pkcs#11

I'm interested in Java-NSS libraries, and I'm reading the Sun's P11 Guide . I am confused on the following: What is the difference between using a PKCS12 keystore and a PKCS11 keystore? A keystore is just a keystore, right? Are there some differences? Can they be used interchangeably in any aspect? PKCS#12 is a file format (often called .p12 or .pfx) where you can store a private key and certificates. It's used for converting/transporting keys and certificates, mainly. If you export a private key + certificate from your browser, it's likely going to be in that format. PKCS#11 is an interface,

I have initialized the SunPKCS11 provider by: Provider provider = new sun.security.pkcs11.SunPKCS11("path_to_pkcs11.cfg"); Security.addProvider(provider); And then I'm using this provider to initialize a KeyStore to use a key for cipher operations. KeyStore ks = KeyStore.getInstance("PKCS11", provider); ks.load(null, "password".toCharArray()); Once I'm done with the cipher operations, how should I finalize the session with the PKCS11 token? I have tried removing the Provider, but it didn't work. Security.removeProvider("sunPCKS11ProviderName"); The next time I try to communicate with the Token

So I have this c# webservice that eventuallly calls C_GetSlotList() method from the German Elster toolkit (Eric) thru some smartcard usb driver placed in system32 folder. I have a smartcard in the computer server. When I host my service in IIS Express everything works fine, however in IIS it doesn't. What could be the problem? Does something block IIS from accessing the driver? I made sure that the identity of the application pool I'm using has admin rights. I'm using Windows 7 professional and this is the kind of log I am getting: 2016-10-18 15:16:58,144560 INFO: esigner cryptokiVersion = 02

We have written a document management system and would like to digitally sign documents using the web client. Our Java client application is already able to apply and check digital signature, but we would like to make signature even with our web client. This is written in GWT and so, when run on the client side, it is a JavaScript application. We not want to create a Java applet and download it on the client and execute it. We would like to use the browser security device or the browser API in order to sign a document. We would also like to keep the complete document server side, and move to

We are creating a three-factor authentication for a website due to a legal requirements in one Scandinavian country. The customer is using NetID branded browser plug-ins to do a PKCS #11 certificate authentication in the browser. The smartcards are supplied centrally by a partner on the customer. This subject does not have much on-line resources or tutorials available. Would someone have any pointers to example implementations or tutorials how to do PKCS11 authentication in a web browser? EDIT: Found about SSL client certificates Looks like the authentication method is SSL Client Certificate

I have the latest opensc 0.12.2 running on ubuntu 11.10 with OpenJDK ( java version "1.6.0_22") I can read my smartcard (a Feitian ePass PKI) with pkcs15-tool --dump Now i try to use my smartcard with keytool: keytool -providerClass sun.security.pkcs11.SunPKCS11 \ -providerArg /etc/opensc/opensc-java.cfg \ -keystore NONE -storetype PKCS11 -list which results in an error: keytool error: java.security.KeyStoreException: PKCS11 not found java.security.KeyStoreException: PKCS11 not found at java.security.KeyStore.getInstance(KeyStore.java:603) at sun.security.tools.KeyTool.doCommands(KeyTool.java