pkcs#11

问题 So I have this c# webservice that eventuallly calls C_GetSlotList() method from the German Elster toolkit (Eric) thru some smartcard usb driver placed in system32 folder. I have a smartcard in the computer server. When I host my service in IIS Express everything works fine, however in IIS it doesn't. What could be the problem? Does something block IIS from accessing the driver? I made sure that the identity of the application pool I'm using has admin rights. I'm using Windows 7 professional

问题 We have written a document management system and would like to digitally sign documents using the web client. Our Java client application is already able to apply and check digital signature, but we would like to make signature even with our web client. This is written in GWT and so, when run on the client side, it is a JavaScript application. We not want to create a Java applet and download it on the client and execute it. We would like to use the browser security device or the browser API

问题 We are creating a three-factor authentication for a website due to a legal requirements in one Scandinavian country. The customer is using NetID branded browser plug-ins to do a PKCS #11 certificate authentication in the browser. The smartcards are supplied centrally by a partner on the customer. This subject does not have much on-line resources or tutorials available. Would someone have any pointers to example implementations or tutorials how to do PKCS11 authentication in a web browser?

问题 I am trying to compile an example c application that is using pkcs#11 to finds all the private keys on the token, and print their label and id, but getting following errors /tmp/ccAqQ7UI.o: In function initialize': pkcs11_example1.c:(.text+0x8e5): undefined reference to C_Initialize' /tmp/ccAqQ7UI.o: In function `get_slot': The example is taken from here compilling by using following command; `gcc pkcs11_example1.c -o slots -L /usr/lib/opensc-pkcs11.so` I am not sure which library i should

问题 In my C program, I generate a public/private key pair with the function C_GenerateKeyPair and a sensitive (secret) key with C_GenerateKey . The aim is to wrap the secret key with the public key, but when I call the function C_WrapKey , I get the error CKR_KEY_TYPE_INCONSISTENT . The code runs if I use another wrapping secret key with attributes Wrap and Encrypt set. The template used for the public key is the one proposed in PKCS#11 documentation: CK_SESSION_HANDLE hSession; CK_OBJECT_HANDLE

问题 How can we do transaction signing in mozilla firefox by loading PKCS#11 library to database. after some research i found about capicom library. but the thing is this library does not support with windows7 and higher versions. 回答1: you cannot use c code but you can do the same by java applets which are to be signed. Please refer http://www.nakov.com/books/signatures/Java-for-Digitally-Signing-Documents-in-Web-book-Nakov.html 回答2: Extension signTextJS does exactly what you need and can be

问题 I have an application created with Play 2.0. I implemented scribe-java library to use some OAuth services. Until today everything was fine but when I upgrade jdk and reboot the server I couldn't use scribe-java library. It seems it uses some classes like sun/security/pkcs11/P11Key and sun/security/pkcs11/Length in sun.security package but couldn't find it. "java -version" returns this: java version "1.7.0_03" OpenJDK Runtime Environment (IcedTea7 2.1.1pre) (7~u3-2.1.1~pre1-1ubuntu3) OpenJDK

问题 I want to access the currenly connected cryptography modules via an Firefox Addon. I found some interfaces that look like i can access the module, the slot and the token (1 → 2 → 3 → 4) but how can i access the public key of an certificate stored on such a token? Is there an such an API even available to an Addon? 回答1: nsIX509CertDB.idl provides the means to access all stored certificates, therefore also the ones accessed through crypto modules. To filter the certificates using the tokenName

问题 I am trying to create a browser application that will access a server which requires TLS Mutual Client Authentication. The application needs to be able to supply the client certificate and key via a PKCS#11 interface. Having looked at various articles on mutual tls for Android, I believe the PKCS#11 requirement rules out using the Android KeyChain/adding the certificates to the default keystore on Android (because the private key cannot be directly accessed). I have the PKCS#11 interface

问题 I have a system protected by SSL - and clients use a smartcard for accessing their certificate. I use java's pkcs11. I have posted this question here (even with bounty): pkcs11 sso (using prior windows login with smartcard) The same smartcard is used for windows login - and I would like to save the client the touble of re-logging using the smartcard (PIN). Many links I have read about this issue led me to the world of SSO: NTLM, Kerberose etc. I feel SSO is a bit an overspec for what I wanted