trustedjava-support

[Trustedjava-support] Question about XKMS

[alberto f. c. <afe...@ho...>]

Hello, I=92m a student from Spain. I=92m working with Tommy Lindberg=B4s XK=
MS 2.0 server with a client that I=92ve designed with the package that I fo=
und in IAIK page (http://trustedjava.sourceforge.net/index.php?item=3Dxkms/=
readme). The package has the private key that I need, but I can=92t obtain =
it with java to send it to the server, in the package there are a public ke=
y, a private key and some certificates, but when I send a private key with =
a ProofOfPossesion to the server, for example to the Reissue service (this =
service always require the ProofOfPossesion), it always generates an error.
=20
The code that I use is the next one:
=20
Security.addProvider(new BouncyCastleProvider());
KeyFactory keyFactory =3D KeyFactory.getInstance("RSA", "BC");       =20
byte[] bufferPriv =3D new byte[5000];
FileInputStream in =3D new FileInputStream("privKey");
in.read(bufferPriv, 0 , 5000);       =20
in.close();
PKCS8EncodedKeySpec clavePrivadaSpec =3D new PKCS8EncodedKeySpec(bufferPriv=
);
PrivateKey clavePrivada =3D keyFactory.generatePrivate(clavePrivadaSpec);
System.out.println("Privada:"+clavePrivada);
=20
Thanks a lot.
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/=

Re: [Trustedjava-support] Question about XKMS

[Martin P. <Mar...@ia...>]

alberto fernandez castillo wrote:
> Hello, I’m a student from Spain. I’m working with Tommy Lindberg´s
> XKMS 2.0 server with a client that I’ve designed with the package that
> I found in IAIK page (http://trustedjava.sourceforge.net/index.php?item=xkms/readme).
> The package has the private key that I need, but I can’t obtain it with
> java to send it to the server, in the package there are a public key, a
> private key and some certificates, but when I send a private key with a
> ProofOfPossesion to the server, for example to the Reissue service
> (this service always require the ProofOfPossesion), it always generates
> an error.
>
> The code that I use is the next one:
> Security.addProvider(new BouncyCastleProvider());

IAIK XKMS requires IAIK-JCE as provider as documented in the README,
BouncyCastle is not supported/tested, if you want to use BC you are on
your own.


A demo code to import a private key would be (see also examples in IAIK-JCE docs):

  /**
   * Reads private key from PKCS8 file.
   */
  public static PrivateKey readPrivateKeyFromFile(String filename, String password) throws Exception {
    EncryptedPrivateKeyInfo epk = null;;
    epk = new EncryptedPrivateKeyInfo(new FileInputStream(filename));
    epk.decrypt(password);
    return epk.getPrivateKeyInfo();
  }



HTH

-- 
Martin Pirker
IAIK, TU Graz