[prev in list] [next in list] [prev in thread] [next in thread]
List: wss4j-dev
Subject: Signature with PKCS11 (smartcards)
From: "Cristian Opincaru" <cristian.opincaru () gmail ! com>
Date: 2006-10-20 16:16:16
Message-ID: 9033a2b0610200916o7fc3048bi6e00faa04e94d61 () mail ! gmail ! com
[Download RAW message or body]
Hi,
I'm trying to sign some parts of a SOAP message using a Smartcard. My code
looks something like this:
// Load the keystore
KeyStore ks = KeyStore.getInstance("PKCS11");
String pin = "1234";
ks.load(null, pin.toCharArray());
Merlin crypto = (Merlin) CryptoFactory.getInstance("
org.apache.ws.security.components.crypto.Merlin",(Properties) null);
crypto.setKeyStore(ks);
// Sign the body & insert the signature
org.apache.ws.security.SOAPConstants soapConstants =
org.apache.ws.security.SOAPConstants.SOAP11_CONSTANTS;
WSSecSignature signer = new WSSecSignature();
signer.setUserInfo(username, password);
signer.setUseSingleCertificate(true);
Vector parts = new Vector();
WSEncryptionPart part = new WSEncryptionPart(
soapConstants.getBodyQName().getLocalPart(),
soapConstants.getEnvelopeURI(),
"Content");
parts.add(part);
signer.setParts(parts); // this is optional since the body is
signed by default
envelope = signer.build(envelope, crypto, hSec);
Now, when I try to sign, I get the following exception:
org.apache.ws.security.WSSecurityException: Signature creation failed;
nested exception is:
org.apache.xml.security.signature.XMLSignatureException: Supplied key (
sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
Original Exception was
org.apache.xml.security.signature.XMLSignatureException: Supplied key (
sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
Original Exception was java.security.InvalidKeyException: Supplied key (
sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
at org.apache.ws.security.message.WSSecSignature.computeSignature(
WSSecSignature.java:603)
at org.apache.ws.security.message.WSSecSignature.build(
WSSecSignature.java:668)
at de.unibw.s3f.client.authentication.TestX509AndLicenseToken.main(
TestX509AndLicenseToken.java:167)
Caused by: org.apache.xml.security.signature.XMLSignatureException: Supplied
key (sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey
instance
Original Exception was
org.apache.xml.security.signature.XMLSignatureException: Supplied key (
sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
Original Exception was java.security.InvalidKeyException: Supplied key (
sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
at org.apache.ws.security.message.WSSecSignature.computeSignature(
WSSecSignature.java:599)
... 2 more
Any ideas? It might be, that the private key (which is stored on the
smartcard) is unextractable ...
Any help is welcomed!
Cheers,
Cristian
--
Cristian OPINCARU
University of the Federal Armed Forces Munich
http://www.unibw.de/cristian.opincaru
[Attachment #3 (text/html)]
Hi,<br><br>I'm trying to sign some parts of a SOAP message using a Smartcard. My code \
looks something like this:<br><br><br><br> \
// Load the keystore \
<br> \
KeyStore ks = KeyStore.getInstance ("PKCS11");<br> \
String pin = \
"1234";<br> \
ks.load(null, pin.toCharArray());<br> \
\
<br> Merlin crypto = (Merlin) \
CryptoFactory.getInstance("org.apache.ws.security.components.crypto.Merlin \
",(Properties) null);<br> \
crypto.setKeyStore(ks);<br><br> \
// Sign the body & insert the \
signature \
<br> \
org.apache.ws.security.SOAPConstants soapConstants = \
org.apache.ws.security.SOAPConstants.SOAP11_CONSTANTS ;<br> \
WSSecSignature signer = new \
WSSecSignature();<br> \
signer.setUserInfo(username, password); \
<br> \
signer.setUseSingleCertificate(true); \
\
<br> \
Vector parts = new \
Vector();<br> \
WSEncryptionPart part = new \
WSEncryptionPart(soapConstants.getBodyQName().getLocalPart(),<br> \
\
&n \
bsp; &nbs \
p; \
soapConstants.getEnvelopeURI (),<br> \
& \
nbsp; &nb \
sp; \
"Content");<br> \
parts.add(part);<br> \
signer.setParts(parts); // this is optional since the body is signed by \
default \
<br> \
envelope = signer.build(envelope, crypto, hSec);<br clear="all"><br>Now, when I try \
to sign, I get the following \
exception:<br><br>org.apache.ws.security.WSSecurityException: Signature creation \
failed; nested exception is: <br> \
org.apache.xml.security.signature.XMLSignatureException: Supplied key \
(sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey \
instance<br>Original Exception was \
org.apache.xml.security.signature.XMLSignatureException : Supplied key \
(sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey \
instance<br>Original Exception was java.security.InvalidKeyException: Supplied key \
(sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance \
<br> at \
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:603)<br> \
at org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:668)<br> \
at de.unibw.s3f.client.authentication.TestX509AndLicenseToken.main \
(TestX509AndLicenseToken.java:167)<br>Caused by: \
org.apache.xml.security.signature.XMLSignatureException: Supplied key \
(sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey \
instance<br>Original Exception was \
org.apache.xml.security.signature.XMLSignatureException : Supplied key \
(sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey \
instance<br>Original Exception was java.security.InvalidKeyException: Supplied key \
(sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance \
<br> at org.apache.xml.security.signature.XMLSignature.sign(Unknown \
Source)<br> at \
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:599)<br> \
... 2 more<br><br>Any ideas? It might be, that the private key (which is stored on \
the smartcard) is unextractable ... <br><br>Any help is \
welcomed!<br><br>Cheers,<br>Cristian<br><br>-- <br>Cristian OPINCARU<br>University of \
the Federal Armed Forces Munich<br><a \
href="http://www.unibw.de/cristian.opincaru">http://www.unibw.de/cristian.opincaru \
</a>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic