santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ulrich Ackermann <>
Subject RE: Examples for XMLSignature with private key on a Smartcard
Date Tue, 31 Jan 2006 20:38:00 GMT

the hint I got from Sean did (probably) solve my problem. Probably means, that I still have
a problem with namespaces, but I hopefully will get to handle that, too.
I haven't used JSS so far. I am accessing the smartcard through the PKCS11Wrapper from IAIK
and the PKCS#11 driver of the smartcard. I'm sorry that I cannot give you any help in using

Ulrich schrieb am 30.01.06 09:07:25:


Did you by any chance happen to solve this problem? Are you accessing the certificate on the
smartcard using JSS? It so, the problem is in the providers that register when you initialize
the jss, which causes different signaturevalues. I have no idea why they calculate different
values, but they do, even if the data that gets sent in is the same. 


-----Original Message----- 
From: Ulrich Ackermann []  
Sent: Tuesday, January 24, 2006 2:02 PM 
Subject: Re: Examples for XMLSignature with private key on a Smartcard  

Hi Sean,  

Thank you for your response.  
It seems that my question wasn't as clear as I thought it would be. I Haven't got any problems
in using a Smartcard. I DO have got problems in getting the right hash, that has to be encrypted
with the private key on the Smartcard (or on any other hardware crypto device). 

I have used the example class which is included in the XML Security download. But it gets
me a different SignatureValue, when I calculate the digest of the SignedInfo element outside
the framework and encrypt it on a smartcard (or for testing purposes with a software key as
I did). 

So, maybe I should narrow my question down to "How do I get the bytes, that the XML security
framework uses for hashing?" or "Is there a way, to get the hash of the SignedInfo element
from the XML security framework?" 

Thank you very much and sorry for the misleading question, Ulrich schrieb am 23.01.06 23:13:40:  

Does the card support PKCS#11? If so, have you tried using it with a 
PKCS#11 JCE provider, such as the one in Sun's JDK 5.0? :  


Ulrich Ackermann wrote: 
> Hi, 
> I've been looking quit a while without any luck for any advice or  
> examples for getting an XMLSignature done with the constraint, that  
> the private key can't be offered the XML Security framework (because  
> he is on a Smartcard, e.g.). All attempts getting or creating the  
> "right" digest and encrypting it with the private key outside didn't  
> lead to any result either. 
> Has anybody anywhere accomplished this task (which shouldn't be too  
> extraordinary...)? Any help (links, example code etc.) is much  
> appreciated! 
> Thanks in advance, Ulrich 
> ______________________________________________________________ 
> Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt  
> bei WEB.DE FreeMail: 

Erweitern Sie FreeMail zu einem noch leistungsstarkeren E-Mail-Postfach!                 
Mehr Infos unter  

Verschicken Sie romantische, coole und witzige Bilder per SMS!
Jetzt bei WEB.DE FreeMail:

View raw message