You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by Marcello Marangio <m....@tno.it> on 2004/03/18 12:37:30 UTC
PKCS#11 and SMIME
Hi all.
I'm trying to build an S/MIME message using a smartcard reader (or a HSM)
via PKCS11 interface.
It seems that there is a sort of incompatibility between the IAIK SMIME lib
and the PKCS11Wrapper/Provider lib.
I found this message:
http://jce.iaik.tugraz.at/mailarchive/iaik-jce/msg01775.html
Were there progress about this matter?
Can anyone tell me the correct approach to settle this thing up?
Thanks
Marcello
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org
Re: PKCS#11 and SMIME
Posted by Søren Hilmer <sh...@tefs.dk>.
Hi Marcello,
I do not really think, this has anything to do with James.
You should probably check up with IAIK instead, when you plan to use their
S/MIME implementation.
But that said here is what I happen to know.
As an alternative to IAIK take a look at bouncycastle.org, which provide a
first class opensource S/MIME implementation. (Remember IAIK is not free)
Your main concern left are the PKCS#11 access, last time I looked there where
no free bridges between JCE and PKCS#11, I know only of the IAIK
implementation and also an IBM alphaworks implementation. But that is going
to change with the JDK 1.5, which comes with such a beast.
Also note that the link you found is from 2002 so things may have changed,
check IAIK's news archive on NNTP - news.iaik.at group jce.general.
If you do not wait for JDK 1.5, and IAIK has not extended their JCA/JCE
provider to encompass their PKCS11Wrapper, you will need to implement you own
provider as explained in the mail you found.
Notice: that if you also implement cipher algorithms it is technically a JCE
and not a JCA provider you are implementing, this means that, if you use Java
1.4 (or later), the provider needs to be signed by a key certified by SUN,
and depending on your deadline, it might be a good idea to apply for that
certificate well in advance as it takes some time to get it (the procedure
involves surfacemail to SUN in the US).
regards
Søren
On Thursday 18 March 2004 12:37, Marcello Marangio wrote:
> Hi all.
> I'm trying to build an S/MIME message using a smartcard reader (or a HSM)
> via PKCS11 interface.
> It seems that there is a sort of incompatibility between the IAIK SMIME lib
> and the PKCS11Wrapper/Provider lib.
> I found this message:
> http://jce.iaik.tugraz.at/mailarchive/iaik-jce/msg01775.html
>
> Were there progress about this matter?
> Can anyone tell me the correct approach to settle this thing up?
>
> Thanks
> Marcello
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
--
Søren Hilmer, M.Sc.
R&D manager Phone: +45 70 27 64 00
TietoEnator IT+ Fax: +45 70 27 64 40
Ved Lunden 12 Direct: +45 87 46 64 57
DK-8230 Åbyhøj Email: soren.hilmer <at> tietoenator.com
---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org