Skip to content

intoolswetrust/jsign-pkcs11

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

29 Commits

.github

.github

 
 

src/main/java/com/github/kwart/jsign/pkcs11

src/main/java/com/github/kwart/jsign/pkcs11

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

NOTICE

NOTICE

 
 

README.md

README.md

 
 

THIRD_PARTY_README

THIRD_PARTY_README

 
 

pom.xml

pom.xml

 
 

Repository files navigation

JSignPKCS11 Security Provider

This project is a fork of SunPKCS11 provider from OpenJDK 8.

The most significant change is the basic support of the CKU_CONTEXT_SPECIFIC-typed login before signing.

The original SunPKCS11 implementation only supports the keystore password - PIN (second parameter in java.security.KeyStore.load(InputStream, char[])).

Some newer hardware tokens also require the key password - QPIN (second parameter in java.security.KeyStore.getKey(String, char[])).

This provider implementation calls PKCS11 login function with QPIN before signing (generating signature bytes in com.github.kwart.jsign.pkcs11.P11Signature.engineSign()).

PKCS11.C_Login(sessionId, CKU_CONTEXT_SPECIFIC, qpin);

Usage

If you are Maven user, just add dependency on the latest JSignPKCS11 version

<dependency>
    <groupId>com.github.kwart.jsign</groupId>
    <artifactId>jsign-pkcs11</artifactId>
    <version>${jsign.pkcs11.version}</version>
</dependency>

And replace original SunPKCS11 usages by proper JSignPKCS11 class.

- sun.security.pkcs11.SunPKCS11
+ com.github.kwart.jsign.pkcs11.JSignPKCS11

Warning - NSS not supported

The NSS modes from SunPKCS11 provider are not supported!

About

SunPKCS11 fork with context-specific login support

Topics

java pkcs11

Resources

Readme

License

GPL-2.0 license
Activity
Custom properties

Stars

1 star

Watchers

1 watching

Forks

2 forks
Report repository

Releases

3 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages