-
Bug
-
Resolution: Not an Issue
-
P4
-
None
-
5.0
-
x86
-
windows_xp
FULL PRODUCT VERSION :
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
Java HotSpot(TM) Client VM (build 1.5.0-b64, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
EXTRA RELEVANT SYSTEM CONFIGURATION :
USB Security Stick iKey 3000 from Safenet
Token Administation Tool by AET ( was delievered with iKey 3000)
Product version: 2.0.3
Used dlls :
aetjcss1.dll: 2.0.0.8
-> aetpkss1.dll: 2.0.0.11 <- important for Java
aetpkssw.dll: 2.0.0.1
aetpksse.dll: 2.0.0.3
aetdlss1.dll: 2.0.0.15
aetcsss1.dll: 2.0.0.23
aetgina1.dll: 2.0.0.3
A DESCRIPTION OF THE PROBLEM :
Java and Java Keytool can't see any imported certificates on the iKey 3000.
It is possible to generate a certificate on the iKey. It's possible to export the certificate, too. But it isn't possible to import them to another iKey. The keytool thows an exception, to use an token application to import the certificates. So I used the Token Adminitstration application ( by AET ) to import the certificates. This works properly. But when I want to see the certificate with keytool, the iKey is empty. I only get listed those certificates which are generated on the iKey directly but not those which are imported. The Token Adminitstration application shows the imported certificates.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Create certificate on iKey with keytool :
keytool -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg c:\programme\java\jre1.5.0\configServer.txt -alias Test -keyAlg RSA -keysize 1024 -genkey
- the configServer.txt contains name=test and library=aetpkss1.dll
2. Export the generated certificate
keytool -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg c:\programme\java\jre1.5.0\configServer.txt -file test.cer -export
3. Try to import with keytool
keytool -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg c:\programme\java\jre1.5.0\configServer.txt -file test.cer -import
Thrown Exception :
Keytool-Fehler: java.security.KeyStoreException: java.lang.UnsupportedOperationException: trusted certificates may only be set by token initialization application
4. After using the Token Adminitstration application by AET to import the certificates.
keytool -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg c:\programme\java\jre1.5.0\configServer.txt -list
The imported certificate isn't listed.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
I expect to see the imported certificates.
ACTUAL -
I don't see the imported certificates.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
no crash
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
i used keytool
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
sorry, i didn't find someone.
###@###.### 2004-12-27 08:48:15 GMT
java version "1.5.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.5.0-b64)
Java HotSpot(TM) Client VM (build 1.5.0-b64, mixed mode, sharing)
ADDITIONAL OS VERSION INFORMATION :
Microsoft Windows XP [Version 5.1.2600]
EXTRA RELEVANT SYSTEM CONFIGURATION :
USB Security Stick iKey 3000 from Safenet
Token Administation Tool by AET ( was delievered with iKey 3000)
Product version: 2.0.3
Used dlls :
aetjcss1.dll: 2.0.0.8
-> aetpkss1.dll: 2.0.0.11 <- important for Java
aetpkssw.dll: 2.0.0.1
aetpksse.dll: 2.0.0.3
aetdlss1.dll: 2.0.0.15
aetcsss1.dll: 2.0.0.23
aetgina1.dll: 2.0.0.3
A DESCRIPTION OF THE PROBLEM :
Java and Java Keytool can't see any imported certificates on the iKey 3000.
It is possible to generate a certificate on the iKey. It's possible to export the certificate, too. But it isn't possible to import them to another iKey. The keytool thows an exception, to use an token application to import the certificates. So I used the Token Adminitstration application ( by AET ) to import the certificates. This works properly. But when I want to see the certificate with keytool, the iKey is empty. I only get listed those certificates which are generated on the iKey directly but not those which are imported. The Token Adminitstration application shows the imported certificates.
STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
1. Create certificate on iKey with keytool :
keytool -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg c:\programme\java\jre1.5.0\configServer.txt -alias Test -keyAlg RSA -keysize 1024 -genkey
- the configServer.txt contains name=test and library=aetpkss1.dll
2. Export the generated certificate
keytool -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg c:\programme\java\jre1.5.0\configServer.txt -file test.cer -export
3. Try to import with keytool
keytool -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg c:\programme\java\jre1.5.0\configServer.txt -file test.cer -import
Thrown Exception :
Keytool-Fehler: java.security.KeyStoreException: java.lang.UnsupportedOperationException: trusted certificates may only be set by token initialization application
4. After using the Token Adminitstration application by AET to import the certificates.
keytool -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg c:\programme\java\jre1.5.0\configServer.txt -list
The imported certificate isn't listed.
EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
I expect to see the imported certificates.
ACTUAL -
I don't see the imported certificates.
ERROR MESSAGES/STACK TRACES THAT OCCUR :
no crash
REPRODUCIBILITY :
This bug can be reproduced always.
---------- BEGIN SOURCE ----------
i used keytool
---------- END SOURCE ----------
CUSTOMER SUBMITTED WORKAROUND :
sorry, i didn't find someone.
###@###.### 2004-12-27 08:48:15 GMT