Sunday, June 23, 2013
Reviews Accessing Contact Smart Card
From version 5.0 onwards of the Java 2 platform, each of these versions have built-in access support. This smart access is performed via the PKCS#11 interface (Cryptographic Token Interface Standard); the interaction with it is established through the cryptographic services provider, "Sun PKCS#11 Provider"
Unlike most Java Cryptography Architecture (JCA) providers, the Sun PKCS#11 Provider does not implement the cryptographic functionality directly; it relies on a native PKCS#11 implementation to which it forwards all operations. This implementation must be available as a .dll file in Windows or a .sofile in UNIX and Linux. For example, if you use the Utimaco SafeGuard Smartcard Provider for Windows, the PKCS#11 implementation is the library pkcs201n.dll.
Configuring the Sun PKCS#11 Provider
It is important to remember that, to be used, the Sun PKCS#11 Provider must first be registered as a cryptographic services provider in JCA. The registration can be performed statically or dynamically. The following two sections will demonstrate how to both dynamically and statically register this provider.
You will not see a big difference between signing in with a Contact Smart Card than you would by using a "PFX" file. In fact, the only difference is in the way of instantiating the certificate keystore. When operating with PKCS#12, the keystore is loaded from a PFX file, and when operating with a Contact Smart Card, the store is loaded from the card through the PKCS#11 interface. The other difference is that instead of an access password, a Contact Smart Card is required to have the PIN code. Everything else is the same, from the loading of the certificate to the signing of the file.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment