Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm
Precedence: bulk
Reply-To: security-dev@xml.apache.org
Received-SPF: pass (asf.osuosl.org: local policy)
Date: Tue, 31 Jan 2006 21:38:00 +0100
Message-Id: <1261811897@web.de>
MIME-Version: 1.0
From: Ulrich Ackermann <ulrich.ackermann@web.de>
To: security-dev@xml.apache.org
Subject: RE: Examples for XMLSignature with private key on a Smartcard
Organization: http://freemail.web.de/
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit

Hi,

the hint I got from Sean did (probably) solve my problem. Probably means, that I still have a problem with namespaces, but I hopefully will get to handle that, too.
I haven't used JSS so far. I am accessing the smartcard through the PKCS11Wrapper from IAIK and the PKCS#11 driver of the smartcard. I'm sorry that I cannot give you any help in using JSS.

Ulrich


security-dev@xml.apache.org schrieb am 30.01.06 09:07:25:
 

Hi,   

Did you by any chance happen to solve this problem? Are you accessing the certificate on the smartcard using JSS? It so, the problem is in the providers that register when you initialize the jss, which causes different signaturevalues. I have no idea why they calculate different values, but they do, even if the data that gets sent in is the same. 

miha   

-----Original Message----- 
From: Ulrich Ackermann [mailto:ulrich.ackermann@web.de]  
Sent: Tuesday, January 24, 2006 2:02 PM 
To: security-dev@xml.apache.org 
Subject: Re: Examples for XMLSignature with private key on a Smartcard  

Hi Sean,  

Thank you for your response.  
It seems that my question wasn't as clear as I thought it would be. I Haven't got any problems in using a Smartcard. I DO have got problems in getting the right hash, that has to be encrypted with the private key on the Smartcard (or on any other hardware crypto device). 

I have used the example class which is included in the XML Security download. But it gets me a different SignatureValue, when I calculate the digest of the SignedInfo element outside the framework and encrypt it on a smartcard (or for testing purposes with a software key as I did). 

So, maybe I should narrow my question down to "How do I get the bytes, that the XML security framework uses for hashing?" or "Is there a way, to get the hash of the SignedInfo element from the XML security framework?" 

Thank you very much and sorry for the misleading question, Ulrich  
 

security-dev@xml.apache.org schrieb am 23.01.06 23:13:40:  

Does the card support PKCS#11? If so, have you tried using it with a 
PKCS#11 JCE provider, such as the one in Sun's JDK 5.0? :  
http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html  

--Sean  

Ulrich Ackermann wrote: 
> Hi, 
>  
> I've been looking quit a while without any luck for any advice or  
> examples for getting an XMLSignature done with the constraint, that  
> the private key can't be offered the XML Security framework (because  
> he is on a Smartcard, e.g.). All attempts getting or creating the  
> "right" digest and encrypting it with the private key outside didn't  
> lead to any result either. 
>  
> Has anybody anywhere accomplished this task (which shouldn't be too  
> extraordinary...)? Any help (links, example code etc.) is much  
> appreciated! 
>  
> Thanks in advance, Ulrich 
> ______________________________________________________________ 
> Verschicken Sie romantische, coole und witzige Bilder per SMS! Jetzt  
> bei WEB.DE FreeMail: http://f.web.de/?mc=021193 
>   
 
 
__________________________________________________________________________ 
Erweitern Sie FreeMail zu einem noch leistungsstarkeren E-Mail-Postfach!                 
Mehr Infos unter http://freemail.web.de/home/landingpad/?mc=021131  


______________________________________________________________
Verschicken Sie romantische, coole und witzige Bilder per SMS!
Jetzt bei WEB.DE FreeMail: http://f.web.de/?mc=021193