demo.cms.pkcs11
Class ExplicitRSAPssSignedDataStreamDemo

java.lang.Object
  demo.cms.pkcs11.PKCS11Demo
      demo.cms.pkcs11.SignedDataStreamDemo
          demo.cms.pkcs11.ExplicitRSAPssSignedDataStreamDemo

public class ExplicitRSAPssSignedDataStreamDemo
extends SignedDataStreamDemo

This class shows how to sign data (explicit, the content data is included) with RSA-PSS according to CMS using the IAIK PKCS#11 provider for accessing the private key on a smart card. This implementation uses the SecurityProvider feature of the IAIK-CMS toolkit.

For running this demo the following packages are required (in addition to iaik_cms.jar and iaik_cms_demo.jar):

• iaik_jce(full).jar (IAIK-JCE crypto toolkit)
• iaikPkcs11Wrapper.jar (IAIK PKCS#11 Wrapper)
• iaikPkcs11Provider.jar (IAIK PKCS#11 Provider)
• The shared PKCS#11 library (pkcs11wrapper.dll for Windows and libpkcs11wrapper.so for Unix)

iaik_cms.jar, iaik_cms_demo.jar, iaik_jce(full).jar, iaikPkcs11Wrapper.jar and iaikPkcs11Provider.jar have to be put into the classpath, the shared library (pkcs11wrapper.dll or libpkcs11wrapper.so) has to be in your system library search path or in your VM library path, e.g. (on Windows, assuming that all jar files are located in a lib sub-directory and the dll is in a lib/win64 sub-directory):

 java -Djava.library.path=lib/win64 
      -cp lib/iaik_jce.jar;lib/iaikPkcs11Wrapper.jar;lib/iaikPkcs11Provider.jar;lib/iaik_cms.jar;lib/iaik_cms_demo.jar
      demo.pkcs11.ImplicitSignedDataStreamDemo <pkcs11Module>.dll
 

Field Summary

Fields inherited from class demo.cms.pkcs11.SignedDataStreamDemo

signerCertificate_, signerKey_

Fields inherited from class demo.cms.pkcs11.PKCS11Demo

iaikPkcs11Provider_, iaikSoftwareProvider_, moduleName_, tokenKeyStore_, userPin_

Constructor Summary

ExplicitRSAPssSignedDataStreamDemo()
Creates a ExplicitRSAPssSignedDataStreamDemo object that has to be explicitly initialized with a module name.

ExplicitRSAPssSignedDataStreamDemo(java.lang.String moduleName, char[] userPin)
Creates a ExplicitRSAPssSignedDataStreamDemo object for the given module name.

Method Summary

protected iaik.cms.SignerInfo	createSignerInfo(iaik.x509.X509Certificate signerCertificate) This method creates a SignerInfo for the given signer certificate.
protected void	getSignatureKey() This method gets the key stores of all inserted (compatible) smart cards and simply takes the first key-entry.
static void	main(java.lang.String[] args) This is the main method that is called by the JVM during startup.

Methods inherited from class demo.cms.pkcs11.SignedDataStreamDemo

getSignatureKey, init, sign, start, verify

Methods inherited from class demo.cms.pkcs11.PKCS11Demo

getKeyStore, init

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

ExplicitRSAPssSignedDataStreamDemo

public ExplicitRSAPssSignedDataStreamDemo()

Creates a ExplicitRSAPssSignedDataStreamDemo object that has to be explicitly initialized with a module name.

ExplicitRSAPssSignedDataStreamDemo

public ExplicitRSAPssSignedDataStreamDemo(java.lang.String moduleName,
                                          char[] userPin)

Creates a ExplicitRSAPssSignedDataStreamDemo object for the given module name.

Parameters:

moduleName - the name of the module

userPin - the user-pin (password) for the TokenKeyStore (may be null to pop-up a dialog asking for the pin)

Method Detail

main

public static void main(java.lang.String[] args)

This is the main method that is called by the JVM during startup.

Parameters:

args - These are the command line arguments.

getSignatureKey

protected void getSignatureKey()
                        throws java.security.GeneralSecurityException,
                               java.io.IOException

This method gets the key stores of all inserted (compatible) smart cards and simply takes the first key-entry. From this key entry it takes the private key and the certificate to retrieve the public key from. The keys are stored in the member variables signerKey_ and signerCertificate_.

Overrides:

getSignatureKey in class SignedDataStreamDemo

Throws:

java.security.GeneralSecurityException - If anything with the provider fails.

java.io.IOException - If loading the key store fails.

createSignerInfo

protected iaik.cms.SignerInfo createSignerInfo(iaik.x509.X509Certificate signerCertificate)

This method creates a SignerInfo for the given signer certificate.

Overrides:

createSignerInfo in class SignedDataStreamDemo

Parameters:

signerCertificate - the certificate of the signer

Returns:

the SignerInfo