LunaCryptokiException: function 'CrystokiConnect failed' returns 0x0 作为非 root 用户

LunaCryptokiException: function 'CrystokiConnect failed' returns 0x0 as non root user

我使用 Luna SA 和 SDK 生成密钥对。

当我试图列出密钥库时(作为非 root 用户)它抛出以下异常。如果我以 root 用户身份尝试,它会列出并正常工作。

我已将读写权限授予非 root 用户。

keytool error: java.security.KeyStoreException: LUNA not found
java.security.KeyStoreException: LUNA not found

Caused by: com.safenetinc.luna.LunaCryptokiException: function 'CrystokiConnect failed' returns 0x0
        at com.safenetinc.luna.LunaCryptokiException.ThrowNew(LunaCryptokiException.java:)
        at com.safenetinc.luna.LunaAPI.Initialize(Native Method)
            at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
        at sun.reflect.NativeConstructorAccessorImpl.newInstance(Unknown Source)

任何帮助,我如何以非根用户身份列出密钥库?

父文件夹,证书所在的位置用于连接 hsm 进行握手,luna bin 文件夹应该具有非 root 用户的读取和执行权限。

我错过了!

我遇到了同样的问题,在我们向 /usr/safenet/lunaclient/

提供适当的权限后,问题得到了解决
chmod -R 777  /usr/safenet/lunaclient/

我遇到了同样的问题,我还必须修复文件 /etc/Chrystoki.conf.

的权限

即使在向 /usr/safenet/lunaclient/ 提供了适当的许可后,我也遇到了同样的问题。在给予 /usr/safenet/ 文件夹

755 权限后解决了这个问题
chmod -R 755  /usr/safenet/

来自他们的official guide

To allow non-root users or applications access your attached HSMs and partitions, assign the users to the hsmusers group. The users you assign to the hsmusers group must exist on the client workstation. Users you add to the hsmusers group are able to access your attached HSMs and partitions. Users who are not part of the hsmusers group are not able to access your attached HSMs and partitions.

sudo gpasswd --add <username> hsmusers