Search code examples
javapkcs#11pcsc

java: Error initializing PCKS11 provider getting IOException C_GetFunctionList == NULL

I'm trying to write a Java application for digitally signing documents using a bit4Id miniLector token.

I'm in a Linux development environment.

The token is correctly installed, I can sign my documents also with the app downloaded from the manufacturer, but I have to write a new one for other purposes. The driver used is located at

/usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so

I'm stuck with this error:

/usr/lib/jvm/jdk1.8.0_111/bin/java ...
Exception in thread "main" java.security.ProviderException: Initialization failed
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:376)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103)
at com.itextpdf.samples.signatures.chapter02.C2_01_SignHelloWorld.main 
(C2_01_SignHelloWorld.java:83)
Caused by: java.io.IOException: ERROR: C_GetFunctionList == NULL
at sun.security.pkcs11.wrapper.PKCS11.connect(Native Method)
at sun.security.pkcs11.wrapper.PKCS11.<init>(PKCS11.java:138)
at sun.security.pkcs11.wrapper.PKCS11.getInstance(PKCS11.java:151)
at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:313)
... 2 more

The provider is listed in $JAVA_HOME/jre/lib/security/java.security file as:

security.provider.10=sun.security.pkcs11.SunPKCS11

The code behaving this way is this:

String configFile = "/opt/bar/cfg/pkcs11.cfg";
Provider provider = new sun.security.pkcs11.SunPKCS11(configFile); <-- line 83

The needed libraries are all imported by my IDE and I have no compile/link errors.

I didn't find this exact type of error in hours of googling.

If you need any further information let me know, any kind help is very appreciated, thanks.

For visual clarity I add all missing information with respect to the original question here below

Updates

Content of the pkcs11.cfg file:

$ cat /opt/bar/cfg/pkcs11.cfg
name="bit4id miniLector-EVO"
library=/usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so
Solution

  • Ok, I got it.

    The problem is the driver.

    Replacing

    /usr/lib/x86_64-linux-gnu/engines-1.1/pkcs11.so

    with

    /opt/Firma4NG/System/Firma4NG_Linux/Firma4/drivers/mu-x64/libbit4xpki.so

    that is one of the manufacturer's driver, now I can go further and, for example, dumping all info about the card:

    Information for provider SunPKCS11-bit4id miniLector-EVO
Library info:
  cryptokiVersion: 2.20
  manufacturerID: bit4id srl                      
  flags: 0
  libraryDescription: bit4id PKCS#11                  
  libraryVersion: 1.02
...

    This question can be closed.