I'm trying to access a smartcard on a linux system on a VM. The USB device is mapped to the VM and can be listed via lsusb (ID 076b:3021 OmniKey AG CardMan 3121). I can access the smartcard via pkcs11-tool and pkcs15-tool. Also firefox can access the token via the /usr/lib/opensc-pkcs11.so library.
But when I try to access the smartcard from Java, an empty keystore is returned. I'm using the following configuration for the sun.security.pkcs11.SunPKCS11 provider.
name = PKCS11Test
library = /usr/lib/opensc-pkcs11.so
slot = 0
When using a different slot (I tried slot 0-15), I get CKR_PIN_INCORRECT errors or "PKCS11 not found". In my tests I'm loading the keystore like this:
char[] pin = "123456".toCharArray();
KeyStore ks = KeyStore.getInstance("PKCS11", p);
ks.load(null, pin);
On the other hand the pkcs11-tool returned for slot 0:
Slot 0 CCID Compatible
token model: PKCS#15 emulated
As Java seems to access the card on slot 0 (at least no error is returned), I'm probably doing something else wrong in accessing the keystore. How can I access the private key?