Re: [Javamail-crypto-devel] PKCS11 and javamail-crypto
Status: Beta
Brought to you by:
akp
Menu
▾
▴
Re: [Javamail-crypto-devel] PKCS11 and javamail-crypto
|
From: allen p. <al...@su...> - 2011-05-30 21:35:57
|
Hi.
Sorry--the SMIME support in the javamail-crypto API requires that the keys
be stored in a PKCS#12 format.
I don't think that there's an actual technical requirement for that, though.
In theory you could write a provider that took something in PKCS#11 format
and use it.
Anyway--the code from the SMIMEEncryptionKeyManager is just
BouncySMIMEEncryptionKey ek = new BouncySMIMEEncryptionKey();
Certificate[] chain = privateKeyStore.getCertificateChain(alias);
ek.setCertificateChain(chain);
PrivateKey privKey = (PrivateKey)privateKeyStore.getKey(alias,
password);
ek.setDisplayAlias(alias);
ek.setKey(privKey);
return ek;
So if you can get the key and Certificate chain from your token with the
code Pavan sent, then you can create a BouncySMIMEEncryptionKey and then
pass it in. That should work, even if it's a bit more hacky than it should
be.
-allen
On Fri, May 27, 2011, 11:48, Victor Sterpu <vi...@ca...> wrote
>I tried.
>I can succesfully compile, but at run time the error is:
>
>java.lang.ClassCastException: sun.security.pkcs11.P11Key$P11PrivateKey
>cannot be cast to net.suberic.crypto.bouncycastle.BouncySMIMEEncryptionKey
> at
>net.suberic.crypto.bouncycastle.SMIMEEncryptionUtils.signMessage(SMIMEEncry
ptionUtils.java:248)
> at signmessage.signmessage.main(signmessage.java:98)
>
>
>On 27.05.2011 15:52, pavankumar wrote:
>> Victor,
>>
>> I don't know how to replace this line
>> smimeKeyMgr.loadPrivateKeystore(new
>> FileInputStream(new File("./id.p12")), smimePw);
>>
>> smimeKeyMgr is used to get the privateKey in the next step.
>>
>> so try below code to get the *PrivateKey*.. this will serve your purpose
>>
>>
>> // get the certificate
>> X509Certificate cert =(X509Certificate)
>> ks.getCertificate(certificateAlias);
>>
>> // get the private key from the keystore.
>> PrivateKey privateKey = (PrivateKey)
>> ks.getKey(certificateAlias,privateKeyPass.toCharArray());
>>
>> Hope this helps.
>> *_
>> _*
>> */_Pavan Kumar Reddy K __/*
>> *Manage**Engine *| *Z**O**H**O* Dev Center - India
>> /www.zoho.com <https://www.zoho.com/>, www.manageengine.com
>> <http://www.manageengine.com/>./
>> */
>> /*
>> */This message is for the designated recipient only and may contain
>> privileged, proprietary, or otherwise private information. If you have
>> received it in error, please notify the sender immediately and delete
>> the original. Any other use of the email by you is prohibited./*
>> /
>> /
>> /*
>> */
>> /*Save Paper, Save Trees*./
>> /Please consider your environmental responsibility before printing
>> this e-mail./
>>
>>
>> ---- On Fri, 27 May 2011 16:41:55 +0530 *Victor Sterpu
>> <vi...@ca... <mailto:vi...@ca...>>* wrote ----
>>
>> Can I sign SMIME a message using a PKCS11 token?
>> I have started from this example
>> http://javamail-crypto.sourceforge.net/examples/SignMessage.java.
>> I don't know how to replace this line
>> smimeKeyMgr.loadPrivateKeystore(new FileInputStream(new
>> File("./id.p12")), smimePw);
>> With something that includes my private key from the token.
>>
>> I know the private key from PKCS11 can't be extracted.
>> This is my code for accesing the token.
>>
>> KeyStore keystorePkcs11;
>> keystorePkcs11 = KeyStore.getInstance("pkcs11");
>> keystorePkcs11.load(null, PASSWORD_PKCS11);
>> Enumeration aliasesEnum = keystorePkcs11.aliases();
>> String alias = (String) aliasesEnum.nextElement();
>> X509Certificate cert = (X509Certificate)
>> keystorePkcs11.getCertificate(alias);
>> Key key = keystorePkcs11.getKey(alias, null);
>> PrivateKey smimeKey = (PrivateKey) key;
>>
>> Thank you
>>
>>
----------------------------------------------------------------------------
--
>>
>> vRanger cuts backup time in half-while increasing security.
>> With the market-leading solution for virtual backup and recovery,
>> you get blazing-fast, flexible, and affordable data protection.
>> Download your free trial now.
>> http://p.sf.net/sfu/quest-d2dcopy1
>> _______________________________________________
>> Javamail-crypto-devel mailing list
>> Jav...@li...
>> <mailto:Jav...@li...>
>> https://lists.sourceforge.net/lists/listinfo/javamail-crypto-devel
>>
>>
>
>
|
