demo.smime.pkcs11

Class EncryptedMailDemo

java.lang.Object

demo.cms.pkcs11.PKCS11Demo

demo.smime.pkcs11.EncryptedMailDemo

public class EncryptedMailDemo
extends PKCS11Demo

This class shows how to en- and decrypt an S/MIME message using the PKCS#11 provider for accessing the private key on a smart card. This implementation uses the SecurityProvider feature of the CMS implementation of the IAIK-CMS toolkit.

To run this demo the following packages are required:

• iaik_cms.jar
• iaik_jce(_full).jar (IAIK-JCE Core Crypto Library).
• iaikPkcs11Provider.jar (IAIK PKCS#11 Provider).
• iaikPkcs11Wrapper.jar (IAIK PKCS#11 Wrapper).
• The shared PKCS#11 library (pkcs11wrapper.dll for Windows, libpkcs11wrapper.so for Unix); contained in the IAIK PKCS#11 Wrapper library.
• iaik_eccelerate.jar (IAIK ECC Library, if you want to use Elliptic Curve Cryptography).
• Jakarta/Angus Mail
• Jakarta Activation Framework

iaik_cms.jar, iaik_cms_demo.jar, iaik_jce(full).jar, iaikPkcs11Wrapper.jar and iaikPkcs11Provider.jar (and iaik_eccelerate.jar, mail.jar, activation.jar) have to be put into the classpath, the shared library (pkcs11wrapper.dll or libpkcs11wrapper.so) has to be in your system library search path or in your VM library path, e.g. (on Windows, assuming that all jar files are located in a lib sub-directory and the dll is in a lib/win64 sub-directory):

 java -Djava.library.path=lib/win64 
      -cp lib/iaik_jce.jar;lib/iaikPkcs11Wrapper.jar;lib/iaikPkcs11Provider.jar;lib/iaik_cms.jar;lib/iaik_cms_demo.jar;lib/mail.jar;lib/activation.jar
      demo.pkcs11.EncryptedMailDemo  <pkcs11Module>.dll
 

Field Summary

Fields

Modifier and Type	Field and Description
protected iaik.x509.X509Certificate	certificate_ The certificate of the recipient.
protected java.security.PrivateKey	privateKey_ The private key of the recipient.
protected java.lang.String	recipient_ The email address of the recipient.
protected java.lang.String	sender_ The email address of the sender.

Fields inherited from class demo.cms.pkcs11.PKCS11Demo

iaikPkcs11Provider_, iaikSoftwareProvider_, moduleName_, tokenKeyStore_, userPin_

Constructor Summary

Constructors

Constructor and Description
EncryptedMailDemo(java.lang.String moduleName, char[] userPin) Creates a EncryptedMailDemo object for the given module name.

Method Summary

Modifier and Type	Method and Description
protected jakarta.mail.internet.MimeMessage	createEncryptedMessage(jakarta.mail.Session session, jakarta.activation.DataHandler dataHandler) Creates an encrypted message.
void	getKeyAndCertificate() This method gets the key store of the PKCS#11 provider and searches for a certificate and corresponding private key entry that can en/decrypt the data.
static void	main(java.lang.String[] args) This is the main method that is called by the JVM during startup.
void	start() Starts the demo.

Methods inherited from class demo.cms.pkcs11.PKCS11Demo

getKeyStore, init

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

privateKey_

protected java.security.PrivateKey privateKey_

The private key of the recipient. In this case only a proxy object, but the application cannot see this. Used for decryption.

certificate_

protected iaik.x509.X509Certificate certificate_

The certificate of the recipient. In contrast to the private key, the certificate holds holds the actual (public) keying material. Used for encryption.

sender_

protected java.lang.String sender_

The email address of the sender.

recipient_

protected java.lang.String recipient_

The email address of the recipient.

Constructor Detail

EncryptedMailDemo

public EncryptedMailDemo(java.lang.String moduleName,
                         char[] userPin)

Creates a EncryptedMailDemo object for the given module name.

Parameters:

moduleName - the name of the module

userPin - the user-pin (password) for the TokenKeyStore (may be null to pou-up a dialog asking for the pin)

Method Detail

getKeyAndCertificate

public void getKeyAndCertificate()
                          throws java.security.GeneralSecurityException,
                                 java.io.IOException,
                                 iaik.cms.CMSException

This method gets the key store of the PKCS#11 provider and searches for a certificate and corresponding private key entry that can en/decrypt the data. Key and cert are stored in the privateKey_ and certificate_ member variables. Usually you only will have the smartcard on the decryption side (i.e. the sender will get the certificate by other means to use it for encrypting the message), however, for simplicity (and since we do not know which certificate/card you are actually will use for running the demo) we get both, key and certificate from the card.

Throws:

java.security.GeneralSecurityException - If anything with the provider fails.

java.io.IOException - If loading the key store fails.

iaik.cms.CMSException

createEncryptedMessage

protected jakarta.mail.internet.MimeMessage createEncryptedMessage(jakarta.mail.Session session,
                                                                   jakarta.activation.DataHandler dataHandler)
                                                            throws jakarta.mail.MessagingException

Creates an encrypted message.

Parameters:

session - the mail session

dataHandler - the content of the message to be encrypted

Returns:

the encrypted message

Throws:

jakarta.mail.MessagingException - if an error occurs when creating the message

start

public void start()

Starts the demo.

main

public static void main(java.lang.String[] args)

This is the main method that is called by the JVM during startup.

Parameters:

args - These are the command line arguments.