Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

How to use the new PKCS11-Provider?

843810Oct 1 2004 — edited May 14 2005

Hi,

i want to access a smart card as a keystore, but it doesnt work.
i tried the following, that works:

//----------------------------------------------------------------
String configName = "pkcs11.config";
p = new sun.security.pkcs11.SunPKCS11(configName);
Security.addProvider(p);

KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA",p);
KeyPair kp = gen.generateKeyPair();
System.out.println(kp.getPrivate());
Signature sig = Signature.getInstance("MD5withRSA",p);
sig.initSign(kp.getPrivate());
sig.update("Hello World".getBytes());
byte[] sigBytes = sig.sign();
//----------------------------------------------------------------

so i can generate a keypair and use it for signing. but when i try to get a keystore, i get the message: "java.security.KeyStoreException: pkcs11 not found" with both sample codes:

//----------------------------------------------------------------
char[] pin = {'1','2','3','4'};
KeyStore.Builder builder = KeyStore.Builder.newInstance("pkcs11",p ,
new KeyStore.PasswordProtection(pin) );
KeyStore ks = builder.getKeyStore();
//----------------------------------------------------------------
char[] pin = {'1','2','3','4'};
KeyStore ks = KeyStore.getInstance("PKCS11",p);
ks.load(null, pin);
//----------------------------------------------------------------

my config- file looks like this:

//----------------------------------------------------------------
name = Safesign
library = c:/windows/system32/aetpkss1.dll

enabledMechanisms = {
CKM_RSA_PKCS
CKM_RSA_PKCS_KEY_PAIR_GEN
CKM_MD5
}
//----------------------------------------------------------------

"p.list(System.out);" will print out the following:

//----------------------------------------------------------------
-- listing properties --
Signature.SHA512withRSA=sun.security.pkcs11.P11Signature
Signature.MD5withRSA=sun.security.pkcs11.P11Signature
Signature.SHA1withRSA=sun.security.pkcs11.P11Signature
Provider.id className=sun.security.pkcs11.SunPKCS11
KeyFactory.RSA=sun.security.pkcs11.P11RSAKeyFactory
Provider.id version=1.5
MessageDigest.MD5=sun.security.pkcs11.P11Digest
Signature.SHA384withRSA=sun.security.pkcs11.P11Signature
KeyPairGenerator.RSA=sun.security.pkcs11.P11KeyPairGenerator
Provider.id name=SunPKCS11-Safesign
Signature.SHA256withRSA=sun.security.pkcs11.P11Signature
Cipher.RSA/ECB/PKCS1Padding=sun.security.pkcs11.P11RSACipher
Signature.MD2withRSA=sun.security.pkcs11.P11Signature
Provider.id info=SunPKCS11-Safesign using library c:/w...
//----------------------------------------------------------------

so it seems that there is no keystore supported, but i can access (and use) the card from the mozilla browser via the same dll. do i need some more configuration!?

thanks in advance
sebastian

ps: i'm using a g&d smartcafe java card with a safesign token

Locked Post

New comments cannot be posted to this locked post.

Locked on Jun 11 2005

Added on Oct 1 2004

#cryptography

8 comments

3,984 views