[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] [Smartcard]Converting PKCS11Object to PrivateKey




Hi Diego,

don't think there's an easy way, PKCS11 and JCE are 2 different things...

However, their APĪ's are quite alike. So it's not that difficult to create
a new small
JCE provider of your own that implements the SignatureSpi interface and in
which
you use the PKCS11API.

Guess that's the only way...

Good luck,
Stef



Hello,
I have the following problem using smartcards for digital signatures:

I use the IAIK-JCE toolkit for cryptographic support (e.g:create
certificates,PKCS#7 messages,S/Mime,etc) and I must use the private key
from
the smartcard.

To access the smartcard I use PKCS11 for Java from IBM.

The problem actually is: the PKCS#11 library always return a PKCS11Object,
and in the case of a private key,this is an indirect reference to the key,
as seen as you cannot access the private key.
This object can be handled by the PKCS#11 library's (very basic)
crypto-functions.

On the other hand, when I need to create more complex objects, using the
IAIK toolkit (which doesn't support smartcards), I have to pass a
java.security.PrivateKey.

How could I do to make the key independent from the repository and make the
IAIK  API work as well?

Is is possible to use a "trick",a sort of cast?

Please help, because I have to implement a S/Mime message signed with a
smartcard-generated key and I'm now stuck with this.




Best Regards,
         Diego Pietralunga
         Laboratorio di Telematica per il Territorio - Parma
         E-Mail: Diego@ltt.it

--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-jce




--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-jce