13.16. Cryptographic Features

13.16.1. sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ARGUMENTS_BAD

This problem manifests as exceptions ultimately caused by:

Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ARGUMENTS_BAD
	at sun.security.pkcs11.wrapper.PKCS11.C_DecryptUpdate(Native Method)
	at sun.security.pkcs11.P11Cipher.implDoFinal(P11Cipher.java:795)

This problem appears to affect some versions of OpenJDK 7 shipped by some Linux vendors. NSS is configured as the default provider. If the host has an x86_64 architecture, depending on if the vendor packages contain the defect, the NSS provider will not function correctly.

To work around this problem, find the JRE home directory and edit the file lib/security/java.security. Edit the file to comment out the line:

security.provider.1=sun.security.pkcs11.SunPKCS11 ${java.home}/lib/security/nss.cfg

Then renumber the remaining providers accordingly.

comments powered by Disqus