Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-3728

Generating key from a key template imported via statedump renders the crypto token useless


    • Type: Bug
    • Status: Closed
    • Priority: Critical
    • Resolution: Duplicate
    • Affects Version/s: EJBCA 6.2.1
    • Fix Version/s: None
    • Component/s: PKI core
    • Issue discovered during:


      If a key is generated from a key template (that was previously imported through a statedump), the crypto token will be rendered useless by having all of its properties set to null (i.e. slot reference type, slot reference, path to PKCS#11 library).

      Reproduction steps:

      1. Create a statedump that contains a single crypto token with a single key (type PKCS#11).

      2. Load the statedump into separate instance of EJBCA (PKCS#11 slot with same configuration must be available on the HSM/emulator).

      3. Activate the crypto token.

      4. Click on the crypto token, and click on the 'Generate' button for the key template (the one marked with '(Not generated)').

      5. Restart JBoss.

      6. Try to access the crypto token information by going to crypto token page.

      Expected results:

      1. The crypto token still has its old configuration, and it's possible to activate it.

      Actual results:

      1. The crypto token has been rendered useless since it has wrong configuration.

      2. Crypto token's type is preserved, but library is empty, reference type is 'CRYPTOTOKEN_LABEL_TYPE_null', and reference is empty.

      Additional information:

      When listing the crypto token information from CLI (ejbca.sh cryptotoken list), the following output is visible for it:

      "UtopiaRootCA" (-112570172) PKCS11CryptoToken, offline, manual, library=, Slot Label=null, Slot Label Type=null, attributes=

      Furthermore, if the crypto token is changed in some way (let's say enable/disable auto activation) before JBoss restart, all will be good.


          Issue Links



              samuel Samuel Lidén Borell
              branko Branko Majic (Inactive)
              0 Vote for this issue
              3 Start watching this issue