Skip to content

PKI Token provide secure storage for digital certificates and private keys. They allow public-key cryptography and digital signatures to be leveraged securely, without risk of leaking the private key information.

Notifications You must be signed in to change notification settings

AbdullahAlhussein/USB_Token_PKI_Encryption_Decryption_Text

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

16 Commits
 
 
 
 

Repository files navigation

USB_Token_PKI_Encryption_Decryption_Text


Overview

Group-1198

PKI tokens are hardware devices that store digital certificates and private keys securely. When you need to encrypt, decrypt or sign something, the token does this internally in a secure chip meaning the keys are never at risk of being stolen.


USB token based certificates are an implementation of PKCS#11, one of the Public-Key Cryptography Standards. Digital signature certificates are issued by a Certificate Authority (CA).


PKCS#11

The PKCS #11 standard defines a platform-independent API to cryptographic tokens, such as hardware security modules (HSM) and smart cards.

The API defines most commonly used cryptographic object types (RSA keys, X.509 Certificates, DES/Triple DES keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects Read more PKCS11.



Specifications of the USB Token that worked on :

Token name: eToken

Token category: Hardware

Product name: SafeNet eToken 5110 FIPS

Model: Token 15.0.0.3 15.0.19

Card type: Java Card

OS version: eToken Java Applet 1.8.5



installation


The programs and systems used and the most important uses Software package must be installed :

1- safeNet Authentication Client

  • Change Token PIN
  • Change Token Name
  • Install tokens drivers
  • Insert token PIN when need to Sign or decrypt process

2-Entrust Entelligence Security Provider

  • Signing & Encryption Files ,Emails
  • Certificates Explore
  • Check validity of Certificate
  • Create Encryption Group
  • Exchange Digital Certificates With others

3-Download eTPKCS11.dll

4-Download sunpkcs11.jar



Add an external configuration file which content following information:

In order to enable the JDK to access the security token, you will first need to create a configuration file. Open any plain-text editor and create a file named eToken.cfg. The file should contain 2, possibly 3, lines:

  • Add the username of the token
  • Adding the path of the library dedicated to the usb token, which is the eTPKCS11.dll library
  • Add the USB slot
name=eTokenn 
library=c:\WINDOWS\system32\eTPKCS11.dll  
slot=0

Note: The default slot number when left unspecified is 0. SafeNet eToken 5100 will automatically assign to slot 0, therefore there will be no need for the slot line in the .cfg file. However this may need to be changed depending on the number of eTokens/SmartCard readers installed. The default slot number for the SafeNet Ikey 4000 is slot 3. The slot line will be required when using a SafeNet iKey 4000.



Also, add an external library, which is sunpkcs11.jar to run provider PKCS11 :

 sun.security.pkcs11.SunPKCS11 providerPKCS11 = new sun.security.pkcs11.SunPKCS11(pkcs11Config);


Run the program

When you run the program, a window will appear to enter the password to be able to connect to the USB Token and get the Certificates

PKI23


 KeyStore.CallbackHandlerProtection chp = new KeyStore.CallbackHandlerProtection(new MyGuiCallbackHandler() {});
 KeyStore.Builder builder = KeyStore.Builder.newInstance("PKCS11", null, chp);
 KeyStore keyStore = builder.getKeyStore();

After that, it will select the required certificates, which are the encryption certificate

 if( x509Certificate.getKeyUsage()[2] == true) 

and access to the keys

Key key = keyStore.getKey(alias, null); 
privateKey  =  (PrivateKey )key ; 
publicKey = x509Certificate.getPublicKey();

Then the program will encrypt the text and then it will decrypt the text


PKI8



Good Luck

About

PKI Token provide secure storage for digital certificates and private keys. They allow public-key cryptography and digital signatures to be leveraged securely, without risk of leaking the private key information.

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages