安装nCipherKM测试时发生错误

时间:2019-11-08 10:36:21

标签: java hsm

当我运行java com.ncipher.provider.InstallationTest来检查正确的安装提供程序nCipherKM时发生错误。

> java com.ncipher.provider.InstallationTest
talled providers:
nCipherKM
SUN
SunRsaSign
SunEC
SunJSSE
SunJCE
SunJGSS
SunSASL
XMLDSig
 SunPCSC
 SunMSCAPI

Exception in thread "main" java.lang.ExceptionInInitializerError
        at javax.crypto.JceSecurity.loadPolicies(JceSecurity.java:378)
        at javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:323)
        at javax.crypto.JceSecurity.access$000(JceSecurity.java:50)
        at javax.crypto.JceSecurity$1.run(JceSecurity.java:85)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:82)
        at javax.crypto.JceSecurityManager.<clinit>(JceSecurityManager.java:65)
        at javax.crypto.Cipher.getConfiguredPermission(Cipher.java:2586)
        at javax.crypto.Cipher.getMaxAllowedKeyLength(Cipher.java:2610)
        at com.ncipher.provider.InstallationTest.unlimitedStrengthJurisdictionPolicyFilesInstalled(InstallationTest.java:130)
        at com.ncipher.provider.InstallationTest.main(InstallationTest.java:70)
Caused by: java.lang.SecurityException: Framework jar verification can not be initialized
        at javax.crypto.JarVerifier.<clinit>(JarVerifier.java:228)
        ... 11 more
Caused by: com.ncipher.provider.nCCommunicationException: Error NoUsableModules while opening channel for MessageDigest mech 44 (SHA1Hash)
        at com.ncipher.provider.nCHash.openChannel(nCHash.java:208)
        at com.ncipher.provider.nCHash.updateChannel(nCHash.java:215)
        at com.ncipher.provider.nCHash.flush(nCHash.java:175)
        at com.ncipher.provider.nCHash.engineDigest(nCHash.java:91)
        at java.security.MessageDigest$Delegate.engineDigest(Unknown Source)
        at java.security.MessageDigest.digest(Unknown Source)
        at javax.crypto.JarVerifier.getSystemEntropy(JarVerifier.java:857)
        at javax.crypto.JarVerifier.testSignatures(JarVerifier.java:744)
        at javax.crypto.JarVerifier.access$400(JarVerifier.java:37)
        at javax.crypto.JarVerifier$1.run(JarVerifier.java:222)
        at javax.crypto.JarVerifier$1.run(JarVerifier.java:187)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.crypto.JarVerifier.<clinit>(JarVerifier.java:186)
        ... 11 more

我做什么:

  1. 将nCipherKM.jar文件从/ java / classes复制到/ jre / lib / ext。
  2. 从oracle下载Java密码学扩展(JCE)无限强度管辖权策略文件,并将local_policy.jar和US_export_policy.jar复制到yjre / lib / security

  3. 首先添加到jre / lib / security / java.security nCipherKM提供程序中:

    security.provider.1 = com.ncipher.provider.km.mCipherKM security.provider.2 = sun.security.provider.Sun security.provider.3 = sun.security.rsa.SunRsaSign ...

  4. 运行:

      

    java com.ncipher.provider.InstallationTest

然后犯错误。

1 个答案:

答案 0 :(得分:0)

问题是您的HSM无法使用,这意味着它们无法访问,处于错误模式或处于其他无法使用的状态:

  

原因:com.ncipher.provider.nCCommunicationException:错误   在打开MessageDigest机械44的通道时出现NoUsableModules   (SHA1Hash)

运行/ opt / nfast / bin / enquiry找出模块的状态,并相应地进行修复。

您将nCipherKM作为列表中的第一名(正如您在手册中所说的那样),这意味着您的JVM将使用它进行所有加密操作(包括哈希)。

相关问题
最新问题