[英]CKR_KEY_TYPE_INCONSISTENT: when deriving signing key in FIPS mode using SunPKCS11 with NSS
环境细节:Java:openjdk-1.8.0.312 OS:RHEL8
以下是配置的安全提供程序。 SunPKCS11-NSS-FIPS、SUN 1.8、SunEC 1.8、SunJSSE 1.8
笔记:
添加新的 JCE 后问题消失。 添加 SunJCE 或 BouncyCastleFipsProvider 安全提供程序时工作。
已确认无限强度加密可用(通过 Cipher.getMaxAllowedKeyLength("AES") =~ large number)
Caused by: java.security.InvalidKeyException: init() failed at sun.security.pkcs11.P11Mac.engineInit(P11Mac.java:208) at javax.crypto.Mac.chooseProvider(Mac.java:350) at javax.crypto.Mac.init(Mac.java:415) at com.amazonaws.auth.AbstractAWSSigner.sign(AbstractAWSSigner.java:127) ... 36 common frames omitted Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_KEY_TYPE_INCONSISTENT at sun.security.pkcs11.wrapper.PKCS11.C_SignInit(Native Method) at sun.security.pkcs11.P11Mac.initialize(P11Mac.java:177) at sun.security.pkcs11.P11Mac.engineInit(P11Mac.java:206) ... 39 common frames omitted
请问有什么指点吗?
事实证明这是 RHEL8 + OpenJDK1.8 的问题,提到了解决方案/解决方法 - https://access.redhat.com/solutions/6778751
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.