pkcs#11

Hi I am trying to prevent multiple pin prompts for every pdf that needs to be signed. I am using code from this example : Pin is required when this part of code get process : MakeSignature.SignDetached(appearance, pks, chain, crlList, ocspClient, tsaClient, estimatedSize, subfilter); Is there any way to memorize token pin and sing rest of pdfs without prompting for pin? Finally I found solution, this code does the trick : ... RSACryptoServiceProvider rsa = (RSACryptoServiceProvider)pk.PrivateKey; CspParameters cspp = new CspParameters(); cspp.KeyContainerName = rsa.CspKeyContainerInfo

I have a SSL server in python to which I defined the following SSLContext: context = ssl.SSLContext(ssl.PROTOCOL_TLSv1) context.verify_mode = ssl.CERT_REQUIRED context.load_verify_locations(CACERTFILE) context.load_cert_chain(CERTFILE,KEYFILE) CERTFILE and KEYFILE contain a path to the server's certificate and private key. But you always have to provide a path to load_cert_chain(). I don't want to retrieve the private key from a file, but from a PKCS#11 wrapper like PyKCS11 or M2Crypto. How does the context of the SSL socket has to look like, if I want to load the private key as a session

How can I use key material from a PKCS#11 compliant HSM (for example a SafeNet iKey 2032 [USB] or a Aladdin eToken PRO [USB]) in PHP application running on a Linux server? I have not seen, and a cursory search has not found, a PCKS#11 glue library for PHP. Probably not the answer you're looking for. (: If you have better search fu than I, do update this thread. I think your best bet would be to write a C program that calls PKCS#11 and accesses the HSM, and call that from your PHP app as an external binary. Even if a PKCS#11 wrapper emerges for PHP, this approach will give you the full API

I'm trying to use an Estonian ID card for SSL client authentication in a java program. This works in Chrome/Firefox against both banking sites and test servers (nginx or openssl s_server). However my Java client (okhttp) works fine for a local keystore and fails when trying to use the ID card. I've boiled it down to this test case which reproduces the problem I see in a debugger and with logging (-Djavax.net.debug=ssl:handshake). I can communicate with the card, e.g. I can print out the certificates for the same key. I'm piggybacking on the DigiDoc3 Client on Mac OSX. I can see the exception

I'm almost losing hope on this one. I'm trying to access the Firefox trust store from Java 7 using the NSS libraries that come with the Firefox installation, via PKCS#11. Here is the code: import java.security.KeyStore; import java.security.Security; import java.util.Enumeration; import sun.security.pkcs11.SunPKCS11; public class Test { public static void main(String[] args) throws Exception { String configName = "pkcs11.cfg"; SunPKCS11 p = new SunPKCS11(configName); Security.addProvider(p); KeyStore ks = KeyStore.getInstance("PKCS11", p); ks.load(null, "apassword".toCharArray()); System.out

I am trying to use opensc-pkcs11.so which I have built on Redhat linux 5. However, when I try to use in a sample program it is giving a linking error: main.cpp:(.text+0x265): undefined reference to `C_Initialize' The sample code snippet is as follows: int main() { CK_RV l_rv = 0; l_rv = C_Initialize(NULL_PTR); //other staffs ... } If I see the nm output of opensc-pkcs11.so it is showing: -bash-3.2$ nm opensc-pkcs11.so |grep C_Initialize 0000000000008c70 t C_Initialize What is the meaning of 't'? I see it is not 'T'. But is also not 'U'. Can anybody suggest what is happening? Thanks in advance.

I try to develop a javafx aplication that access a smartcard. I have a simple proof of concept, like this: package javafxapplication7; import java.net.URL; import java.util.ResourceBundle; import javafx.event.ActionEvent; import javafx.fxml.FXML; import javafx.fxml.Initializable; import javafx.scene.control.Label; import sun.security.pkcs11.SunPKCS11; public class SampleController implements Initializable { @FXML private Label label; @FXML private void handleButtonAction(ActionEvent event) { SunPKCS11 a = new SunPKCS11(); } @Override public void initialize(URL url, ResourceBundle rb) { // TODO

I wish to do the following: Login or unlock my windows account with a smartcard (I know how). The smartcard prompts for PIN. Then access a java software inside the account - and I want to use the same smartcard during its operation. However, I don't want it to prompt for PIN, but rather rely on the prior windows authentication. Question: is this possible? Thank you. If you're allowed to patch your existing login procedures, perhaps its worth it to look at pGina (http://pgina.org/), as it is a modular replacement for the GINA part of Windows. Michael-O coming from Incorparating SSO in addition