You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Cristian Opincaru <cr...@gmail.com> on 2006/10/20 18:16:16 UTC

Signature with PKCS11 (smartcards)

Hi,

I'm trying to sign some parts of a SOAP message using a Smartcard. My code
looks something like this:



            // Load the keystore
            KeyStore ks = KeyStore.getInstance("PKCS11");
            String pin = "1234";
            ks.load(null, pin.toCharArray());

            Merlin crypto = (Merlin) CryptoFactory.getInstance("
org.apache.ws.security.components.crypto.Merlin",(Properties) null);
            crypto.setKeyStore(ks);

            // Sign the body & insert the signature
            org.apache.ws.security.SOAPConstants soapConstants =
org.apache.ws.security.SOAPConstants.SOAP11_CONSTANTS;
            WSSecSignature signer = new WSSecSignature();
            signer.setUserInfo(username, password);
            signer.setUseSingleCertificate(true);

            Vector parts = new Vector();
            WSEncryptionPart part = new WSEncryptionPart(
soapConstants.getBodyQName().getLocalPart(),

soapConstants.getEnvelopeURI(),
                                                         "Content");
            parts.add(part);
            signer.setParts(parts); // this is optional since the body is
signed by default
            envelope = signer.build(envelope, crypto, hSec);

Now, when I try to sign, I get the following exception:

org.apache.ws.security.WSSecurityException: Signature creation failed;
nested exception is:
    org.apache.xml.security.signature.XMLSignatureException: Supplied key (
sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
Original Exception was
org.apache.xml.security.signature.XMLSignatureException: Supplied key (
sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
Original Exception was java.security.InvalidKeyException: Supplied key (
sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
    at org.apache.ws.security.message.WSSecSignature.computeSignature(
WSSecSignature.java:603)
    at org.apache.ws.security.message.WSSecSignature.build(
WSSecSignature.java:668)
    at de.unibw.s3f.client.authentication.TestX509AndLicenseToken.main(
TestX509AndLicenseToken.java:167)
Caused by: org.apache.xml.security.signature.XMLSignatureException: Supplied
key (sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey
instance
Original Exception was
org.apache.xml.security.signature.XMLSignatureException: Supplied key (
sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
Original Exception was java.security.InvalidKeyException: Supplied key (
sun.security.pkcs11.P11Key$P11PrivateKey) is not a RSAPrivateKey instance
    at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
    at org.apache.ws.security.message.WSSecSignature.computeSignature(
WSSecSignature.java:599)
    ... 2 more

Any ideas? It might be, that the private key (which is stored on the
smartcard) is unextractable ...

Any help is welcomed!

Cheers,
Cristian

-- 
Cristian OPINCARU
University of the Federal Armed Forces Munich
http://www.unibw.de/cristian.opincaru