Background
I'm using jdk1.6.0_18 and dkck201.dll (version 4.7.20.3016) with an iKey 2032 on Windows XP SP3.
Problem
When using the Java keytool to
list the certificates available on the token I can successfully see both the authentication certificate and the signing certificate.
keytool -list -v -keystore NONE -storetype PKCS11 -providerClass sun.security.pkcs11.SunPKCS11 -providerArg C:\pkcs11.cfg
with the following as my config file:
name=rainbow_token
library=dkck201.dll
However, the
alias names are not the same as the Friendly Names that are displayed in Microsoft CAPI. This is a problem because when I then try to use the
alias name to sign a JAR using the Java jarsigner utility I cannot correctly identify the appropriate certificate to use to sign the JAR.
If I use the
alias name that the keytool generates the jarsigner will fail. Furthermore, if I use the Friendly Name that is displayed in MS CAPI the jarsigner still fails.
However, if I use keytool with a smartcard and acpkcs201.dll I get the
alias names to match the Friendly Names that are displayed in MS CAPI. And then using those alias names in the jarsigner allows me to successfully sign a JAR file.
Does anyone have any ideas?