All geek questions in one place

Is the Java Crypto JCA Provider really required dll for Windows?

As I read here:

"Unlike most Java Cryptography (JCA) architecture providers, Sun PKCS # 11 Provider does not directly implement cryptographic functionality; it relies on its own PKCS # 11 implementation, which it forwards all operations to. This implementation must be available as .dll on Windows or .so file on UNIX and Linux. For example, if you use the smart card provider Utimaco SafeGuard for Windows, PKCS # 11 implementation is the pkcs201n.dll library. "

Is a smart card provider required to have a jca provider? For example, where can I find the jca provider for gemalto?

+4
source share
3 answers

The PKCS # 11 Reference Guide is a good place to start.

Gemalto smart cards always come with PKCS # 11 DLLs, unfortunately, it has different names depending on the card. Just browse the files that came with your installation until you find a DLL with "p" and "11" in it :)

After you place it, you can follow the steps in the reference guide, that is, create a configuration file that points to the PKCS # 11 library, etc. If all goes well, you should have access to a smart card as simple as

KeyStore ks = KeyStore.getInstance("PKCS11"); ks.load(null, "pin".toCharArray());

Please note that for production code, you must use the proper CallbackHandler as indicated in the manual, of course - this is just to quickly verify that everything works.

+5
source

Is a smart card provider required to have a jca provider? For example, where can I find the jca provider for gemalto?

No, of course not, it depends entirely on what is in the contract. Most likely, you get a PKCS # 11 compatible library (with more or less functionality depending on the provider / card). It is likely, but probably not fully tested, that this is compatible with the PKCS # 11 provider, which is a bit picky about how everything is set up. Shipping an actual JCA provider is rare, and you're in luck if you can get one that really works.

[EDIT]

About another question in the header: only the Sun PKCS # 11 provider requires .dll settings. Others may require one depending on implementation. If the provider depends on OS support (for example, the CAPI provider uses Windows features), this will probably require a non-configurable .dll or .so somewhere on the library path. Bouncy Castle and other pure Java providers usually do not require any .dll or .so .

Contact Gemalto to find out if they have a JCA provider, they should know for sure.

+4
source

The PKCS # 11 DLL that you are referencing is the interface between applications that can use the PKCS # 11 API and a specific implementation of cryptographic equipment. Since each cryptographic equipment is different, it requires its own PKCS # 11 library. Therefore, if the application is designed to communicate with cryptographic equipment through PKCS # 11, it must call the DLL provided by the provider. So it’s not that Java does not have its own PKCS # 11 implementation, but simply how PKCS # 11 is intended to be used.

I don’t think any hardware vendor is required to provide a JCA module, and many (if not most) of them provide only PKCS # 11 drivers and CryptoAPI (CSP) modules.

+3
source

Source: https://habr.com/ru/post/1411006/

More articles:


All Articles