5
Dec
MS CAPI and Java (JCE SunMSCAPI)
Author: rberthou
Description
This news is the following of “How to signing a PDF with Java”
I continu my research to use certificate available in the MS Windows Keystrore.I wanted to use a certificate stored in a card (use for MS Windows signe on).
Thanks to these researchs I discovered that with JDK 6 it is very simple to use the MSCAPI‘s API .
With Java SE 6 you have a large choice of tools and it is configurate with most of crypto “providers” as SunMSCAPI Provider (see $JRE_HOME/lib/security/java.security ).
#
# List of providers and their preference orders (see above):
#
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
security.provider.6=com.sun.security.sasl.Provider
security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.8=sun.security.smartcardio.SunPCSC
security.provider.9=sun.security.mscapi.SunMSCAPI
Services supported by SunMSCAPI
| Type |
Name |
Description |
| KeyPairGenerator |
|
Generates RSA key pairs needed by other cryptographic services such as Signature and Cipher. |
| Signature |
- SHA1withRSA
- MD5withRSA
- MD2withRSA
|
Creates and validates signatures using various message digest and encryption algorithm as specified in the service name. |
| Cipher |
|
Performs RSA encryption and decryption. |
| KeyStore |
|
Provides direct read-write access to MS Window’s keystores. The Windows-MY keystore contains the user’s private keys and the associated certificate chains. The Windows-ROOT keystore contains all root CA certificates trusted by the machine. |
| SecureRandom |
|
Generates random numbers for the random data that other cryptographic services need. |
Warning :By using this API I saw that the PIN’s code is asked even if you pass it in the code. (I think it should be a bug in drivers card readers) .
Exemple
try {
KeyStore ks = KeyStore.getInstance("Windows-ROOT");
ks.load(null, null) ;
java.util.Enumeration en = ks.aliases() ;
while (en.hasMoreElements()) {
String aliasKey = (String)en.nextElement() ;
Certificate c = ks.getCertificate(aliasKey) ;
System.out.println("---> alias : " + sss) ;
System.out.println(" Certificat : " + c.toString() ) ;
if (aliasKey.equals("myKey") ) {
PrivateKey key = (PrivateKey)ks.getKey(aliasKey, "monPassword".toCharArray());
Certificate[] chain = ks.getCertificateChain(aliasKey);
}
}
} catch (Exception ioe) {
System.err.println(ioe.getMessage());
} |
Voir aussi
http://java.sun.com/developer/technicalArticles/J2SE/security/
http://java.sun.com/javase/6/docs/technotes/guides/security/crypto/CryptoSpec.html
One Response pour"MS CAPI and Java (JCE SunMSCAPI)"
You said “Warning :By using this API I saw that the PIN’s code is asked even if you pass it in the code. (I think it should be a bug in drivers card readers) .”
The MSCapi keystore ignores any pin you pass in. From the docs: “A compatibility mode is supported for applications that assume a password must be supplied. It permits (but ignores) a non-null password.”
Ajouter une réponse