Description

This news is the following of “How to signing a PDF with Java”


I continu my research to use certificate available in the MS Windows Keystrore.I wanted to use a certificate stored in a card (use for MS Windows signe on).


Thanks to these researchs I discovered that with JDK 6 it is very simple to use the MSCAPI‘s API .

With Java SE 6 you have a large choice of tools and it is configurate with most of crypto “providers” as SunMSCAPI Provider (see $JRE_HOME/lib/security/java.security ).

#
# List of providers and their preference orders (see above):
#
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=com.sun.net.ssl.internal.ssl.Provider
security.provider.4=com.sun.crypto.provider.SunJCE
security.provider.5=sun.security.jgss.SunProvider
security.provider.6=com.sun.security.sasl.Provider
security.provider.7=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.8=sun.security.smartcardio.SunPCSC
security.provider.9=sun.security.mscapi.SunMSCAPI

Services supported by SunMSCAPI

Type Name Description
KeyPairGenerator
  • RSA
Generates RSA key pairs needed by other cryptographic services such as Signature and Cipher.
Signature
  • SHA1withRSA
  • MD5withRSA
  • MD2withRSA
Creates and validates signatures using various message digest and encryption algorithm as specified in the service name.
Cipher
  • RSA
  • RSA/ECB/PKCS1Padding
Performs RSA encryption and decryption.
KeyStore
  • Windows-MY
  • Windows-ROOT
Provides direct read-write access to MS Window’s keystores. The Windows-MY keystore contains the user’s private keys and the associated certificate chains. The Windows-ROOT keystore contains all root CA certificates trusted by the machine.
SecureRandom
  • Windows-PRNG
Generates random numbers for the random data that other cryptographic services need.

Warning :By using this API I saw that the PIN’s code is asked even if you pass it in the code. (I think it should be a bug in drivers card readers) .


Exemple

try {
	KeyStore ks = KeyStore.getInstance("Windows-ROOT");
	ks.load(null, null) ;
	java.util.Enumeration en = ks.aliases() ;
 
	while (en.hasMoreElements()) {
		String aliasKey = (String)en.nextElement() ;
		Certificate c = ks.getCertificate(aliasKey) ;
		System.out.println("---> alias : " + sss) ;
		System.out.println("    Certificat : " + c.toString() ) ;
 
		if (aliasKey.equals("myKey") ) {
		      PrivateKey key = (PrivateKey)ks.getKey(aliasKey, "monPassword".toCharArray());
		      Certificate[] chain = ks.getCertificateChain(aliasKey);
		}
	}
 
} catch (Exception ioe) {
	System.err.println(ioe.getMessage());
}
Be Sociable, Share!