Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Problem using SmartCard with 2 Certificates stored and SunPKCS11

843811Apr 20 2005 — edited Sep 25 2008
Hi,
I'm trying to access one SmartCard token in Java 1.5 using SunPKCS11 provider for crypt, decrypt and digital signature operations.

I have 2 certificates stored on Token:
- CertA;
- CertB.

There are also 2 PIN:
- PIN1;
- PIN2.

I use:
- PIN1 for logging into the token;
- PIN1 for operation involving CertA;
- PIN2 for operation involving CertB;

There is no problem to logging into the token using Java and, without any troubles, I can read certificates and key from the
cryptographic card.

There is no problem using CertA for all my operation, but every attempt of using Private Key of CertB (for the same operations) returns with an Exception:
java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DEVICE_ERROR

Here there's an extract of my source code.


public void loginToken() {

Provider UserProvider = new sun.security.pkcs11.SunPKCS11(C:\\pkcs11.cfg);
Security.addProvider(UserProvider);

try {

KeyStore ks = null;
X509Certificate UserCert = null;
PrivateKey UserCertPrivKey = null;
PublicKey UserCertPubKey = null;

//PIN
char PIN1[] = "11111".toCharArray();
char PIN2[] = "22222".toCharArray();

//logging into token
ks = KeyStore.getInstance("PKCS11", UserProvider);
ks.load(null, PIN1);

//enumeration alias
String alias = "";
Enumeration e = ks.aliases();

while (e.hasMoreElements()) {

alias = (String) e.nextElement();

//Certificate
UserCert = (X509Certificate) ks.getCertificate(alias);

//PublicKey
UserCertPubKey = (PublicKey) ks.getCertificate(alias).getPublicKey();

if (alias.compareToIgnoreCase("Cert1") == 0) {

//PrivateKey reference
UserCertPrivKey = (PrivateKey) ks.getKey(alias, PIN1);

} else if (alias.compareToIgnoreCase("Cert2") == 0) {

//PrivateKey reference
UserCertPrivKey = (PrivateKey) ks.getKey(alias, PIN2);

} else {
System.out.println("ALIAS UNKNOW");
System.exit(1);
}
}

//Signature Test
if (!MakeSignature(UserCertPrivKey, UserProvider))
System.out.println(" *** SIGNATURE OK *** ");
else
System.out.println(" *** SIGNATURE KO *** ");

}
catch (Exception ex) {
System.out.println("ERROR: " + ex);
}

}


public boolean MakeSign(PrivateKey PrivKey, Provider p) {
try {

//File I/O
FileInputStream txtfis = new FileInputStream("C:\\Test.txt");
FileOutputStream sigfos = new FileOutputStream("C:\\Test_Signature.txt");

//Signature Obj init
Signature dsa = Signature.getInstance("SHA1withRSA", p.getName());
dsa.initSign(PrivKey);

//Update data
BufferedInputStream bufin = new BufferedInputStream(txtfis);
byte[] buffer = new byte[1024];
int len;
while (bufin.available() != 0) {
len = bufin.read(buffer);
dsa.update(buffer, 0, len);
}
bufin.close();

//Make signature
byte[] realSig = dsa.sign();

//save signature on file
sigfos.write(realSig);
sigfos.close();

return true;
}
catch (Exception ex) {
System.out.println("ERROR: " + ex);
return false;
}
}


Any help would be grateful...
Thanks in advance.

P.S. Sorry for my English
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Oct 23 2008
Added on Apr 20 2005
#other-security-apis-tools-and-issues
19 comments
3,102 views