javakeytooljava-9pkcs#11java-security

SunPKCS11 provider not found with keytool

I am running the following command with java 9 : 

keytool -keystore NONE -storetype PKCS11 -providerClass
     sun.security.pkcs11.SunPKCS11 -providerArg pkcs11conf -list

and get the flowing error :

keytool error: java.lang.Exception: Provider "sun.security.pkcs11.SunPKCS11" not found

In Java 8 it works.

How does one use keytool with SunPKCS11 provider?

Solution

  • The problem was with my pkcs11conf file. Java don't like the single backslash in my DLL path :

    "C:\Path\to\my\pkcs11lib\mypkcs11lib.dll" : Wrong

    "C:\\Path\\to\my\\pkcs11lib\\mypkcs11lib.dll" : OK

    The different between Java 8 and Java 9 is the error message.

    Java 9 :

    keytool error: java.lang.Exception: Provider "sun.security.pkcs11.SunPKCS11" not found

    Java 8 :

    keytool error: java.lang.reflect.InvocationTargetException

    I realized that when I added -v to the command.

    Java 9 :

    java.lang.Exception: Provider "sun.security.pkcs11.SunPKCS11" not found
        at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:798)
        at java.base/sun.security.tools.keytool.Main.run(Main.java:397)
        at java.base/sun.security.tools.keytool.Main.main(Main.java:390)
Caused by: sun.security.pkcs11.ConfigurationException: Absolute path required for library value: xxx.dll
        at jdk.crypto.cryptoki/sun.security.pkcs11.Config.parseLibrary(Config.java:682)
        at jdk.crypto.cryptoki/sun.security.pkcs11.Config.parse(Config.java:392)
        at jdk.crypto.cryptoki/sun.security.pkcs11.Config.<init>(Config.java:210)
        at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunPKCS11.java:113)
        at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunPKCS11.java:110)
        at java.base/java.security.AccessController.doPrivileged(Native Method)
        at jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.configure(SunPKCS11.java:110)
        at java.base/sun.security.tools.KeyStoreUtil.loadProviderByName(KeyStoreUtil.java:285)
        at java.base/sun.security.tools.KeyStoreUtil.loadProviderByClass(KeyStoreUtil.java:309)
        at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:788)
        ... 2 more

    Java 8:

    java.lang.reflect.InvocationTargetException
        at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)
        at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(Unknown Source)
        at java.lang.reflect.Constructor.newInstance(Unknown Source)
        at sun.security.tools.keytool.Main.doCommands(Unknown Source)
        at sun.security.tools.keytool.Main.run(Unknown Source)
        at sun.security.tools.keytool.Main.main(Unknown Source)
Caused by: java.security.ProviderException: Error parsing configuration
        at sun.security.pkcs11.Config.getConfig(Config.java:88)
        at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:129)
        at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
        ... 7 more
Caused by: sun.security.pkcs11.ConfigurationException: Absolute path required for library value: xxx.dll
        at sun.security.pkcs11.Config.parseLibrary(Config.java:690)
        at sun.security.pkcs11.Config.parse(Config.java:398)
        at sun.security.pkcs11.Config.<init>(Config.java:220)