Posted  by  admin

Pkcs11 No Slot With A Token Was Found

  1. Pkcs11 No Slot With A Token Was Found The First
  2. Pkcs11 No Slot With A Token Was Found The Most
  3. Pkcs11 No Slot With A Token Was Found Guilty
  4. Pkcs11-tool No Slot With A Token Was Found
  5. Pkcs11 No Slot With A Token Was Found Dead

The PKCS #11 standard defines a platform-independent API to cryptographic tokens, such as hardware security modules (HSM), smart cards, and names the API itself 'Cryptoki' (from 'cryptographic token interface' and pronounced as 'crypto-key' - but 'PKCS #11' is often used to refer to the API as well as the standard that defines it).
The API defines most commonly used cryptographic object types (RSAX.509 keys, DES/Triple DES Certificates/keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects.
This container relies on a PKCS#11 a library which handles the communication with the token/card. This can be a vendor specific library or an opensource one, please select the correct one depending on the type of token/card you are using.

Interface Summary

The Abstract PKCS #11 smartcard interface is summarized in the following snippet:

Each interface will be covered on this wiki, accompanied with example code and response objects.

It looks like the problem there is interop between ykcs11 and OpenSSL.Slot 9e is particular in the sense that the user PIN is not required (by default) to use associated private key. This means that by listing the objects with pkcs11-tool -O the private key is listed even if no user is logged in. I assume that this (reasonably?) leads OpenSSL to think that it can just use that key, and that it. No actual execution showing that two work and one doesn't. No exception handlers after each suspect line. No logging at all except in an exception handler. No debugging info showing the results of executing suspect lines. No indication of what line you even think is returning the 'nothing' you think should be returned. To facilitate the integration of native PKCS#11 tokens into the Java platform, a new cryptographic provider, the Sun PKCS#11 provider, has been introduced into the J2SE 5.0 release. This new provider enables existing applications written to the JCA and JCE APIs to access native PKCS#11 tokens. No modifications to the application are required. It also presents to applications a common, logical view of the device that is called a cryptographic token. PKCS #11 assigns a slot ID to each token. An application identifies the token that it wants to access by specifying the appropriate slot ID. For more information about PKCS #11, refer to this URL: PKCS #11 Cryptographic Token Interface. The instructions to set up softhsm are under 'Here's an example of how to set up and use SoftHSMv2' above.I'm not sure why you don't see the slots with pkcs11-tool; it works for me! Are you sure you are giving the right module path to pkcs11-tool?

Get the PKCS #11 container object

Pkcs11 no slot with a token was found dead

For more information on how to configure the T1C-JS client library see Client Configuration.
To set the locations of the PCKS#11 library, pass a ModuleConfig object when initializing the client:

Then grab a reference to the pkcs11 container:

Call a function for the PKCS #11 container:

Reading data

Info

This methods returns more information about the PKCS #11 library you are using.

Pkcs11

An example response:

Slots

This methods returns the available slots on the system.

An example response:

The flags value gives more information about the slot, possible values are

ValueDescription
0Empty
1Token present
2Removable device
3Token present + removable device
4Hardware slot
5Token present + hardware slot
6Removable device + hardware slot
7Token present + removable device + hardware slot
32Unknown

Slots with tokens present

Pkcs11 No Slot With A Token Was Found The First

This method is similar the the slots endpoint but only returns a list of slots where a token is present.

An example response:

Token

This methods returns the token information for a slot.

Pkcs11 no slot with a token was found dead

An example response:

Certificates

This methods allows you to retrieve the certificates from the PKCS #11 token.

An example callback:

Pkcs11 No Slot With A Token Was Found The Most

Response:

Signing data

Slot

To successfully sign data, we need the following parameters:

  • Slot ID of the token to use
  • Certificate ID of the signing certificate
  • PIN code
  • Hashed data to sign
  • Hashing algorithm used

Pkcs11 No Slot With A Token Was Found Guilty

The slot id can be found using either a call to slots, slotsWithTokenPresent. Once the slot id is found, the certificates can be retrieved with a call to certificates. This then returns the certificate id. Now we can combine this with the PIN code and hashed data + hashing algorithm (SHA1, SHA256, SHA384, SHA512) to create the final signData call:

signData call

Returns signed data for provided input data.

Pkcs11-tool No Slot With A Token Was Found

An example response:

verifySignedData call

This call can be used to verify if the signed data is correct. The request is similar to signData, but we also pass in the signed hash:

An example response:

Error Handling

Error Object

The functions specified are asynchronous and always need a callback function.
The callback function will reply with a data object in case of success, or with an error object in case of an error. An example callback:

The error object returned:

Pkcs11 No Slot With A Token Was Found Dead

For the error codes and description, see Status codes.