hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Julius Davies" <juliusdav...@gmail.com>
Subject Re: How to access ssl web protected by usbkey with httpclient ?
Date Mon, 04 Dec 2006 14:29:05 GMT
Hi, Jack,

Our end goal is to have the RSA private key on the device be part of
our SSL handshake.  If that means actually extracting the private key
from the device, that's okay.  But I suspect  instead the device will
actually always keep the private key to itself, and will actually do
part of the SSL handshake itself.  That's the only way it makes sense
to me.  But yeah, ultimately, the RSA private key has to be involved
in our SSL session.  (Are you able to extract the RSA Private Key???
It should contain at least the 6 integers just like we see here:
http://java.sun.com/j2se/1.5.0/docs/api/java/security/spec/RSAPrivateCrtKeySpec.html
)

Anyway, can you run this code for me, and report back any problems?
Don't forget to create a java "pkcs11.cfg" file using this as a
reference:

http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html#Config

Look like the java "pkcs11.cfg" file you create will tell Java to go
look in that Windows DLL file.


public static void main( String[] args ) throws Exception {
 String configName = "/path/to/pkcs11.cfg";
 Provider p = new sun.security.pkcs11.SunPKCS11(configName);
 Security.addProvider(p);

 char[] pin = "secret".toCharArray();
 KeyStore ks = KeyStore.getInstance("PKCS11");
 ks.load(null, pin);
 System.out.println( ks );
}


yours,

Julius


On 12/2/06, Julius Davies <juliusdavies@gmail.com> wrote:
> ps.  looks like this is the format for the config file:
>
> http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html#Config
>
> On 12/2/06, Julius Davies <juliusdavies@gmail.com> wrote:
> > Hi, Jack,
> >
> > I'm interested in working on this a little, if you'll indulge me.
> > I've never used a usbkey and I don't have one.  So we'll probably have
> > to email a lot.
> >
> > For starters, does this work?  No exceptions are thrown if the usb key
> > is plugged in, and a simple command-line Java program is run?  (Maybe
> > try Java 5 or newer).
> >
> > // Using docs from:
> > // http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html
> > public static void main( String[] args ) throws Exception {
> >
> >   String configName = "/opt/bar/cfg/pkcs11.cfg";
> >   Provider p = new sun.security.pkcs11.SunPKCS11(configName);
> >   Security.addProvider(p);
> >
> >   char[] pin = "secret".toCharArray();
> >   KeyStore ks = KeyStore.getInstance("PKCS11");
> >   ks.load(null, pin);
> >   System.out.println( ks );
> > }
> >
> >
> > And how do you want your user to enter the PIN?  Can they put it in a
> > properties file (ick)?  Or do you want some kind of Swing dialogue?
> > Or perhaps Java 6's new support for taking passwords on the console
> > (aka: standard-in) without echoing it back?
> >
> > Will the users be un-plugging and re-plugging the usbkey while the
> > Java program is running?
> >
> > yours,
> >
> > Julius
> >
> >
> >
> >
> > On 12/2/06, Jack Wang <pipashu@yahoo.com> wrote:
> > > I am new here, so excuse me if i have not read old mails carefully here. I
think it is no problem
> > > to access normal ssl web site without usbkey certificate. But we can not obtain
the private key in
> > > usbkey, so
> > >
> > > How can i access usbkey protected ssl web site ?
> > > Should I must use pkcs#11 to get the private key first ?
> > > When should I input the usbkey PIN password in the automation program ?
> > >
> > > Please give me some tips. Thanks in advance.
> > >
> > > wj
> > >
> > >
> > >
> > > ___________________________________________________________
> > > 抢注雅虎免费邮箱-3.5G容量,20M附件!
> > > http://cn.mail.yahoo.com
> > >

-- 
yours,

Julius Davies
416-652-0183
http://juliusdavies.ca/
Mime
View raw message