Hi, Jack, Our end goal is to have the RSA private key on the device be part of our SSL handshake. If that means actually extracting the private key from the device, that's okay. But I suspect instead the device will actually always keep the private key to itself, and will actually do part of the SSL handshake itself. That's the only way it makes sense to me. But yeah, ultimately, the RSA private key has to be involved in our SSL session. (Are you able to extract the RSA Private Key??? It should contain at least the 6 integers just like we see here: http://java.sun.com/j2se/1.5.0/docs/api/java/security/spec/RSAPrivateCrtKeySpec.html )
Anyway, can you run this code for me, and report back any problems? Don't forget to create a java "pkcs11.cfg" file using this as a reference: http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html#Config Look like the java "pkcs11.cfg" file you create will tell Java to go look in that Windows DLL file. public static void main( String[] args ) throws Exception { String configName = "/path/to/pkcs11.cfg"; Provider p = new sun.security.pkcs11.SunPKCS11(configName); Security.addProvider(p); char[] pin = "secret".toCharArray(); KeyStore ks = KeyStore.getInstance("PKCS11"); ks.load(null, pin); System.out.println( ks ); } yours, Julius On 12/2/06, Julius Davies <[EMAIL PROTECTED]> wrote:
ps. looks like this is the format for the config file: http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html#Config On 12/2/06, Julius Davies <[EMAIL PROTECTED]> wrote: > Hi, Jack, > > I'm interested in working on this a little, if you'll indulge me. > I've never used a usbkey and I don't have one. So we'll probably have > to email a lot. > > For starters, does this work? No exceptions are thrown if the usb key > is plugged in, and a simple command-line Java program is run? (Maybe > try Java 5 or newer). > > // Using docs from: > // http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html > public static void main( String[] args ) throws Exception { > > String configName = "/opt/bar/cfg/pkcs11.cfg"; > Provider p = new sun.security.pkcs11.SunPKCS11(configName); > Security.addProvider(p); > > char[] pin = "secret".toCharArray(); > KeyStore ks = KeyStore.getInstance("PKCS11"); > ks.load(null, pin); > System.out.println( ks ); > } > > > And how do you want your user to enter the PIN? Can they put it in a > properties file (ick)? Or do you want some kind of Swing dialogue? > Or perhaps Java 6's new support for taking passwords on the console > (aka: standard-in) without echoing it back? > > Will the users be un-plugging and re-plugging the usbkey while the > Java program is running? > > yours, > > Julius > > > > > On 12/2/06, Jack Wang <[EMAIL PROTECTED]> wrote: > > I am new here, so excuse me if i have not read old mails carefully here. I think it is no problem > > to access normal ssl web site without usbkey certificate. But we can not obtain the private key in > > usbkey, so > > > > How can i access usbkey protected ssl web site ? > > Should I must use pkcs#11 to get the private key first ? > > When should I input the usbkey PIN password in the automation program ? > > > > Please give me some tips. Thanks in advance. > > > > wj > > > > > > > > ___________________________________________________________ > > 抢注雅虎免费邮箱-3.5G容量,20M附件! > > http://cn.mail.yahoo.com > >
-- yours, Julius Davies 416-652-0183 http://juliusdavies.ca/
