[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-jce] Use of special Provider with S/MIME


for signature creation IAIK-S/MIME (and the PKCS#7 library of IAIK-JCE) uses
the cryptographic RSA engine of the first installed provider that is able to
perform the requested cryptograhic operation. The signature creation (digest
encryption) is done by means of a Cipher object using "RSA/ECB/PKCS1Pading"
as transformation string:

Cipher rsa = Cipher.getInstance("RSA/ECB/PKCS1Padding");
rsa.init(Cipher.ENCRYPT_MODE, privateKey);
encrypted_digest = rsa.doFinal(...);

For the given string "RSA/ECB/PKCS1Padding" the IAIK RSA-Cipher
implementatin automatically selects blocktype 1 for RSA encryption with a
private key. So it will be necessary that your provider also will use PKCS#1
version 1.5 blocktype 1 (padding with 0xff) padding. (The padding may be
done by the provider if not already performed by the card).
Furthermore it is reqiured that the card does not to the hashing itself. The
hash already is calculated and supplied to the card for being signed (i.e.
encrypted with the private key).

The private key supplied when creating a SignerInfo object (respectively
using method setSigner of class iaik.security.smime.SignedContent) will be
an instance of java.security.interfaces.RSAPrivateKey and will not be the
actual private key as that is contained in the smartcard. Instead it can be
an instance of an existing class containing dummy values or it can be your
own subclass of RSAPrivateKey containing information meaning e.g. use the
second key on the first smartcard. In any case, that key object will only be
used as a parameter to the cipher's init() method, no methods will be
invoked on it by the library at all.

Dieter Bratko

-----Ursprüngliche Nachricht-----
Von: iaik-jce-owner@iaik.tu-graz.ac.at
[mailto:iaik-jce-owner@iaik.tu-graz.ac.at]Im Auftrag von Torsten
Gesendet: Freitag, 11. August 2000 11:16
An: iaik-jce@iaik.tu-graz.ac.at
Betreff: [iaik-jce] Use of special Provider with S/MIME


I would like to use the IAIK-S/MIME package with a Smart card as holder of
my private key. I have already a JCE-provider with some signature algorithms
using the card. How have I to add this provider and which algorithms should
be implemented within this provider?


Torsten Schippel

This mail was sent using CryptoEx Private Edition (Freeware).
Authorized for non-commercial, non-governmental usage only.
(c) Glueck & Kanja GmbH, (c) SECUDE GmbH. All rights reserved.
For commercial licensing information visit http://www.cryptoex.com