[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

R: [iaik-jce] PKCS11 and iaik - Private Key Conversion



Well, I just wanted to VERIFY the results,so I found a work-around in the
meantime.
I used SHA/RSA and MD5/RSA built-in functions,got the resulting byte
array,got the PUBLIC key from the smart card and made IAIK verify the
signature!
Actually, the difficult part was to make the (functionally equivalent)
"public keys" to match.
The one generated on the smart card is referred trough a PKCS11Object,while
IAIK wants a (Java)PublicKey!
Using IBM's library it's possible to export some "attributes"
and,specifically for the Public Key,the modulus and the exponent,which you
can then pass to iaik.security.rsa.RSAPublicKey(BigInteger
modulus,BigInteger public_exponent) to hava a key that IAIK accepts to
verify.

Regards,
	Diego Pietralunga

-----Messaggio originale-----
Da: Andreas Sterbenz [mailto:Andreas.Sterbenz@iaik.at]
Inviato: marted́ 21 novembre 2000 14.20
A: Diego Pietralunga; Iaik-Jce (E-mail)
Oggetto: Re: [iaik-jce] PKCS11 and iaik - Private Key Conversion


Our RSA code cannot know what to do with your PKCS#11 key. You need to
provide your own implementation of the RSA cipher or signature in order to
use it within the IAIK JCE.

 Andreas Sterbenz              mailto:Andreas.Sterbenz@iaik.at


----- Original Message -----
From: "Diego Pietralunga" <diego@ltt.it>
To: "Iaik-Jce (E-mail)" <iaik-jce@iaik.at>
Sent: Thursday, November 16, 2000 10:41 AM
Subject: [iaik-jce] PKCS11 and iaik - Private Key Conversion


> Hello,
>
> I'm working in a project involving digital signature using smart cards.
> I use IBM's PKCS11 classes (com.ibm.pkcs11) to access the token.
> Now that I've made the card perform some operations,I'd like to verify the
> results;specifically,I've performed SHA/RSA and
> MD5/RSA  signatures.
> The keys are generated on-board.
> If I try to use:
>
>   Signature sha_rsa = Signature.getInstance("SHA/RSA");
>
>   sha_rsa.initSign(  (PrivateKey ) rsaPrivateKey  );
>
>   sha_rsa.update(strToBeSigned.getBytes());
>
>   byte [] sha_rsa_signature = sha_rsa.sign();




--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-jce