PKCS#11 Keystore Support (Smartcard)
Hi,
We need Smartcards Suppport for WSS signing and decrypting. Our Smartcards come with a dll which implements the PKCS#11 interface. Sun added a JCE Provider which can be used to integrate a PKCS#11 dll to the JDK/JRE (see http://java.sun.com/javase/6/docs/techn ... guide.html). The Sun PKCS#11 Provider makes it possible to access a PKCS#11 Token as a java.security.KeyStore.
Therefore, it should be possible to add PKCS#11 support for WSS by reusing most of the existing code. IMHO, the feature could be implemented so that the user can add a Keystore for a PKCS#11 dll on the "Project/SecurityConfiguration/Keystores" Tab.
The attached sample code demonstrates how to create a Keystore for a PKCS#11 dll and how to implement the password callback. The user should not be forced to store his smartcard password in the config.
The smartcard support could also be implemented by using the windows native keystore (Microsoft CryptoAPI, works only on MS Windows):
KeyStore ks = KeyStore.getInstance("Windows-MY");
ks.load(null, null);
The password callback is performed by the native keystore. See http://java.sun.com/developer/technical ... index.html for details.
Regards,
Matthias
We need Smartcards Suppport for WSS signing and decrypting. Our Smartcards come with a dll which implements the PKCS#11 interface. Sun added a JCE Provider which can be used to integrate a PKCS#11 dll to the JDK/JRE (see http://java.sun.com/javase/6/docs/techn ... guide.html). The Sun PKCS#11 Provider makes it possible to access a PKCS#11 Token as a java.security.KeyStore.
Therefore, it should be possible to add PKCS#11 support for WSS by reusing most of the existing code. IMHO, the feature could be implemented so that the user can add a Keystore for a PKCS#11 dll on the "Project/SecurityConfiguration/Keystores" Tab.
The attached sample code demonstrates how to create a Keystore for a PKCS#11 dll and how to implement the password callback. The user should not be forced to store his smartcard password in the config.
The smartcard support could also be implemented by using the windows native keystore (Microsoft CryptoAPI, works only on MS Windows):
KeyStore ks = KeyStore.getInstance("Windows-MY");
ks.load(null, null);
The password callback is performed by the native keystore. See http://java.sun.com/developer/technical ... index.html for details.
Regards,
Matthias