How to use Java produce Signature by USBKey under CryptoAPI/CSP
Perhaps someone need to use USB-KEY or other Hardware Token to generate Digital Signature , through Microsoft CryptoAPI. Perhaps MS CryptoAPI is the only way for us to access Cryptography Device such as USB-Key. It is sure not a comfortable way because Java developers have to call CAPI funtions throught JNI(Java Native Interface). So there are some java-library to CALL CryptoAPI, but they are not free.I hope to provide an OpenSource Java Library to do this thing : SecureX
Here is some demo of what SecureX Library could do:
1, SecureX Library Arichtecture Demo
http://dev2dev.bea.com.cn/bbs/servlet/D2DServlet/download/29304-31620-211417-3031/securex.swf
2, SecureX USB-Key Demo
http://dev2dev.bea.com.cn/bbs/servlet/D2DServlet/download/29304-31620-213693-3060/HNISI_SecureX_USBKey.swf
OK, Came back to our topic, how to use java call CryptoAPI to produce signature.
You should know at least :
1, CryptoAPI are just a set of interface define by MS, and USB-Key Vendor just implement these interface so that our application can call the usb key to do some cryptographic operations(eg Signature, Hash, Encryption). There are a lot of CSPs located in your windows system. CSP is implementation, but we need not care about it, All we care is what CryptoAPI could do. See MSDN for more information.
2, For Java developer, they should use JNI to access CryptoAPI but it is not an easy thing since there are some encoding difference between JDK and Windows. For example, they should know how to convert the binary Private key stream to Java PrivateKey Object.
3, Perhaps some USB-Key vendor provide PKCS#11 CSP other than CryptoAPI CSP. PKCS# CSP is a RSA Standard [http://www.rsasecurity.com/rsalabs/node.asp?id=2133], It will be a good optional implement instead of CryptoAPI CSP.
Back to CryptoAPI CSP:
Java developer should do such a thing to generate a signature:
<div style="border-right: #cccccc 1px solid; padding-right: 5px; border-top: #cccccc 1px solid; padding-left: 4px; font-size: 13px; padding-bottom: 4px; border-left: #cccccc 1px solid; width: 81.67%; padding-top: 4px; border-bottom: #cccccc 1px solid; height: 202px; background-color: #eeeeee;">http://www.agoit.com/Images/OutliningIndicators/None.gifbyte[] data = "http://openssl.blogjava.net".getBytes();
http://www.agoit.com/Images/OutliningIndicators/None.gifSignatureUtils sigutil=new SignatureUtils("MD5");
http://www.agoit.com/Images/OutliningIndicators/None.gifsigutil.initSign(privateKey);
http://www.agoit.com/Images/OutliningIndicators/None.gifsigutil.update(data,0,data.length);
http://www.agoit.com/Images/OutliningIndicators/None.gifbyte[] signature = sigutil.sign();
http://www.agoit.com/Images/OutliningIndicators/None.gif
http://www.agoit.com/Images/OutliningIndicators/None.gifsigutil.initVerify(publicKey);
http://www.agoit.com/Images/OutliningIndicators/None.gifsigutil.update(data,0,data.length);
http://www.agoit.com/Images/OutliningIndicators/None.gifif(!sigutil.verify(signature))
http://www.agoit.com/Images/OutliningIndicators/None.gif System.out.println("The signature verification failed.");
http://www.agoit.com/Images/OutliningIndicators/None.gifelse
http://www.agoit.com/Images/OutliningIndicators/None.gif System.out.println("The signature was successfully verified.");
页:
[1]