使用Java从数字签名电子令牌生成密钥库 [英] Keystore from digital signature e-token using java

查看:210
本文介绍了使用Java从数字签名电子令牌生成密钥库的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

如何从数字签名电子令牌创建密钥库?如何创建密钥库的路径?如何使用Java应用程序在任何文档中使用密钥库签名?

How to create the keystore from digital signature e-token? How crate the path of keystore? How to sign with the keystore in any document using java application?

推荐答案

密码硬件设备通常可以通过PKCS#11 API进行接口。您将需要作为设备驱动程序的PKCS#11库(在Windows上为.dll,在Unix上为.so),该库通常与设备供应商提供的软件一起安装(有关具体库位置,请咨询电子令牌文档) )。您在问题中提到密钥库,因此我想您正在使用JAVA语言,并且可以使用SunPKCS11提供程序来访问PKCS#11兼容的密码存储。快速示例如下:

Cryptographic hardware devices can usually be interfaced via PKCS#11 API. You will need PKCS#11 library (.dll on Windows or .so on Unix) acting as a "device driver" which gets usually installed along with the software provided by the device vendor (consult your e-token documentation for the exact library location). You have mentioned "keystore" in your question therefore I guess you are using JAVA language and you can use SunPKCS11 provider to access PKCS#11 compatible cryptographic store. Here is the quick sample:

// Create instance of SunPKCS11 provider
String pkcs11Config = "name=eToken\nlibrary=C:\\path\\to\\your\\pkcs11.dll";
java.io.ByteArrayInputStream pkcs11ConfigStream = new java.io.ByteArrayInputStream(pkcs11Config.getBytes());
sun.security.pkcs11.SunPKCS11 providerPKCS11 = new sun.security.pkcs11.SunPKCS11(pkcs11ConfigStream);
java.security.Security.addProvider(providerPKCS11);

// Get provider KeyStore and login with PIN
String pin = "11111111";
java.security.KeyStore keyStore = java.security.KeyStore.getInstance("PKCS11", providerPKCS11);
keyStore.load(null, pin.toCharArray());

// Enumerate items (certificates and private keys) in the KeyStore
java.util.Enumeration<String> aliases = keyStore.aliases();
while (aliases.hasMoreElements()) {
    String alias = aliases.nextElement();
    System.out.println(alias);
}

这篇关于使用Java从数字签名电子令牌生成密钥库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆