使用HSM和SUNPKCS11进行文件签名时发生异常
[英]Exception while file signing using HSM and SUNPKCS11
问题描述
We are using the HSM(Hardware Security Module) for the signing and encryption from our java application. 
我们正在使用HSM(硬件安全模块)进行Java应用程序的签名和加密。 We have plugged the HSM to our JVM using the java.security property file using the following entry 我们使用以下条目使用java.security属性文件将HSM插入了我们的JVM
security.provider.11=sun.security.pkcs11.SunPKCS11 D:/security/safenet.cfg
It was working fine all these days and suddenly we encountered a error as follows. 这些天一切都很好,突然我们遇到了如下错误。
java.security.SignatureException: RSASignature::engineSign sun.security.pkcs11.P11Key$P11PrivateKey cannot be cast to java.security.interfaces.RSAPrivateKey
We did the enough searching on google but not able to identify the root cause. 我们在Google上进行了足够的搜索,但无法确定根本原因。
Appreciate any help 感谢任何帮助
Thanks 谢谢
1 个解决方案
解决方案1
1 已采纳 2015-04-17 06:06:58
We also encountered the same issue. 我们也遇到了同样的问题。 Specify the provider name when getting the Signing instance. 获取“签名”实例时指定提供者名称。 When code to sign using HSM is called, there may some other piece of code in your application adding another provider [Security.insertProvider] which implements the same signing algorithm. 当调用使用HSM进行签名的代码时,您的应用程序中可能还会有其他代码段添加另一个实现相同签名算法的提供程序[Security.insertProvider]。 When your sign, you pass a parameter of Private Key handler for PKCS11 but the provider is expecting different Key handler of RSA. 当您签名时,您为PKCS11传递了私钥处理程序的参数,但是提供程序期望使用RSA的其他密钥处理程序。 Resolution: When you get the HSM signing instance, specify the Security provider along with the signing algorithm. 解决方法:获取HSM签名实例时,请指定安全提供程序以及签名算法。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.