堆栈内存溢出
  简体   繁体   English

从智能卡读取私钥以对XML文档进行数字签名

[英]Read private key from smart card to digitally sign XML document

 原文  2019-05-10 05:49:29       java/ digital-signature

问题描述

I'm developing an application where a user should be able to digitally sign XML documents using a smart card, which would hold their private key. 我正在开发一个应用程序,用户可以使用智能卡对XML文档进行数字签名,该智能卡将持有其私钥。

During testing, I am able to generate the xml signature given the file paths of the two keys (public and private). 在测试期间,我能够在给定两个密钥(公共密钥和私有密钥)的文件路径的情况下生成xml签名。

My problem is how to read the private key from the smart card. 我的问题是如何从智能卡读取私钥。 I am able to get a response from the card using the following code: 我可以使用以下代码从卡中获得回复: 

        TerminalFactory factory = TerminalFactory.getDefault();
        List<CardTerminal> terminals = factory.terminals().list();

        CardTerminal terminal = terminals.get(0);

        Card card = terminal.connect("*");
        System.out.println("Card: " + card);

        CardChannel channel = card.getBasicChannel();
        ResponseAPDU r = channel.transmit(new CommandAPDU(0x00, 0x84, 0x00, 0x00, 0x08));

        String hex = DatatypeConverter.printHexBinary(r.getBytes());
        System.out.println("Response: " + hex);

Any help would be appreciated on how to read/view card contents in order to locate the private key. 任何有关如何读取/查看卡内容以查找私钥的帮助将不胜感激。

Thanks! 谢谢!

1 个解决方案

解决方案1
 0  2019-05-11 00:47:09

Private Key can't be read from the SmartCard. 无法从智能卡读取私钥。 Using PKCS11 lib such as SunPKCS11 or other PKCS11 warppers, you can get handle to private key and then use PKCS11 to sign from hardware device, say smartcard. 使用诸如SunPKCS11或其他PKCS11翘曲器之类的PKCS11库,您可以获取私钥的句柄,然后使用PKCS11从硬件设备(例如智能卡)进行签名。 You will need to provide path to driver of the smartcard to configure Java Security provider JCA/JCE. 您将需要提供智能卡驱动程序的路径,以配置Java安全提供程序JCA / JCE。

For more details, you may refer: JDK 8 PKCS#11 Reference Guide 有关更多详细信息,请参考:《 JDK 8 PKCS#11参考指南》。

Alternatively, you may use any readily available library for the purpuse. 或者,您可以使用任何易于使用的库来实现此目的。 Signer Digital provided by my Co. being one of those commercial libs on server side. 我公司提供的Signer Digital是服务器端的那些商业库之一。 Though Browser Extensions which sign using smartcard or usb token is free. 虽然使用智能卡或USB令牌签名的浏览器扩展是免费的。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用智能卡对文档进行数字签名 - How to digitally sign a document with Smart Card 使用RSASSA-PKCS1-V1_5使用私钥对有效负载进行数字签名 - Digitally sign the payload with Private Key using RSASSA-PKCS1-V1_5 如何用证书和私钥在Java中签名XML文档? - How can I sign an XML Document in java with certificate and private key? 如何在Java中对XML文档片段进行数字签名 - How can I digitally sign an XML document fragment in Java 用智能卡签名xml花费太长时间 - Sign xml with smart card taking too long 使用智能卡私钥加密数据 - Encrypting data using smart card private key 通过流式传输 XML 对带有时间戳的 XML (XAdES) 进行数字签名 - Digitally sign XML (XAdES ) with timestamping by streaming the XML 使用Tomcat 7从智能卡读取用户名 - Read username from smart card with Tomcat 7 从VPN令牌/智能卡读取证书 - Read Certificate from VPN Token/Smart card 从智能卡读取数据 (CNS/CNR) - Read data from smart card (CNS/CNR)
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM