EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Error while signing remotely

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#24471
Posted: 04/08/2013 03:18:38
by kostas - (Basic support level)
Joined: 03/13/2013
Posts: 7

Hello.

I sometimes get this error while signing remotely with an applet:

SBPDF.EElPDFSecurityHandlerError: Signing failed (error -1 : The key cannot be used to sign the data.
Error: Unsupported key type: SunPKCS11-TokenName RSA private key, 2048 bits (id 236257286, token object, sensitive, unextractable))
at SBPDFSecurity.TElPDFPublicKeySecurityHandler.CompleteAsyncSign(Byte[] PreSig, TElDCAsyncState State)
at SBPDF.TElPDFDocument.CompleteAsyncOperation(Stream Stream, TElDCAsyncState AsyncState, TElPDFSecurityHandler Handler)


Do you have any idea what may be causing this? The error message is not so helpful.
I think I'm doing sth wrong in the applet, but I don't know what yet.
The signature seems to be recieved by the server and it's the right size.

Thanks.
#24472
Posted: 04/08/2013 03:41:28
by kostas - (Basic support level)
Joined: 03/13/2013
Posts: 7

OK.
I've solved it.
I don't know exactly how it affected the applet, but I should have been removing the security provider before re-adding it (in case it was in already):

Security.removeProvider(MainProvider.getName());
Security.insertProviderAt(MainProvider, 1);
#24475
Posted: 04/08/2013 04:16:08
by Ken Ivanov (EldoS Corp.)

Hello Kostas,

Thank you very much for sharing your experience with other users. We are glad that you've managed to solve the problem by yourselves.

I believe that the reason for the problem is hidden in the PKCS11 driver of the token you are using. It is likely that removing and re-adding the provider makes the driver clean up its corrupted state and succeed with a subsequent operation.
#29399
Posted: 05/08/2014 04:16:04
by Özgür Dinçer (Standard support level)
Joined: 12/27/2013
Posts: 2

I was having a similar problem. Signing was working correctly the first time the applet loaded. However, I was getting the "The key cannot be used to sign the data" error on all subsequent attempts. It did not start working again until I unplugged and replugged the USB token or caused the JVM to be unloaded (by closing the browser window). Removing and re-adding the provider did not solve this issue for me.

Turns out, I was forgetting to logout from the provider. After adding the following line after signature creation, the problem was resolved:

Code
provider.logout();


Maybe this will help somebody.
#29401
Posted: 05/08/2014 04:24:16
by Ken Ivanov (EldoS Corp.)

Hello Özgür,

Thank you very much for the insights, we really appreciate your contributions and effort to share your experience with other users.

Ken
#29404
Posted: 05/08/2014 04:57:30
by Alexander Ionov (EldoS Corp.)

Quote
Özgür Dinçer wrote:
Turns out, I was forgetting to logout from the provider. After adding the following line after signature creation, the problem was resolved:

Code

provider.logout();

We would like to add this solution to our DC applet. But unfortunately I cannot find any logout method in the java.security.Provider class. Could you please clarify what class is the provider variable of?

Thanks in advance.


--
Best regards,
Alexander Ionov
#29427
Posted: 05/12/2014 06:27:14
by Özgür Dinçer (Standard support level)
Joined: 12/27/2013
Posts: 2

Quote
Alexander Ionov wrote:
We would like to add this solution to our DC applet. But unfortunately I cannot find any logout method in the java.security.Provider class. Could you please clarify what class is the provider variable of?


Ah yes, my provider is of type sun.security.pkcs11.SunPKCS11.

I'm using that to access USB hardware security tokens. I hope that's useful.
#29430
Posted: 05/12/2014 07:20:01
by Alexander Ionov (EldoS Corp.)

Quote
Özgür Dinçer wrote:
Ah yes, my provider is of type sun.security.pkcs11.SunPKCS11.

Thank you very much.


--
Best regards,
Alexander Ionov
Also by EldoS: CallbackRegistry
A component to monitor and control Windows registry access and create virtual registry keys.

Reply

Statistics

Topic viewed 1301 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!