How to access certificates and private key from etoken using java

Question

I am working with digital certificate and digital signature. We got pfx file from the vendor. We convert this pfx file to java key store and used it to create the digital signature using java program. Now the vendor has etoken hardware. They give me cer file in place pf pfx. I converted cer to jks java key store and used it in my program... My program told me that private key is not there. I have found that there is no private key with cer file. I have talked to vendor about this he told me private key can not be extracted from the etoken.. you must directly access the etoken through program to get the private key. Can anybody tell me how do i access etoken programetically. Is there any java api which is used to access etoken directly. Help me....

Answer 1

Private key can be extracted using PKCS11. To extract Private key from eToken in java, you need to pass config file to sun.security.pkcs11.SunPKCS11 instance.

Config file must have following properties:

name=<Name of Etoken>
slot=<slot number for etoken>
library=<path of the pckcs11 library(dll) for that etoken>

Following is sample code to extract private key using eToken

PrivateKey privateKey = null;
char password[] = "1234".toCharArray();
Provider userProvider = new sun.security.pkcs11.SunPKCS11("D:\\config.cfg");
ks = KeyStore.getInstance("PKCS11", userProvider);
ks.load(null, password);    
Enumeration e = ks.aliases();
String alias=null;
while (e.hasMoreElements()) 
{
    alias = (String) e.nextElement();
    privateKey = (PrivateKey) ks.getKey(alias, password);
}