse certificate: java.io.IOException: Empty input

Could be something wrong with the content of my HSM? Some "bad" object?

[ghost]

Could not parse certificate: java.io.IOException: Empty input

Could be something wrong with the content of my HSM? Some "bad" object?

I was getting the exactly same error message when trying the card contact driver driver for sunpkcs11.

I put the message aside and followed other tracks, because documentation points at "nitro hsm" (1) and not "nitro hsm 2".

[CardContact]

This is an issue with the SUN Provider that breaks when the module reports other certificate types than X.509.

The sc-hsm-pkcs11 module reports the device and device issuer certificates, which are Card Verifiable Certificates (CVC).

We've disabled CVCs in the default build in CardContact/sc-hsm-embedded@de28f2e

[p7cq]

Hi CardContact,

Unfortunately I cannot test this build as I wrote my own PKI and moved away from EJBCA CE in my lab a few months ago.

However, I very much appreciate your post! I use the same HSM still, no issues there.

Cheers,
p7cq

[p7cq]

I was able to generate RSA keys on Nitrokey HSM with EJBCA CE 8.0 and Java 17 (17.0.8.0.2). However, Java options in ejbcaClientToolBox.sh must be amended with --add-exports=jdk.crypto.cryptoki/sun.security.pkcs11.wrapper=ALL-UNNAMED in order for command to succeed.

[primetomas]

Thanks. Will note that in our ticket for Java 17 support.

[ghost]

Thank you for finding this out! This is great news!

Additionally, I'm confident that this workaround can be applied to the application server startup sequence. I cannot personally test this one as I just moved and my HSM device is physically unreachable for me right now.