[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[iaik-jce] Crypto library questions



Hello,

we are engineering a PKI infrastructure for a major player in the
insurance/financial industry. We therefore are evaluating Java SSL and
Java Crypto (JCE+PKCSx+Smartcard) libraries. Our emphasis (in addition
to expecting reliably working libraries, of course ;-) is on the three
features below. Please let us know how IAIK can meet our requirements.

Required features:
(1) PKCS12 and related PKCSx implementations
(2) Pluggable Socket factories (SSL)
(3) Integration of a Cryptocard (SmartCard)

1. PKCS 12
-------------
We parsed pkcs12 files from various sources (IE, Netscape, other
libraries) with source code similar to this:

      iaik.pkcs.pkcs12.PKCS12 pkcs12 = new iaik.pkcs.pkcs12.PKCS12(new FileInputStream(file));
      pkcs12.decrypt(password);

None of the files passed. Thus, the reliability does not meet the
promises found in the documentation. Here is a selection of the stack
traces we got with certificates from different sources (NS, IE, other
Crypto toolkit):

java.lang.ArrayIndexOutOfBoundsException
        at iaik.asn1.ConstructedType.getComponentAt(Compiled Code)
        at iaik.pkcs.pkcs8.PrivateKeyInfo.getPrivateKey(Unknown Source)
        at iaik.pkcs.pkcs8.PrivateKeyInfo.getPrivateKey(Unknown Source)
        at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.decrypt(Unknown Source)
        at iaik.pkcs.pkcs12.PKCS8ShroudedKeyBag.decrypt(Unknown Source)
        at iaik.pkcs.pkcs12.AuthenticatedSafe.decrypt(Compiled Code)
        at iaik.pkcs.pkcs12.PKCS12.decrypt(Compiled Code)
        at test.TestIAIK.IAIKPKCS12Test(TestIAIK.java:29)
        at test.Test.runTest(Compiled Code)
        at test.Test.main(Test.java:24)

*****************
iaik.asn1.CodingException: ASN.1 creation error:ASN.1 creation
error:Length: Too large ASN.1 object: 104
iaik.pkcs.PKCSException: iaik.asn1.CodingException: ASN.1 creation
error:ASN.1 creation error:Length: Too large ASN.1 object: 104
        at iaik.pkcs.pkcs12.AuthenticatedSafe.decrypt(Compiled Code)
        at iaik.pkcs.pkcs12.PKCS12.decrypt(Compiled Code)
        at test.TestIAIK.IAIKPKCS12Test(TestIAIK.java:29)
        at test.Test.runTest(Compiled Code)
        at test.Test.main(Test.java:24)


2. Socket Plugability (SSL)
---------------------------
We need the ability to provide our own sockets which are used
by the SSL sockets. This may be realized either as a callback
Socket factory which is used by your SSL Socket class in its
constructor, or the constructor of your socket classes itself
may take an already existing Socket object as an additional
parameter.


3. Crypto Card
---------------
We plan to use a crypto token capable of all relevant public
key operations as a JCE crypto provider. Do you see any
obstacles that could possibly keep us from doing that?

Best regards


--
? Can't validate my digital signature ?
! Accept Swisskey as a valid CA at http://www.swisskey.ch !

S/MIME Cryptographic Signature