[Opendnssec-user] PKCS11Exception: CKR_DATA_LEN_RANGE using softhsm2

Thu, 04 Dec 2014 21:47:32 -0800 

Hi all
I'm getting this error:
Caused by: java.security.ProviderException: update() failed
        at sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:565)
        at sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:464)
        at sun.security.pkcs11.P11Cipher.engineUpdate(P11Cipher.java:452)
        at javax.crypto.Cipher.update(DashoA13*..)
        at javax.crypto.CipherOutputStream.write(DashoA13*..)
        at javax.crypto.CipherOutputStream.write(DashoA13*..)
        ... 42 more
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DATA_LEN_RANGE
        at sun.security.pkcs11.wrapper.PKCS11.C_EncryptUpdate(Native Method)
        at sun.security.pkcs11.P11Cipher.implUpdate(P11Cipher.java:517)
        ... 51 more

trying to use softhsm-2.0.0b1 with SunPKCS11 (java 1.6.45).  The same code 
works fine with a regular java key store.  I'm doing something like this:
    public void start() {
        try {
            Provider p = new SunPKCS11(configFile);
            
            if (-1 == Security.addProvider(p)) {
                throw new RuntimeException("could not add security provider " + 
p.getName());
            }
            
            KeyStore keystore = KeyStore.getInstance("PKCS11", p);
            keystore.load(null, pin.toCharArray());
            key = keystore.getKey(keyAlias, pin.toCharArray());
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
    
    public InputStream getInputStream(File file) throws IOException {
        try {
            Cipher decryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            decryptCipher.init(Cipher.DECRYPT_MODE, key, new 
IvParameterSpec(iv));
            return new CipherInputStream(new FileInputStream(file), 
decryptCipher);
        } catch (Exception e) {
            throw new IOException(e);
        }
    }

    public OutputStream getOutputStream(File file) throws IOException {
        try {
            Cipher encryptCipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
            encryptCipher.init(Cipher.ENCRYPT_MODE, key, new 
IvParameterSpec(iv));
            return new CipherOutputStream(new FileOutputStream(file), 
encryptCipher);
        } catch (Exception e) {
            throw new IOException(e);
        }
    }

Is this maybe a known limitation for softhsm2 ? there is some workaround ? Thx 
for your help.

_______________________________________________
Opendnssec-user mailing list
Opendnssec-user@lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-user

Reply via email to