What is the Security token?
A security token (or sometimes a hardware token, authentication token, USB token, cryptographic token, software token, virtual token, or key fob) may be a physical device that an authorized user of computer services is given to ease authentication. The term may also refer to software tokens.
Security tokens are used to prove one's identity electronically (as in the case of a customer trying to access their bank account). The token is used in addition to or in place of a password to prove that the customer is who they claim to be. The token acts like an electronic key to access something.
Some may store cryptographic keys, such as a digital signature, or biometric data, such as fingerprint minutiae. Some designs feature tamper resistant packaging, while others may include small keypads to allow entry of a PIN or a simple button to start a generating routine with some display capability to show a generated key number. Special designs include a USB connector, RFID functions or Bluetooth wireless interface to enable transfer of a generated key number sequence to a client system.
In this post, USB token is mentioned and it is usually used for document signing, data signing, data encryption...Java supports many objects, classes to solve security problems (digital signature, encryption/decryption, authentication...). Today, I will show you how to use SunPKCS11 java class with USB Token.
package com.it4shared.pkcs11demo;
import java.io.ByteArrayInputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.Provider;
import java.security.PublicKey;
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Enumeration;
import java.util.List;
import java.util.UUID;
public class PKCS11Demo {
/**
* @param args
*/
public static void main(String[] args) {
// TODO Auto-generated method stub
try {
// PKCS#11 Module
String pkcs11Module = "C:/Windows/System32/viettel-ca_v4.dll";
// Define your slot of device
int slotId = 1;
// PIN code protects keypair on device
String pinCode = "viettel-ca";
UUID uuid = UUID.randomUUID();
String aliasKey = "";
String configValue = "name = PROVIDER" + uuid.toString() + "\r\nlibrary = " + pkcs11Module + "\r\nslot = " + slotId + "\r\ndisabledMechanisms={ CKM_SHA1_RSA_PKCS }\r\n";
Provider p = new sun.security.pkcs11.SunPKCS11(new ByteArrayInputStream(configValue.getBytes()));
Security.addProvider(p);
KeyStore keystore = null;
keystore = KeyStore.getInstance("PKCS11", p);
keystore.load(null, pinCode.toCharArray());
Enumeration aliases = keystore.aliases();
List listKey = new ArrayList();
while(aliases.hasMoreElements()) {
aliasKey = aliases.nextElement();
System.out.println(aliasKey);
}
// Get PrivateKey
PrivateKey privateKey = (PrivateKey) keystore.getKey(aliasKey, pinCode.toCharArray());
// Get Certificate
X509Certificate x509Cert = (X509Certificate) keystore.getCertificate(aliasKey);
// Get PublicKey
PublicKey publicKey = x509Cert.getPublicKey();
} catch (Exception e) {
e.printStackTrace();
}
}
}
You have been gotten 3 objects PrivateKey, PublicKey and X509Certificate. These objects are important if you want to some security issues such as data signing, documents signing, data encryption/decryption...
In the further post, I will show you how to do them in Java.
NOTE: If you get this error
Access restriction: The constructor SunPKCS11(InputStream) is not accessible due to restriction on required library C:\Program Files (x86)\Java\jre6\lib\ext\sunpkcs11.jar
Don't worry, just follow these steps:
In Eclipse, choose your project and right click and open Properties dialog for this project. Select "Java Build Path" in left column, remove the current JRE System Library.
Then, select "Add Library".
Select "JRE System Library" and click Next
Click Finish to close dialog.
And select OK to complete.
After complete these steps above, you may not meet this error any more.
No comments:
Post a Comment