问题
Information :
- There are two signature mechanisms for EBICS, A005 and A006. EBICS specification > 2017-03-29-EBICS V 3.0-FinalVersion.pdf
- For EBICS A005, we have been using SHA256withRSA signature algorithm. It is working.
- SafeNet eToken 5110 is used to sign data files. It is based on PKCS11 standard. Its driver/software is called "SafeNet Authentication Client".
Problem and questions :
- SafeNet eToken 5110 is very slow with SHA256withRSA algorithm at the code
signer.update(data);. No problem if we change the algorithm to SHA512withRSA. No problem with other version of eToken "3SKey basic token (eToken PRO)". Do you know if other persons have met this same problem? or only just us? What is the solution? - Because we cannot find solution at the moment, we are looking at EBICS A006 hoping that it will be faster. However, haven't found a way to develop Java code for it. Don't know the algorithm name to use. I have tried IAIK but it couldn't connect with native library libeTPkcs11.so or eTPKCS11.dll. BouncyCastle doesn't work with PKCS11. Do you have any advices? Thank you.
Code with SunPKCS11 (works but slow at .update(...))
String pkcs11config;
pkcs11config = ....
ByteArrayInputStream confStream = new ByteArrayInputStream(pkcs11config.getBytes());
SunPKCS11 provider = new SunPKCS11(confStream);
Security.addProvider(provider);
char[] password = "....".toCharArray();
String alias = "...";
PrivateKey privateKey = (PrivateKey) keystore.getKey(alias, password);
Signature signer = Signature.getInstance("SHA256withRSA", keystore.getProvider());
signer.initSign(privateKey);
String data = "Hello world......";
signer.update(data.getBytes()); // SLOW HERE! THE BIGGER THE DATA, THE SLOWER IT IS.
byte[] signedData = signer.sign();
Code tried with IAIK:
String pwd = System.getProperty("user.dir");
String dllFile = pwd + "/libeTPkcs11.so";
Module m = Module.getInstance(dllFile);
=> error : Exception in thread "main" java.lang.UnsatisfiedLinkError: no pkcs11wrapper in java.library.path
来源:https://stackoverflow.com/questions/48285322/java-pkcs11-safenet-etoken-5110-slow-and-how-to-code-for-ebics-signature-me