时间戳

首页 > 解决方案 > 如何通过 SUNPKCS 提供商从 hsm 获取 al 别名?

pkcs#11 - 如何通过 SUNPKCS 提供商从 hsm 获取 al 别名?

问题描述

我想从 hsm 获取我的所有关键别名,但我收到此错误消息:

Exception in thread "main" java.io.IOException: load failed
    at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:778)
    at java.security.KeyStore.load(KeyStore.java:1445)
    at eracom.provider.ProCrypt.main(ProCrypt.java:99)
    Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: 
    CKR_OBJECT_HANDLE_INVALID
    at sun.security.pkcs11.wrapper.PKCS11.C_GetAttributeValue(Native Method)
    at sun.security.pkcs11.P11KeyStore.mapLabels(P11KeyStore.java:2415)
    at sun.security.pkcs11.P11KeyStore.engineLoad(P11KeyStore.java:770)

如果我在 hsm 上只创建一个密钥。没有问题,我可以从 hsm 获取别名,但如果我有 2 个或更多,我会收到错误消息。如何解决?

        KeyStore keyStore = KeyStore.getInstance("PKCS11", pkcs11);
        keyStore.load(null, slotPIN);

        SecretKey key = (SecretKey) keyStore.getKey("KEY2", slotPIN);
        System.out.println("key's attributes: " + key.toString());


        java.util.Enumeration<String> aliases = keyStore.aliases();
        String alias = null;
        while (aliases.hasMoreElements()) {
            alias = aliases.nextElement();
            System.out.println("key label name : " + alias);

        }

标签: pkcs#11jcehsmjcasunpkcs11

解决方案

推荐阅读