Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#238 PKCS#11 Keystore Support (Smartcard)

open
nobody
None
5
2009-10-14
2009-10-14
Matthias Germann
No

We need Smartcards Suppport for WSS signing and decrypting. Our Smartcards come with a dll which implements the PKCS#11 interface. Sun added a JCE Provider which can be used to integrate a PKCS#11 dll to the JDK/JRE (see http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html\). The Sun PKCS#11 Provider makes it possible to access a PKCS#11 Token as a java.security.KeyStore.

Therefore, it should be possible to add PKCS#11 support for WSS by reusing most of the existing code. IMHO, the feature could be implemented so that the user can add a Keystore for a PKCS#11 dll on the "Project/SecurityConfiguration/Keystores" Tab.

The attached sample code demonstrates how to create a Keystore for a PKCS#11 dll and how to implement the password callback. The user should not be forced to store his smartcard password in the config.

Discussion

  • Helper Class for loading a Keystore for a PKCS#11 Token

     
    Attachments
  • The smartcard support could also be implemented by using the windows native keystore (Microsoft CryptoAPI, works only on MS Windows):

    KeyStore ks = KeyStore.getInstance("Windows-MY");
    ks.load(null, null);

    The password callback is performed by the native keystore. See http://java.sun.com/developer/technicalArticles/J2SE/security/index.html for details.