pkcs#11

问题 I wish to do the following: Login or unlock my windows account with a smartcard (I know how). The smartcard prompts for PIN. Then access a java software inside the account - and I want to use the same smartcard during its operation. However, I don't want it to prompt for PIN, but rather rely on the prior windows authentication. Question: is this possible? Thank you. 回答1: If you're allowed to patch your existing login procedures, perhaps its worth it to look at pGina (http://pgina.org/), as it

问题 Has anyone used CKO_VENDOR_DEFINED to create a key or a data object? There is hardly any documentation (including the mother load from Oasis) about how to do it, or which attributes are applicable/not-applicable. Unfortunately, but hopefully understandably, I can not describe exactly what I am trying to do. But the gist of it is that I need to be able to have a bit more attribute<=>mechanism flexibility with our kind of keys and the ability to modify a key on the token. I'd really appreciate

问题 I'm trying to implement some demo of XML signing with a certificate which stored in the HSM. I found some interesting example from this link: Sign XML Document with X509Certificate2 and modified it to using certificate and key inside the HSM with PKCS11Interop wrapper. But anyone could give me a suggestion or example to convert ObjectHandle privateKey from HSM to SignedXML.SigningKey private static void SignXmlWithCertificate(XmlDocument xmlDoc, X509Certificate2 cert, Session session, String

问题 I am trying to do POC on SoftHSM 2 , but some how I am getting below issue . Exception in thread "main" java.security.ProviderException: Initialization failed at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:376) at sun.security.pkcs11.SunPKCS11.<init>(SunPKCS11.java:103) at SoftHSM.main(SoftHSM.java:50) Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_SLOT_ID_INVALID at sun.security.pkcs11.wrapper.PKCS11.C_GetSlotInfo(Native Method) at sun.security.pkcs11.SunPKCS11.<init>

问题 I trying to use the j2pkcs11.dll (packaged with jdk1.8.0 - 64bit) to access certificates stored on a smartcard but not unable to make it work. --- sample code to add the SunPKCS11 provider dynamically --- String pkcs11ConfigSettings = "name = " + "TestSmartCard" + "\n" + "library = " + "C:/jdk1.8.0_11/jre/bin/j2pkcs11.dll"; byte[] pkcs11ConfigBytes = pkcs11ConfigSettings.getBytes(); ByteArrayInputStream confStream = new ByteArrayInputStream(pkcs11ConfigBytes); Provider p = new sun.security

问题 Code: String pkcs11cfg = "pkcs11.cfg"; Provider p = new SunPKCS11(pkcs11cfg); Security.addProvider(p); KeyStore ks = KeyStore.getInstance("PKCS11", p); ks.load(null, pin); System.out.println(ks.size()); // prints 0 cfg: name = pkcs11Test library = /usr/local/lib/libsofthsm.so slot = 1 The problem is that I have some key pairs, I added them with pkcs11-tool. The version of softhsm is 1.2.1 Why there aren't any aliases in the KeyStore? How to fix this? 回答1: We will release SoftHSM 1.3.0 soon.

问题 the following code creates a client authenticated SSL context using PKCS#11 device (smart card). It all works great with Java 6: // Configure the SunPkcs11 provider String pkcs11config; pkcs11config = "name = Cryptoki"; pkcs11config += "\nlibrary = /SCDriver/libbit4ipki.dylib"; InputStream confStream = new ByteArrayInputStream(pkcs11config.getBytes()); SunPKCS11 sunpkcs11 = new SunPKCS11(confStream); Security.addProvider(sunpkcs11); // Specify keystore builder parameters for PKCS#11 keystores

问题 My application is accessing e-Token for decrypting the response coming from the server The session key from the server is encrypted using :- RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING I am using SunPKCS11 Provider for implementing the access to crypto token. Whenever i try to decrypt this using the above mechanishm i.e. with RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING i am getting :- **javax.crypto.BadPaddingException: doFinal() failed at sun.security.pkcs11.P11RSACipher.implDoFinal(P11RSACipher.java

问题 My application is accessing e-Token for decrypting the response coming from the server The session key from the server is encrypted using :- RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING I am using SunPKCS11 Provider for implementing the access to crypto token. Whenever i try to decrypt this using the above mechanishm i.e. with RSA/ECB/OAEPWITHSHA-256ANDMGF1PADDING i am getting :- **javax.crypto.BadPaddingException: doFinal() failed at sun.security.pkcs11.P11RSACipher.implDoFinal(P11RSACipher.java

问题 I have initialized the SunPKCS11 provider by: Provider provider = new sun.security.pkcs11.SunPKCS11("path_to_pkcs11.cfg"); Security.addProvider(provider); And then I'm using this provider to initialize a KeyStore to use a key for cipher operations. KeyStore ks = KeyStore.getInstance("PKCS11", provider); ks.load(null, "password".toCharArray()); Once I'm done with the cipher operations, how should I finalize the session with the PKCS11 token? I have tried removing the Provider, but it didn't