java.security.NoSuchAlgorithmException: PKCS11 KeyStore not available, Trying to Enable FIPS mode using...
I'm trying to enable FIPS mode using SUNPKCS11 with NSS in Java 11. I got this exception java.security.NoSuchAlgorithmException: PKCS11 KeyStore not available.
When I tried to enable FIPS in Java 8 it works fine but doing the same in Java 11 throws the exception.
The initialization of SUNPKCS11 changed from Java 8 to Java 11.
In Java 8:
Provider provider = Security.getProvider("SunPKCS11");
provider.configure(nssConfigFile);
Java 11:
Provider provider = new sun.security.pkcs11.SunPKCS11(nssConfigFile);
Security.addProvider(nssProvider);
After the initialization of SUNPKCS11 with config file, I'm trying to get the provider from the keystore as below.
One more thing is when I initialized the SUNPKCS11, it's Provider.id.info is set to
Unconfigured and unusable PKCS11 provider , Does this has some thing to do with?
KeyStore.getInstance("SUNPKCS11");
Then here I didn't have the PKCS11 in keystore.
My config file content look as below:
name=nss-client
nssLibraryDirectory=X:XXXNSSlib
nssSecmodDirectory=X:XXXNSSdb
nssModule=fips
Do I need to change something in the config file contents or is it a bug in Java 11?
Please help me with the valuable suggestions.
java fips java-11 nss sunpkcs11
asked Nov 20 '18 at 16:55
N VN V
214
add a comment |
I'm trying to enable FIPS mode using SUNPKCS11 with NSS in Java 11. I got this exception java.security.NoSuchAlgorithmException: PKCS11 KeyStore not available.
When I tried to enable FIPS in Java 8 it works fine but doing the same in Java 11 throws the exception.
The initialization of SUNPKCS11 changed from Java 8 to Java 11.
In Java 8:
Provider provider = Security.getProvider("SunPKCS11");
provider.configure(nssConfigFile);
Java 11:
Provider provider = new sun.security.pkcs11.SunPKCS11(nssConfigFile);
Security.addProvider(nssProvider);
After the initialization of SUNPKCS11 with config file, I'm trying to get the provider from the keystore as below.
One more thing is when I initialized the SUNPKCS11, it's Provider.id.info is set to
Unconfigured and unusable PKCS11 provider , Does this has some thing to do with?
KeyStore.getInstance("SUNPKCS11");
Then here I didn't have the PKCS11 in keystore.
My config file content look as below:
name=nss-client
nssLibraryDirectory=X:XXXNSSlib
nssSecmodDirectory=X:XXXNSSdb
nssModule=fips
Do I need to change something in the config file contents or is it a bug in Java 11?
Please help me with the valuable suggestions.
java fips java-11 nss sunpkcs11
asked Nov 20 '18 at 16:55
N VN V
214
Did you take a look at SunPKCS11 provider in Java 9 ?
– nullpointer
Nov 20 '18 at 17:14
yeah but i didn't get what you are trying to mention. Do I need to pass the config params and string rather than passing file or mention the slot id?
– N V
Nov 20 '18 at 18:10
1
Thanks, it helped. I need to assign the return provider from configure method.
– N V
Nov 28 '18 at 16:11
add a comment |
I'm trying to enable FIPS mode using SUNPKCS11 with NSS in Java 11. I got this exception java.security.NoSuchAlgorithmException: PKCS11 KeyStore not available.
When I tried to enable FIPS in Java 8 it works fine but doing the same in Java 11 throws the exception.
The initialization of SUNPKCS11 changed from Java 8 to Java 11.
In Java 8:
Provider provider = Security.getProvider("SunPKCS11");
provider.configure(nssConfigFile);
Java 11:
Provider provider = new sun.security.pkcs11.SunPKCS11(nssConfigFile);
Security.addProvider(nssProvider);
After the initialization of SUNPKCS11 with config file, I'm trying to get the provider from the keystore as below.
One more thing is when I initialized the SUNPKCS11, it's Provider.id.info is set to
Unconfigured and unusable PKCS11 provider , Does this has some thing to do with?
KeyStore.getInstance("SUNPKCS11");
Then here I didn't have the PKCS11 in keystore.
My config file content look as below:
name=nss-client
nssLibraryDirectory=X:XXXNSSlib
nssSecmodDirectory=X:XXXNSSdb
nssModule=fips
Do I need to change something in the config file contents or is it a bug in Java 11?
Please help me with the valuable suggestions.
java fips java-11 nss sunpkcs11
asked Nov 20 '18 at 16:55
N VN V
214
I'm trying to enable FIPS mode using SUNPKCS11 with NSS in Java 11. I got this exception java.security.NoSuchAlgorithmException: PKCS11 KeyStore not available.
When I tried to enable FIPS in Java 8 it works fine but doing the same in Java 11 throws the exception.
The initialization of SUNPKCS11 changed from Java 8 to Java 11.
In Java 8:
Provider provider = Security.getProvider("SunPKCS11");
provider.configure(nssConfigFile);
Java 11:
Provider provider = new sun.security.pkcs11.SunPKCS11(nssConfigFile);
Security.addProvider(nssProvider);
After the initialization of SUNPKCS11 with config file, I'm trying to get the provider from the keystore as below.
One more thing is when I initialized the SUNPKCS11, it's Provider.id.info is set to
Unconfigured and unusable PKCS11 provider , Does this has some thing to do with?
KeyStore.getInstance("SUNPKCS11");
Then here I didn't have the PKCS11 in keystore.
My config file content look as below:
name=nss-client
nssLibraryDirectory=X:XXXNSSlib
nssSecmodDirectory=X:XXXNSSdb
nssModule=fips
Do I need to change something in the config file contents or is it a bug in Java 11?
Please help me with the valuable suggestions.
java fips java-11 nss sunpkcs11
java fips java-11 nss sunpkcs11
asked Nov 20 '18 at 16:55
N VN V
214
asked Nov 20 '18 at 16:55
N VN V
214
asked Nov 20 '18 at 16:55
N VN V
214
asked Nov 20 '18 at 16:55
N VN V
214
asked Nov 20 '18 at 16:55
N VN V
214
214
Did you take a look at SunPKCS11 provider in Java 9 ?
– nullpointer
Nov 20 '18 at 17:14
yeah but i didn't get what you are trying to mention. Do I need to pass the config params and string rather than passing file or mention the slot id?
– N V
Nov 20 '18 at 18:10
1
Thanks, it helped. I need to assign the return provider from configure method.
– N V
Nov 28 '18 at 16:11
add a comment |
Did you take a look at SunPKCS11 provider in Java 9 ?
– nullpointer
Nov 20 '18 at 17:14
yeah but i didn't get what you are trying to mention. Do I need to pass the config params and string rather than passing file or mention the slot id?
– N V
Nov 20 '18 at 18:10
1
Thanks, it helped. I need to assign the return provider from configure method.
– N V
Nov 28 '18 at 16:11
Did you take a look at SunPKCS11 provider in Java 9 ?
– nullpointer
Nov 20 '18 at 17:14
Did you take a look at SunPKCS11 provider in Java 9 ?
– nullpointer
Nov 20 '18 at 17:14
yeah but i didn't get what you are trying to mention. Do I need to pass the config params and string rather than passing file or mention the slot id?
– N V
Nov 20 '18 at 18:10
yeah but i didn't get what you are trying to mention. Do I need to pass the config params and string rather than passing file or mention the slot id?
– N V
Nov 20 '18 at 18:10
1
1
Thanks, it helped. I need to assign the return provider from configure method.
– N V
Nov 28 '18 at 16:11
Thanks, it helped. I need to assign the return provider from configure method.
– N V
Nov 28 '18 at 16:11
add a comment |
0
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53397862%2fjava-security-nosuchalgorithmexception-pkcs11-keystore-not-available-trying-to%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
0
active
oldest
votes
0
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53397862%2fjava-security-nosuchalgorithmexception-pkcs11-keystore-not-available-trying-to%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Did you take a look at SunPKCS11 provider in Java 9 ?
– nullpointer
Nov 20 '18 at 17:14
yeah but i didn't get what you are trying to mention. Do I need to pass the config params and string rather than passing file or mention the slot id?
– N V
Nov 20 '18 at 18:10
1
Thanks, it helped. I need to assign the return provider from configure method.
– N V
Nov 28 '18 at 16:11