I recently bought one NitroHSM2 to use is with my Java App.
I need to perform AES Keygen, Encrypt and Decrypt on the HSM, so I installed make install the sc-hsm-embedded pkcs11 so library.
But when I start my App with library path = /usr/local/lib/libsc-hsm-pkcs11.so and slot = 0 I got this error
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_SLOT_ID_INVALID
at sun.security.pkcs11.wrapper.PKCS11.C_GetSlotInfo(Native Method) ~[jdk.crypto.cryptoki:?]
at sun.security.pkcs11.SunPKCS11.(SunPKCS11.java:370) ~[jdk.crypto.cryptoki:?]
I don’t know what to do …
It work well with opensc pkcs11 library, I can connect to the HSM and do supported operations (only asymmetric ones)
I also enabled pkcs11 debug. I can provide pkcs11 library log if need.
Please help me, I really need to get this working.
No I have not, because it worked well with another USB HSM, from another brand I used, with all cryptographic functions.
All the software was doing great, but since I started to use the sc-hsm-embedded pkcs11 shared library, it stoped working completely.
So, I assume the problem must from the sc-hsm-embedded pkcs11 shared library , since the SUN PKCS11 provider work well with at least two other pkcs11 shared library.
We are not testing integration with the SUN PKCS11 provider as we usually integrate with the OpenSC-JAVA JCE-Provider. We also maintain a dedicated JCE-Provider that works with the SmartCard-HSM natively.
I’d suggest to add PKCS11SPY to figure out what is going wrong at the interface and enable logging in the module.