Problem:
When using a PKCS11 device as a keystore within an NAS2 Sender configuration to sign a message, the following error message is displayed:
DEBUG (W.SmartSend.1) {com.ibi.agents.XDNAS2EmitAgent} Error emitting NAS2: XD[FAIL] cause: 0 subcause: 0 message: java.io.IOException: java.security.InvalidKeyException: Supplied key (sun.security.
pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
at org.bouncycastle.mail.smime.SMIMESignedGenerator$ContentSigner.write(Unkn own Source)
at org.bouncycastle.mail.smime.handlers.PKCS7ContentHandler.writeTo(Unknown Source)
at javax.activation.ObjectDataContentHandler.writeTo(DataHandler.java:883)
Solution:
The problem usually results from an incorrect configuration on the NAS2 Sender side for the S/MIME JCE Cryptography Provider. Confirm that you have selected a correct provider that corresponds to your device and are not using the default "BC" provider as your selection. The following are some examples:
Provider: SunPKCS11-StarSign
Provider: SunPKCS11-nShield
Note that each PKCS11 Device will have its own corresponding S/MIME JCE Cryptography Provider. However, all of the PKCS11 based provider names start with the SunPKCS11.
iWay Software |