这篇博客介绍了如何通过Java应用程序利用PKCS#11 API与数字签名电子令牌(e-token)进行交互。首先,你需要找到设备供应商提供的PKCS#11库(如.dll或.so文件)。然后,使用SunPKCS11提供程序来创建并加载密钥库,并用PIN码登录。最后,可以遍历并操作密钥库中的证书和私钥。
How to create the keystore from digital signature e-token? How crate the path of keystore? How to sign with the keystore in any document using java application?
解决方案
Cryptographic hardware devices can usually be interfaced via PKCS#11 API. You will need PKCS#11 library (.dll on Windows or .so on Unix) acting as a "device driver" which gets usually installed along with the software provided by the device vendor (consult your e-token documentation for the exact library location). You have mentioned "keystore" in your question therefore I guess you are using JAVA language and you can use SunPKCS11 provider to access PKCS#11 compatible cryptographic store. Here is the quick sample:
// Create instance of SunPKCS11 provider
String pkcs11Config = "name=eToken\nlibrary=C:\\path\\to\\your\\pkcs11.dll";
java.io.ByteArrayInputStream pkcs11ConfigStream = new java.io.ByteArrayInputStream(pkcs11Config.getBytes());
sun.security.pkcs11.SunPKCS11 providerPKCS11 = new sun.security.pkcs11.SunPKCS11(pkcs11ConfigStream);
java.security.Security.addProvider(providerPKCS11);
// Get provider KeyStore and login with PIN
String pin = "11111111";
java.security.KeyStore keyStore = java.security.KeyStore.getInstance("PKCS11", providerPKCS11);
keyStore.load(null, pin.toCharArray());
// Enumerate items (certificates and private keys) in the KeyStore
java.util.Enumeration aliases = keyStore.aliases();
while (aliases.hasMoreElements()) {
String alias = aliases.nextElement();
System.out.println(alias);
}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
