Pkcs11 No Slot With A Token Was Found
- Pkcs11 No Slot With A Token Was Found The First
- Pkcs11 No Slot With A Token Was Found The Most
- Pkcs11 No Slot With A Token Was Found Guilty
- Pkcs11-tool No Slot With A Token Was Found
- Pkcs11 No Slot With A Token Was Found Dead
The PKCS #11 standard defines a platform-independent API to cryptographic tokens, such as hardware security modules (HSM), smart cards, and names the API itself 'Cryptoki' (from 'cryptographic token interface' and pronounced as 'crypto-key' - but 'PKCS #11' is often used to refer to the API as well as the standard that defines it).
The API defines most commonly used cryptographic object types (RSAX.509 keys, DES/Triple DES Certificates/keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects.
This container relies on a PKCS#11 a library which handles the communication with the token/card. This can be a vendor specific library or an opensource one, please select the correct one depending on the type of token/card you are using.
Interface Summary
The Abstract PKCS #11 smartcard interface is summarized in the following snippet:
Each interface will be covered on this wiki, accompanied with example code and response objects.
It looks like the problem there is interop between ykcs11 and OpenSSL.Slot 9e is particular in the sense that the user PIN is not required (by default) to use associated private key. This means that by listing the objects with pkcs11-tool -O the private key is listed even if no user is logged in. I assume that this (reasonably?) leads OpenSSL to think that it can just use that key, and that it. No actual execution showing that two work and one doesn't. No exception handlers after each suspect line. No logging at all except in an exception handler. No debugging info showing the results of executing suspect lines. No indication of what line you even think is returning the 'nothing' you think should be returned. To facilitate the integration of native PKCS#11 tokens into the Java platform, a new cryptographic provider, the Sun PKCS#11 provider, has been introduced into the J2SE 5.0 release. This new provider enables existing applications written to the JCA and JCE APIs to access native PKCS#11 tokens. No modifications to the application are required. It also presents to applications a common, logical view of the device that is called a cryptographic token. PKCS #11 assigns a slot ID to each token. An application identifies the token that it wants to access by specifying the appropriate slot ID. For more information about PKCS #11, refer to this URL: PKCS #11 Cryptographic Token Interface. The instructions to set up softhsm are under 'Here's an example of how to set up and use SoftHSMv2' above.I'm not sure why you don't see the slots with pkcs11-tool; it works for me! Are you sure you are giving the right module path to pkcs11-tool?
Get the PKCS #11 container object
For more information on how to configure the T1C-JS client library see Client Configuration.
To set the locations of the PCKS#11 library, pass a ModuleConfig
object when initializing the client:
Then grab a reference to the pkcs11 container:
Call a function for the PKCS #11 container:
Reading data
Info
This methods returns more information about the PKCS #11 library you are using.
An example response:
Slots
This methods returns the available slots on the system.
An example response:
The flags value gives more information about the slot, possible values are
Value | Description |
---|---|
0 | Empty |
1 | Token present |
2 | Removable device |
3 | Token present + removable device |
4 | Hardware slot |
5 | Token present + hardware slot |
6 | Removable device + hardware slot |
7 | Token present + removable device + hardware slot |
32 | Unknown |
Slots with tokens present
Pkcs11 No Slot With A Token Was Found The First
This method is similar the the slots endpoint but only returns a list of slots where a token is present.
An example response:
Token
This methods returns the token information for a slot.
An example response:
Certificates
This methods allows you to retrieve the certificates from the PKCS #11 token.
An example callback:
Pkcs11 No Slot With A Token Was Found The Most
Response:
Signing data
To successfully sign data, we need the following parameters:
- Slot ID of the token to use
- Certificate ID of the signing certificate
- PIN code
- Hashed data to sign
- Hashing algorithm used
Pkcs11 No Slot With A Token Was Found Guilty
The slot id can be found using either a call to slots
, slotsWithTokenPresent
. Once the slot id is found, the certificates can be retrieved with a call to certificates
. This then returns the certificate id. Now we can combine this with the PIN code and hashed data + hashing algorithm (SHA1, SHA256, SHA384, SHA512) to create the final signData call:
signData call
Returns signed data for provided input data.
Pkcs11-tool No Slot With A Token Was Found
An example response:
verifySignedData call
This call can be used to verify if the signed data is correct. The request is similar to signData
, but we also pass in the signed hash:
An example response:
Error Handling
Error Object
The functions specified are asynchronous and always need a callback function.
The callback function will reply with a data object in case of success, or with an error object in case of an error. An example callback:
The error object returned:
Pkcs11 No Slot With A Token Was Found Dead
For the error codes and description, see Status codes.