ckr_key_type_inconsistent:在使用NSS的SunPKCS11以FIPS模式派生时
环境详细信息: Java:OpenJDK-1.8.0.312 OS:RHEL8
以下是配置的安全提供商。 SUNPKCS11-NSS-FIPS, 太阳1.8, Sunec 1.8, Sunjsse 1.8
注意:
当添加新的JCE时,问题消失了。添加Sunjce或BouncycastlefipsProvider安全提供商时工作。
已经确认了无限强度加密可用的(通过cipher.getmaxloweredkeylength(“ aes”)=〜大数)
)
Caused by: java.security.InvalidKeyException: init() failed
at sun.security.pkcs11.P11Mac.engineInit(P11Mac.java:208)
at javax.crypto.Mac.chooseProvider(Mac.java:350)
at javax.crypto.Mac.init(Mac.java:415)
at com.amazonaws.auth.AbstractAWSSigner.sign(AbstractAWSSigner.java:127)
... 36 common frames omitted
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_KEY_TYPE_INCONSISTENT
at sun.security.pkcs11.wrapper.PKCS11.C_SignInit(Native Method)
at sun.security.pkcs11.P11Mac.initialize(P11Mac.java:177)
at sun.security.pkcs11.P11Mac.engineInit(P11Mac.java:206)
... 39 common frames omitted请问吗?
Environment details:
Java: openjdk-1.8.0.312
OS: RHEL8
Following are the security providers configured.
SunPKCS11-NSS-FIPS,
SUN 1.8,
SunEC 1.8,
SunJSSE 1.8
Note:
The issue disappears when added a new JCE. Worked when added SunJCE or BouncyCastleFipsProvider security provider.
Have confirmed unlimited strength crypto availabel (via Cipher.getMaxAllowedKeyLength("AES") =~ large number)
Caused by: java.security.InvalidKeyException: init() failed
at sun.security.pkcs11.P11Mac.engineInit(P11Mac.java:208)
at javax.crypto.Mac.chooseProvider(Mac.java:350)
at javax.crypto.Mac.init(Mac.java:415)
at com.amazonaws.auth.AbstractAWSSigner.sign(AbstractAWSSigner.java:127)
... 36 common frames omitted
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_KEY_TYPE_INCONSISTENT
at sun.security.pkcs11.wrapper.PKCS11.C_SignInit(Native Method)
at sun.security.pkcs11.P11Mac.initialize(P11Mac.java:177)
at sun.security.pkcs11.P11Mac.engineInit(P11Mac.java:206)
... 39 common frames omittedAny pointers please?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
事实证明,这是RHEL8 + OPENJDK1.8的问题,提到的分辨率/解决方法 - https:// casse .redhat.com/solutions/6778751
This turned out to be an issue with RHEL8 + OpenJDK1.8, resolutions/workarounds mentioned - https://access.redhat.com/solutions/6778751