'Signature with PKCS11 (smartcards)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       wss4j-dev
Subject:    Signature with PKCS11 (smartcards)
From:       "Cristian Opincaru" <cristian.opincaru () gmail ! com>
Date:       2006-10-20 16:16:16
Message-ID: 9033a2b0610200916o7fc3048bi6e00faa04e94d61 () mail ! gmail ! com
[Download RAW message or body]

Hi,

I'm trying to sign some parts of a SOAP message using a Smartcard. My code
looks something like this:



            // Load the keystore
            KeyStore ks = KeyStore.getInstance("PKCS11");
            String pin = "1234";
            ks.load(null, pin.toCharArray());

            Merlin crypto = (Merlin) CryptoFactory.getInstance("
org.apache.ws.security.components.crypto.Merlin",(Properties) null);
            crypto.setKeyStore(ks);

            // Sign the body & insert the signature
            org.apache.ws.security.SOAPConstants soapConstants =
org.apache.ws.security.SOAPConstants.SOAP11_CONSTANTS;
            WSSecSignature signer = new WSSecSignature();
            signer.setUserInfo(username, password);
            signer.setUseSingleCertificate(true);

            Vector parts = new Vector();
            WSEncryptionPart part = new WSEncryptionPart(
soapConstants.getBodyQName().getLocalPart(),

soapConstants.getEnvelopeURI(),
                                                         "Content");
            parts.add(part);
            signer.setParts(parts); // this is optional since the body is
signed by default
            envelope = signer.build(envelope, crypto, hSec);

Now, when I try to sign, I get the following exception:

org.apache.ws.security.WSSecurityException: Signature creation failed;
nested exception is:
    org.apache.xml.security.signature.XMLSignatureException: Supplied key (
sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
Original Exception was
org.apache.xml.security.signature.XMLSignatureException: Supplied key (
sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
Original Exception was java.security.InvalidKeyException: Supplied key (
sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
    at org.apache.ws.security.message.WSSecSignature.computeSignature(
WSSecSignature.java:603)
    at org.apache.ws.security.message.WSSecSignature.build(
WSSecSignature.java:668)
    at de.unibw.s3f.client.authentication.TestX509AndLicenseToken.main(
TestX509AndLicenseToken.java:167)
Caused by: org.apache.xml.security.signature.XMLSignatureException: Supplied
key (sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey
instance
Original Exception was
org.apache.xml.security.signature.XMLSignatureException: Supplied key (
sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
Original Exception was java.security.InvalidKeyException: Supplied key (
sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
    at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
    at org.apache.ws.security.message.WSSecSignature.computeSignature(
WSSecSignature.java:599)
    ... 2 more

Any ideas? It might be, that the private key (which is stored on the
smartcard) is unextractable ...

Any help is welcomed!

Cheers,
Cristian

-- 
Cristian OPINCARU
University of the Federal Armed Forces Munich
http://www.unibw.de/cristian.opincaru

[Attachment #3 (text/html)]

Hi,<br><br>I'm trying to sign some parts of a SOAP message using a Smartcard. My code \
looks something like this:<br><br><br><br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
&nbsp;&nbsp;&nbsp; // Load the keystore&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
&nbsp;&nbsp;&nbsp; <br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
KeyStore ks = KeyStore.getInstance (&quot;PKCS11&quot;);<br>&nbsp;&nbsp;&nbsp; \
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; String pin = \
&quot;1234&quot;;<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
ks.load(null, pin.toCharArray());<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; Merlin crypto = (Merlin) \
CryptoFactory.getInstance(&quot;org.apache.ws.security.components.crypto.Merlin \
&quot;,(Properties) null);<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
&nbsp;&nbsp;&nbsp; crypto.setKeyStore(ks);<br><br>&nbsp;&nbsp;&nbsp; \
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; // Sign the body &amp; insert the \
signature&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
org.apache.ws.security.SOAPConstants soapConstants = \
org.apache.ws.security.SOAPConstants.SOAP11_CONSTANTS ;<br>&nbsp;&nbsp;&nbsp; \
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; WSSecSignature signer = new \
WSSecSignature();<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
signer.setUserInfo(username, password);&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
&nbsp;&nbsp;&nbsp; <br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
signer.setUseSingleCertificate(true);&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; <br> &nbsp;&nbsp;&nbsp; \
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; Vector parts = new \
Vector();<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
WSEncryptionPart part = new \
WSEncryptionPart(soapConstants.getBodyQName().getLocalPart(),<br>&nbsp;&nbsp;&nbsp; \
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n \
bsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbs \
p;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
soapConstants.getEnvelopeURI (),<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;& \
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb \
sp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; \
&quot;Content&quot;);<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
parts.add(part);<br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
signer.setParts(parts); // this is optional since the body is signed by \
default&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
&nbsp;&nbsp;&nbsp;  <br>&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; &nbsp;&nbsp;&nbsp; \
envelope = signer.build(envelope, crypto, hSec);<br clear="all"><br>Now, when I try \
to sign, I get the following \
exception:<br><br>org.apache.ws.security.WSSecurityException: Signature creation \
failed; nested exception is:  <br>&nbsp;&nbsp;&nbsp; \
org.apache.xml.security.signature.XMLSignatureException: Supplied key \
(sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey \
instance<br>Original Exception was \
org.apache.xml.security.signature.XMLSignatureException : Supplied key \
(sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey \
instance<br>Original Exception was java.security.InvalidKeyException: Supplied key \
(sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance \
<br>&nbsp;&nbsp;&nbsp; at \
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:603)<br>&nbsp;&nbsp;&nbsp; \
at org.apache.ws.security.message.WSSecSignature.build(WSSecSignature.java:668)<br>&nbsp;&nbsp;&nbsp; \
at de.unibw.s3f.client.authentication.TestX509AndLicenseToken.main \
(TestX509AndLicenseToken.java:167)<br>Caused by: \
org.apache.xml.security.signature.XMLSignatureException: Supplied key \
(sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey \
instance<br>Original Exception was \
org.apache.xml.security.signature.XMLSignatureException : Supplied key \
(sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey \
instance<br>Original Exception was java.security.InvalidKeyException: Supplied key \
(sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance \
<br>&nbsp;&nbsp;&nbsp; at org.apache.xml.security.signature.XMLSignature.sign(Unknown \
Source)<br>&nbsp;&nbsp;&nbsp; at \
org.apache.ws.security.message.WSSecSignature.computeSignature(WSSecSignature.java:599)<br>&nbsp;&nbsp;&nbsp; \
... 2 more<br><br>Any ideas? It might be, that the private key (which is stored on \
the smartcard) is unextractable ... <br><br>Any help is \
welcomed!<br><br>Cheers,<br>Cristian<br><br>-- <br>Cristian OPINCARU<br>University of \
the Federal Armed Forces Munich<br><a \
href="http://www.unibw.de/cristian.opincaru">http://www.unibw.de/cristian.opincaru \
</a>



[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic