JAVA Toolkit
| home | contact

Smartcard Integration

To, for instance, use a RSA PKCS#1v1.5 compliant smartcard for signature
calculatuion only, you may extend the IAIK-CMS IaikProvider and override
method calculateSignatureFromSignedAttributes , e.g.:

public class MySecurityProvider extends IaikProvider {
   ...
  public byte[] calculateSignatureFromSignedAttributes(
      AlgorithmID signatureAlgorithm, 
      AlgorithmID digestAlgorithm, 
      PrivateKey privateKey, 
      byte[] signedAttributes)      
    throws NoSuchAlgorithmException,
               InvalidKeyException, 
               SignatureException {
          
    byte[] signatureValue = null;
    // get the implementation name: RSA?
    String implementationName = 
         signatureAlgorithm.getImplementationName();
    if (implementationName == IMPLEMENTATION_NAME_RSA) {
      // let the smartcard calculate the signature value
      byte[] signatureValue = ...;     
    } else {
      signatureValue = 
          super.calculateSignatureFromSignedAttributes(
                                          signatureAlgorithm, 
                                          digestAlgorithm, 
                                          privateKey, 
                                          signedAttributes);
    } 
    return signatureValue;
  } 
}

Now tell the IAIK-CMS libary to use your SecurityProvider implementation: 

MySecurityProvider mySecurityProvider = ...;
SecurityProvider.setSecurityProvider(mySecurityProvider);

Note that you also may install a SecurityProvider per CMS object. See our

SecurityProvider description
and the IAIK-CMS Javadoc for more detailed information.

If the smartcard or HSM your are using supports the PKCS#11 standard,
you may use our PKCS#11 provider
to access it from your Java™ application.

 
 
print    tip a friend
back to previous page back  |  top to the top of the page