KeyManager service error: pkcs11.wrapper.PKCS11Exception: CKR_GENERAL_ERROR

Hi
We have built the keymanager using docker file and we have tried to start it but we are getting the following error:
. pkcs11.wrapper.PKCS11Exception: CKR_GENERAL_ERROR

Please note that we have also updated the client.zip file that contains the hsm conf , it has been copied from softHsm to artifactory.

Below the stack error:

Error creating bean with name ‘keymanagerServiceImpl’: Unsatisf’; nested exception is org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'keykernel-keymanager-service.jar!/BOOT-INF/classes!/io/mosip/kernel/keymanager/hsm/impl/KeyStoreImpl.class]: Invocativa.lang.reflect.InvocationTargetException\n\tat org.springframework.beans.factory.annotation.AutowiredAnnotationBeowiredAnnotationBeanPostProcessor.java:587)\n\tat org.springframework.beans.factory.annotation.InjectionMetadata.igframework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor.postProcessPropertyValues(AutowiredAnnotaframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactoryory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:578)\n\tat orgutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:501)\n\tat org.springframework.beans.Bean$0(AbstractBeanFactory.java:317)\n\tat org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.28)\n\tat org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:315)\n\stractBeanFactory.getBean(AbstractBeanFactory.java:199)\n\tat org.springframework.beans.factory.config.DependencyDjava:251)\n\tat org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultLimework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:1065)\n.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotationBeanPostProcessor.java:584)\springframework.beans.factory.BeanCreationException: Error creating bean with name ‘keyStoreImpl’ defined in URL [ar!/BOOT-INF/classes!/io/mosip/kernel/keymanager/hsm/impl/KeyStoreImpl.class]: Invocation of init method failed; nargetException\n\tat org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(Aat org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapabk.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:501).AbstractBeanFactory.lambda$doGetBean$0(AbstractBeanFactory.java:317)\n\tat org.springframework.beans.factory.suppfaultSingletonBeanRegistry.java:228)\n\tat org.springframework.beans.factory.support.AbstractBeanFactory.doGetBeanramework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:199)\n\tat org.springframeworkveCandidate(DependencyDescriptor.java:251)\n\tat org.springframework.beans.factory.support.DefaultListableBeanFactry.java:1138)\n\tat org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(Defaultramework.beans.factory.annotation.AutowiredAnnotationBeanPostProcessor$AutowiredFieldElement.inject(AutowiredAnnotn frames omitted\nCaused by: java.lang.reflect.InvocationTargetException: null\n\tat java.base/jdk.internal.reflecive Method)\n\tat java.base/jdk.internal.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccesslect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)\n\tat java.base/javar.java:490)\n\tat io.mosip.kernel.keymanager.hsm.impl.KeyStoreImpl.afterPropertiesSet(KeyStoreImpl.java:156)\n\tatactAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1765)\n\tat org.springframbleBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1702)\n\t… 50 common frames omitted\nCauseNoSuchSecurityProviderException: KER-KMA-001 → Config file invalid; \nnested exception is java.security.Providerkernel.keymanager.hsm.impl.pkcs.PKCS11KeyStoreImpl.setupProvider(PKCS11KeyStoreImpl.java:176)\n\tat io.mosip.kerneitKeystore(PKCS11KeyStoreImpl.java:147)\n\tat io.mosip.kernel.keymanager.hsm.impl.pkcs.PKCS11KeyStoreImpl.(Pmes omitted\nCaused by: java.security.ProviderException: Initialization failed\n\tat jdk.crypto.cryptoki/sun.securn\tat jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11$1.run(SunPKCS11.java:115)\n\tat jdk.crypto.cryptoki/sun.se)\n\tat java.base/java.security.AccessController.doPrivileged(Native Method)\n\tat jdk.crypto.cryptoki/sun.securit\n\tat io.mosip.kernel.keymanager.hsm.impl.pkcs.PKCS11KeyStoreImpl.setupProvider(PKCS11KeyStoreImpl.java:173)\n\t.rity.pkcs11.wrapper.PKCS11Exception: CKR_GENERAL_ERROR\n\tat jdk.crypto.cryptoki/sun.security.pkcs11.wrapper.PKCS1ryptoki/sun.security.pkcs11.wrapper.PKCS11$SynchronizedPKCS11.C_Initialize(PKCS11.java:1631)\n\tat jdk.crypto.crypnce(PKCS11.java:166)\n\tat jdk.crypto.cryptoki/sun.security.pkcs11.SunPKCS11.(SunPKCS11.java:338)\n\t… 64 nager-service"

Are you using softhsm or a commercial HSM?

Hi
I’am using sofHsm of mosip.
Please note that I have tested the below command and it worked perfectly:
pkcs11-tool --module /usr/local/lib/libpkcs11-proxy.so -l -k --key-type rsa:2048 --id 4142 --label tokenKey1 --pin 1111
This command has been executed inside the softhsm conatiner.
below its output:

Using slot 0 with a present token (0x68df9638)
Key pair generated:
Private Key Object; RSA
label: tokenKey1
ID: 4142
Usage: decrypt, sign, unwrap
Public Key Object; RSA 2048 bits
label: tokenKey1
ID: 4142
Usage: encrypt, verify, wrap

Hi Zeddari,

softHSM docker configuration looks fine. MOSIP keymanager container uses “pcks11 proxy” as client to softHSM. This PKCS11 proxy communicates with softHSM through tcp connection and this proxy client expects an environment variable in keymanager container. Can you please confirm whether the environment variable added in keymanager docker.

Here is environment variable name:
PKCS11_PROXY_SOCKET=tcp://:

Here is full value
PKCS11_PROXY_SOCKET=tcp://{softhsm-container-host-name}:{port-no}

Hi
thank you for your replay.
we should add it in the docker run command:
docker run --add-host config-server:xxx --add-host postgres:xx–add-host artifactory-service:xx -d -e iam_adapter_url=‘https://repo1.maven.org/maven2/io/mosip/kernel/kernel-auth-adapter/1.2.0/kernel-auth-adapter-1.2.0.jar’ -e db.dbuser.password=‘xxxxx’ -e PKCS11_DAEMON_SOCKET=‘tcp://xxxxx:5666’ -e PKCS11_PROXY_SOCKET=‘tcp://xx:5666’

Are you not using Kubernetes? Any specific reason?