Julius Davies, Sorry, For the moment, I have no chance to test PKCS#11, for the security consideration, there is no dll file for java PKCS#11 to work. So It seems I have no way to work it out.
wj --- Julius Davies <[EMAIL PROTECTED]>写道: > Hi, Jack, > > Our end goal is to have the RSA private key on the device be part of > our SSL handshake. If that means actually extracting the private key > from the device, that's okay. But I suspect instead the device will > actually always keep the private key to itself, and will actually do > part of the SSL handshake itself. That's the only way it makes sense > to me. But yeah, ultimately, the RSA private key has to be involved > in our SSL session. (Are you able to extract the RSA Private Key??? > It should contain at least the 6 integers just like we see here: > http://java.sun.com/j2se/1.5.0/docs/api/java/security/spec/RSAPrivateCrtKeySpec.html > ) > > Anyway, can you run this code for me, and report back any problems? > Don't forget to create a java "pkcs11.cfg" file using this as a > reference: > > http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html#Config > > Look like the java "pkcs11.cfg" file you create will tell Java to go > look in that Windows DLL file. > > public static void main( String[] args ) throws Exception { > String configName = "/path/to/pkcs11.cfg"; > Provider p = new sun.security.pkcs11.SunPKCS11(configName); > Security.addProvider(p); > > char[] pin = "secret".toCharArray(); > KeyStore ks = KeyStore.getInstance("PKCS11"); > ks.load(null, pin); > System.out.println( ks ); > } > > > yours, > > Julius > --- Jack Wang <[EMAIL PROTECTED]>写道: > Hi, Julius Davies, > > I remember the last time's test, after I import the web's public cert key to > local jdk CACERTS, > when I access the https web site with the usbkey, it reports following > exception: > "javax.net.ssl.SSLHandshakeException: unknown certificate". I don't know > why. In this test > there > is no PIN input dialog, and I didn't import the usbkey public key to jdk > CACERTS, I simply use > the > following code: > > HttpClient httpclient = new HttpClient(); > GetMethod httpget = new GetMethod("https://.../";); > try { > httpclient.executeMethod(httpget); > System.out.println(httpget.getStatusLine()); > } finally { > httpget.releaseConnection(); > } > > So I wonder if I should get the private key or where should I input the PIN > password when I > access > the https web site. What steps should I do to access ssl web protected by > usbkey with httpclient > ? > > --- Julius Davies <[EMAIL PROTECTED]>写道: > > > ps. looks like this is the format for the config file: > > > > http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html#Config > > For the moment, I have no chance to test PKCS#11. It's said the usbkey's > JKCS#11 is closed for > the > security consideration. So only after I get the usbkey's PKCS#11 > implementation which is > contained > in a dll file, should I get the private key by calling java pkcs interface. > > > > > On 12/2/06, Julius Davies <[EMAIL PROTECTED]> wrote: > > > Hi, Jack, > > > > > > I'm interested in working on this a little, if you'll indulge me. > > > I've never used a usbkey and I don't have one. So we'll probably have > > > to email a lot. > > OK. I am very pleased. > > > > > > > For starters, does this work? No exceptions are thrown if the usb key > > > is plugged in, and a simple command-line Java program is run? (Maybe > > > try Java 5 or newer). > > Yes I use Java 5. There is no problem if I access http web site and https wbe > site without > usbkey > protected using httpclient. > > > > > > > // Using docs from: > > > // http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html > > > public static void main( String[] args ) throws Exception { > > > > > > String configName = "/opt/bar/cfg/pkcs11.cfg"; > > > Provider p = new sun.security.pkcs11.SunPKCS11(configName); > > > Security.addProvider(p); > > > > > > char[] pin = "secret".toCharArray(); > > > KeyStore ks = KeyStore.getInstance("PKCS11"); > > > ks.load(null, pin); > > > System.out.println( ks ); > > > } > > > > > > > > > And how do you want your user to enter the PIN? Can they put it in a > > > properties file (ick)? Or do you want some kind of Swing dialogue? > > > Or perhaps Java 6's new support for taking passwords on the console > > > (aka: standard-in) without echoing it back? > > There is no requirements as for how to input PIN. My only requirement is to > grasp all the data > spreaded in many html pages, these pages are passed in ssl and protected by > usbkey. > > > > > > > Will the users be un-plugging and re-plugging the usbkey while the > > > Java program is running? > > > > > I think the user can plug the usbkey first, and if needed he can input the > PIN password > manually, > then he runs my program. > > > > yours, > > > > > > Julius > > > > > > ___________________________________________________________ Mp3疯狂搜-新歌热歌高速下 http://music.yahoo.com.cn/?source=mail_mailbox_footer --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
