demo.cms.pkcs11
Class EnvelopedDataStreamDemo

java.lang.Object
  demo.cms.pkcs11.PKCS11Demo
      demo.cms.pkcs11.EnvelopedDataStreamDemo

public class EnvelopedDataStreamDemo
extends PKCS11Demo

This class shows how to en- and decrypt data with the CMS EnvelopedData type using the PKCS#11 provider for accessing the private key on a smart card. This implementation uses the SecurityProvider feature of the CMS implementation of the IAIK-CMS toolkit.

For running this demo the following packages are required (in addition to iaik_cms.jar and iaik_cms_demo.jar):

• iaik_jce(full).jar (IAIK-JCE crypto toolkit)
• iaikPkcs11Wrapper.jar (IAIK PKCS#11 Wrapper)
• iaikPkcs11Provider.jar (IAIK PKCS#11 Provider)
• The shared PKCS#11 library (pkcs11wrapper.dll for Windows and libpkcs11wrapper.so for Unix)

iaik_cms.jar, iaik_cms_demo.jar, iaik_jce(full).jar, iaikPkcs11Wrapper.jar and iaikPkcs11Provider.jar have to be put into the classpath, the shared library (pkcs11wrapper.dll or libpkcs11wrapper.so) has to be in your system library search path or in your VM library path, e.g. (on Windows, assuming that all jar files are located in a lib sub-directory and the dll is in a lib/win64 sub-directory):

 java -Djava.library.path=lib/win64 
      -cp lib/iaik_jce.jar;lib/iaikPkcs11Wrapper.jar;lib/iaikPkcs11Provider.jar;lib/iaik_cms.jar;lib/iaik_cms_demo.jar
      demo.pkcs11.ImplicitSignedDataStreamDemo <pkcs11Module>.dll
 

Field Summary

protected iaik.x509.X509Certificate	certificate_ The certificate of the recipient.
protected java.security.PrivateKey	privateKey_ The private key of the recipient.

Fields inherited from class demo.cms.pkcs11.PKCS11Demo

iaikPkcs11Provider_, iaikSoftwareProvider_, moduleName_, tokenKeyStore_, userPin_

Constructor Summary

EnvelopedDataStreamDemo(java.lang.String moduleName, char[] userPin)
Creates a EnvelopedDataStreamDemo object for the given module name.

Method Summary

byte[]	decrypt(byte[] encodedEnvelopedData) This method decrypts the data from the provided CMS EnvelopedData.
byte[]	encrypt(byte[] data) This method uses the CMS EnvelopedData type to encrypt the given data.
void	getKeyAndCertificate() This method gets the key store of the PKCS#11 provider and searches for a certificate and corresponding private key entry that can en/decrypt the data.
static void	main(java.lang.String[] args) This is the main method that is called by the JVM during startup.
void	start() Starts the demo.

Methods inherited from class demo.cms.pkcs11.PKCS11Demo

getKeyStore, init

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

privateKey_

protected java.security.PrivateKey privateKey_

The private key of the recipient. In this case only a proxy object, but the application cannot see this. Used for decryption.

certificate_

protected iaik.x509.X509Certificate certificate_

The certificate of the recipient. In contrast to the private key, the certificate holds holds the actual (public) keying material. Used for encryption.

Constructor Detail

EnvelopedDataStreamDemo

public EnvelopedDataStreamDemo(java.lang.String moduleName,
                               char[] userPin)

Creates a EnvelopedDataStreamDemo object for the given module name.

Parameters:

moduleName - the name of the module

userPin - the user-pin (password) for the TokenKeyStore (may be null to pou-up a dialog asking for the pin)

Method Detail

getKeyAndCertificate

public void getKeyAndCertificate()
                          throws java.security.GeneralSecurityException,
                                 java.io.IOException,
                                 iaik.cms.CMSException

This method gets the key store of the PKCS#11 provider and searches for a certificate and corresponding private key entry that can en/decrypt the data. Key and cert are stored in the privateKey_ and certificate_ member variables. Usually you only will have the smartcard on the decryption side (i.e. the sender will get the certificate by other means to use it for encrypting the message), however, for simplicity (and since we do not know which certificate/card you are actually will use for running the demo) we get both, key and certificate from the card.

Throws:

java.security.GeneralSecurityException - If anything with the provider fails.

java.io.IOException - If loading the key store fails.

iaik.cms.CMSException

encrypt

public byte[] encrypt(byte[] data)
               throws java.security.GeneralSecurityException,
                      java.io.IOException,
                      iaik.cms.CMSException

This method uses the CMS EnvelopedData type to encrypt the given data. It uses the certificate in the member variable set by getKeyAndCertificate().

Throws:

java.security.GeneralSecurityException - If anything with the provider fails.

java.io.IOException - If an I/O error occurs.

iaik.cms.CMSException - If handling the CMS data fails.

decrypt

public byte[] decrypt(byte[] encodedEnvelopedData)
               throws java.security.GeneralSecurityException,
                      java.io.IOException,
                      iaik.cms.CMSException

This method decrypts the data from the provided CMS EnvelopedData. It uses the key and certificate in the member variables set by getKeyAndCertificate().

Throws:

java.security.GeneralSecurityException - If anything with the provider fails.

java.io.IOException - If an I/O error occurs.

iaik.cms.CMSException - If handling the CMS data fails.

start

public void start()

Starts the demo.

main

public static void main(java.lang.String[] args)

This is the main method that is called by the JVM during startup.

Parameters:

args - These are the command line arguments.