Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Using BouncyCastle

843811Jul 10 2006 — edited Oct 15 2006
Hello everyone!

I want to send signed, encrypted, signed and encrypted mail with BouncyCastleProvider, but my private key, public key and certificate are on smart card.
I configured:
security.provider.7=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.8=sun.security.pkcs11.SunPKCS11 c:/gemsafe/pkcs11.cfg

where pkcs11.cfg contains:
name = GemSafe
library = C:\gemsafe\gclib.dll

So my keystore provider is SunPKCS11-GemSafe. That's OK!!!

Command: keytool -keystore NONE -storetype PKCS11 -list works fine.

My SmartCard contains:
Certificate
RSA Public Key 1024 bits
RSA Private Key 1024 bits

Problem is that I don't know what services provides my SunPKCS11-GemSafe provider???

When I want to send, for example enveloped mail, I use SMIMEEnvelopedGenerator in BouncyCastle.
Part of code is:

...
KeyStore ks = KeyStore.getInstance("PKCS11");
char[] pin = "1234".toCharArray();
ks.load(null, pin);

Enumeration enumeration = ks.aliases();
String alias = String.valueOf(enumeration.nextElement());

PrivateKey pk = (PrivateKey)ks.getKey(alias, pin);
X509Certificate cer = (X509Certificate)ks.getCertificate(alias);

SMIMEEnvelopedGenerator gen = new SMIMEEnvelopedGenerator();
MimeBodyPart encryptedPart = encrypter.generate(message, SMIMEEnvelopedGenerator.RC2_CBC, "BC");
...

THERE IS MY PROBLEM!!!

If I use BouncyCastleProvider (BC), when I try to send email, program exits with a
message:... InvalidKeyException: Supplied key (sun.security.pkcs11.P11Key$P11PrivateKey) is not
a RSAPrivateKey instance at org.bouncycastle.mail.smime....

So, I suppose I have to change my line to:
MimeBodyPart encryptedPart = encrypter.generate(message, ?????????, "SunPKCS11-GemSafe");

What algorithm provides my provider? I read Java PKCS#11 Reference Guide and at the end of manual I read Sun PKCS#11 Supported Algorithms but I don't understand that table...

If I replace ??????? with Signature.MD5withRSA as 2nd row in the table says, compiler says:
NO SUCH ALGORITHM in SunPKCS11-GemSafe...

Maybe this is easy question for you, but I don't understand it.

How the supplied key is not instance of RSAPrivateKey? What does that mean? How do I change my code so it could work?
HELP!!!

Has anyone successed in sending cryptographically enhanced email with the usage of smart cards? How
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Nov 12 2006
Added on Jul 10 2006
#cryptography
14 comments
3,881 views