Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Create PKCS10 Certificate request.

843811Sep 26 2006 — edited Sep 27 2006
Dear all.
i want to create Certificate request (pkcs10) , with use of Alaeddin etoken pro.
i did the job with pkc#12 keystore like follow:

/**
* create a PKCS10 certfication request using the named provider.
*/ 
  public PKCS10CertificationRequest(
            String signatureAlgorithm,
            X509Name subject,
            PublicKey key,
            ASN1Set attributes,
            PrivateKey signingKey,
            String provider)
            throws NoSuchAlgorithmException, NoSuchProviderException,
            InvalidKeyException, SignatureException {
        DERObjectIdentifier sigOID = algorithms.get(signatureAlgorithm.toUpperCase());

        if (sigOID == null) {
            throw new IllegalArgumentException("Unknown signature type requested");
        }

        if (subject == null) {
            throw new IllegalArgumentException("subject must not be null");
        }

        if (key == null) {
            throw new IllegalArgumentException("public key must not be null");
        }

        this.sigAlgId = new AlgorithmIdentifier(sigOID, null);

        byte[]                  bytes = key.getEncoded();
        ByteArrayInputStream bIn = new ByteArrayInputStream(bytes);
        ASN1InputStream dIn = new ASN1InputStream(bIn);

        try {
            this.reqInfo = new CertificationRequestInfo(subject, new SubjectPublicKeyInfo((ASN1Sequence) dIn.readObject()), attributes);
        }
        catch (IOException e) {
            throw new IllegalArgumentException("can't encode public key");
        }
        Signature sig;

        try {
            sig = Signature.getInstance(sigAlgId.getObjectId().getId(), provider);
        }
        catch (NoSuchAlgorithmException e) {
            sig = Signature.getInstance(signatureAlgorithm, provider);
        }

        sig.initSign(signingKey);


        try {
            ByteArrayOutputStream bOut = new ByteArrayOutputStream();
            DEROutputStream dOut = new DEROutputStream(bOut);

            dOut.writeObject(reqInfo);

            sig.update(bOut.toByteArray());
        }
        catch (Exception e) {
            throw new SecurityException("exception encoding TBS cert request - " + e);
        }

        this.sigBits = new DERBitString(sig.sign());
    }
but when i change the provider to pkcs#11 (Alaeddin etoken) , because of cant access to private key from etoken, i get the error :
java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_SENSITIVE

please help me on this issue, how can i sign the request without using private key directly?
a sample code if possible?
regards!
Hamzeh Khazaei.

Message was edited by:
khazaei@hamzeh

in briefly how can i sign with (Alaeddin) etoken ?
how can access to private key for singing?
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Oct 25 2006
Added on Sep 26 2006
#cryptography
1 comment
537 views