Signature with PKCS11 (smartcards)

Fri, 20 Oct 2006 09:16:40 -0700

Hi,

I'm trying to sign some parts of a SOAP message using a Smartcard. My code looks something like this:



            // Load the keystore           
            KeyStore ks = KeyStore.getInstance ("PKCS11");
            String pin = "1234";
            ks.load(null, pin.toCharArray());
                       
            Merlin crypto = (Merlin) CryptoFactory.getInstance("org.apache.ws.security.components.crypto.Merlin ",(Properties) null);
            crypto.setKeyStore(ks);

            // Sign the body & insert the signature           
            org.apache.ws.security.SOAPConstants soapConstants = org.apache.ws.security.SOAPConstants.SOAP11_CONSTANTS ;
            WSSecSignature signer = new WSSecSignature();
            signer.setUserInfo(username, password);           
            signer.setUseSingleCertificate(true);                                   
            Vector parts = new Vector();
            WSEncryptionPart part = new WSEncryptionPart(soapConstants.getBodyQName().getLocalPart(),
                                                         soapConstants.getEnvelopeURI (),
                                                         "Content");
            parts.add(part);
            signer.setParts(parts); // this is optional since the body is signed by default                   
            envelope = signer.build(envelope, crypto, hSec);

Now, when I try to sign, I get the following exception:

org.apache.ws.security.WSSecurityException: Signature creation failed; nested exception is:
    org.apache.xml.security.signature.XMLSignatureException: Supplied key (sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
Original Exception was org.apache.xml.security.signature.XMLSignatureException : Supplied key (sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
Original Exception was java.security.InvalidKeyException: Supplied key (sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
    at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:603)
    at org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:668)
    at de.unibw.s3f.client.authentication.TestX509AndLicenseToken.main (TestX509AndLicenseToken.java:167)
Caused by: org.apache.xml.security.signature.XMLSignatureException: Supplied key (sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
Original Exception was org.apache.xml.security.signature.XMLSignatureException : Supplied key (sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
Original Exception was java.security.InvalidKeyException: Supplied key (sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
    at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
    at org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:599)
    ... 2 more

Any ideas? It might be, that the private key (which is stored on the smartcard) is unextractable ...

Any help is welcomed!

Cheers,
Cristian

--
Cristian OPINCARU
University of the Federal Armed Forces Munich
http://www.unibw.de/cristian.opincaru

Reply via email to