EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Luna HSM Project - Current Problems

Also by EldoS: Solid File System
A virtual file system that offers a feature-rich storage for application documents and data with built-in compression and encryption.
#25797
Posted: 07/24/2013 17:08:51
by Marvin Monge (Basic support level)
Joined: 07/24/2013
Posts: 2

Hello, i need help, the company for which I work is evaluating using the libraries that you provide for a project. The project uses an Luna HSM as storage.

I'm trying to do an exercise to communicate with the HSM and see the Slots, but i have this error:

Code
Exception in thread "main" java.lang.UnsatisfiedLinkError: C:\Documents and Settings\mmongec\Desktop\SBB\sbbjni64.dll (JVMPORT015E Unable to resolve shared library references - a prerequisite shared library may be missing)
        at java.lang.ClassLoader.loadLibraryWithPath(ClassLoader.java:1018)
        at java.lang.System.load(System.java:494)
        at SecureBlackbox.Base.JNI.initialize(JNI.java:1462)
        at TestSBB.run(TestSBB.java:27)
        at TestSBB.main(TestSBB.java:20)


The line where the error occurs is:
Code
SecureBlackbox.Base.JNI.initialize("C:\\Documents and Settings\\mmongec\\Desktop\\SBB\\sbbjni64.dll");


If I try to move the DLL shows me an error about not finding the file in the path that I give.

Code
Exception in thread "main" java.lang.UnsatisfiedLinkError: C:\Documents and Settings\mmongec\Desktop\SBB\sbbjni64.dll (The specified module could not be found.)
        at java.lang.ClassLoader.loadLibraryWithPath(ClassLoader.java:1018)
        at java.lang.System.load(System.java:494)
        at SecureBlackbox.Base.JNI.initialize(JNI.java:1462)
        at TestSBB.run(TestSBB.java:27)
        at TestSBB.main(TestSBB.java:20)


I understand that the DLL seems to have any dependencies?

Running on Windows Server 2003 Enterprise x64 Edition SP2, Java Version:

Code
java version "1.6.0"
Java™ SE Runtime Environment (build pwa6460sr11ifix-20120808_01(SR11+IV25336)
)
IBM J9 VM (build 2.4, JRE 1.6.0 IBM J9 2.4 Windows Server 2003 amd64-64 jvmwa646
0sr11-20120801_118201 (JIT enabled, AOT enabled)
J9VM - 20120801_118201
JIT  - r9_20120608_24176ifx1
GC   - 20120516_AA)
JCL  - 20120713_01


The final solution to be developed is Java EE 5 environment running on IBM WebSphere 7.
#25801
Posted: 07/25/2013 01:15:24
by Vsevolod Ievgiienko (EldoS Corp.)

Thank you for contacting us.

Most likelly you have 32-bit Java version installed. The DLL doesn't have any dependencies. Try to link sbbjni32.dll
#25802
Posted: 07/25/2013 01:17:27
by Eugene Mayevski (EldoS Corp.)

Thank you for the report.

1) The DLL to use must be chosen according to whether the host process (Java itself) is 32-bit or 64-bit. If you have 32-bit Java, you need to reference 32-bit DLL

2) 32-bit DLL requires MSVCR100.dll (MSVC runtime DLL). I assume that 64-bit DLL does the same. We will fix this issue in SecureBlackbox 11, the next pre-release version of which is planned for this weekend. The changes in onfiguration have been already made.


Sincerely yours
Eugene Mayevski
#25854
Posted: 07/26/2013 16:24:04
by Marvin Monge (Basic support level)
Joined: 07/24/2013
Posts: 2

Thank you, the problem was the MSVC runtime DLL. I installed Microsoft Visual C++ 2010 Redistributable Package x64 and it works now.

I have a new problem and some questions.

This is my test code:

https://gist.github.com/mmonge/1ec1d72bfc16e8979f17

I end up with a TElPKCS11Object or a TElPKCS11CertificateObject, how do i convert them to TElX509Certificate? I did not find this in the samples, and they use TElX509Certificate for XML Sign.

I wonder if you have a sample signature XAdES-XL using Java and Luna HSM PKCS11 Storage or can you develop one for us? We cannot afford to lose much time trying to test the library, we know exactly what we need and have to solve it ASAP, we are already behind schedule. That's why we are evaluating your library solution. We would appreciate your help to move forward with the project.

How should be the objects stored in the HSM for the library works well? We develop a solution from scratch and modify the labels of objects to identify them. I don't know if this works fine with your library? Ex:

Code
>cmu list

handle=1        label=name01.cer
handle=2        label=name02.cer
handle=3        label=name01.pub
handle=4        label=name01.priv
handle=5        label=name02.pub
handle=6        label=name02.priv


And we should do something for the library to assemble the Chain of a certificate that is stored in the HSM? Or the library does it by it self?

Thank you for your help.
#25855
Posted: 07/27/2013 00:29:36
by Eugene Mayevski (EldoS Corp.)

Please use TElPKCS11CertStorage class to access certificates on the hardware device.

I will now copy the request to the HelpDesk and will provide the C# sample - XML signer that uses PKCS#11 - in HelpDesk. This sample is taken from SecureBlackbox 11 (pre-release). Right now there's no PKCS#11 sample for Java yet we hope to create one within a couple of months.

Custom sample for XAdES is a non-trivial thing because there are plenty of ways to prepare an XAdES document. We don't have a Luna device right now (we did have it for testing before) so whatever sample we create will need polishing on your side.

Still we can create a sample for you (it will use whatever PKCS#11 driver is provided) if you purchase the license OR as a custom service. If you are interested, we can discuss the topic in the helpdesk.

The question of names is not applicable - all certificates on the device are enumerated one by one and then accessed by handle. You choose the needed certificate based on its properties - Subject name, Issuer name, Serial number. Labels are not part of the equation.


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackFilter
A component to monitor and control disk activity, track file and directory operations (create, read, write, rename etc.), alter file data, encrypt files, create virtual files.

Reply

Statistics

Topic viewed 1562 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!