SSE4E GPError GPSystem ByteString ByteBuffer TLV TLVList Card Atr Key Crypto Application GPApplication GPSecDomain ASN1 CardFile IsoSecureChannel ApplFactory GPXML JsScript CardSim X509 CRL KeyStore CMSSignedData CMSGenerator XMLSignature OCSPQuery LDAP SOAP URLConnection PKCS11Provider PKCS11Session PKCS11Object OutlineNode OpenSCDP |
PKCS11Session - Reference DocumentationClass implementing support for cryptographic token with PKCS#11 interface Index of Methods
Constants
ConstructorPrototypePKCS11Session(PKCS11Provider provider, Number slot) PKCS11Session(PKCS11Provider provider, Number slot, Boolean readWrite) DescriptionOpen a new session using the given provider and selected slot. Arguments
Exceptions
Examplevar p = new PKCS11Provider("C:/usr/local/lsm/bin/lsmpkcs11.dll"); var s = new PKCS11Session(p, 1, false); s.close(); login()Prototypelogin(String password) login(String password, Boolean so) DescriptionLogin into token as user or security officer Arguments
Return
Exceptions
Example// Login as user in a read only session var s = new PKCS11Session(p, 1, false); s.login("12345678"); s.close(); // Login as security officer in a read/write session var s = new PKCS11Session(p, 1, true); s.login("abcdefgh", true); s.close(); enumerateObjects()PrototypeenumerateObjects() DescriptionEnumerate all objects available in the session Return
Exceptions
Example// Login as user in a read only session var s = new PKCS11Session(p, 1, false); s.login("12345678"); var objs = s.enumerateObjects(); for (var i = 0; i < objs.length; i++) { print(" Class :" + objs[i].getNumberAttribute(PKCS11Object.CKA_CLASS)); print(" Label :" + objs[i].getAttribute(PKCS11Object.CKA_LABEL).toString(ASCII)); } s.close(); signInit()PrototypesignInit(Number mechanism, PKCS11Object key) signInit(Number mechanism, Key key) signInit(Number mechanism, PKCS11Object key, ByteString parameter) signInit(Number mechanism, Key key, ByteString parameter) DescriptionCall C_SignInit() to start a PKCS#11 signature operation. The method accepts keys in two different formats. Either as PKCS11Object or as Key object. The former can be obtained using the PKCS11Session.enumerateObjects() methods, the later using the KeyStore.getKeyFromKeyStore() method. Arguments
Return
Exceptions
Example// Login as user in a read/write session var s = new PKCS11Session(p, 1, true); s.login("12345678"); // Create RSA private session key var attr = new Array(); attr[PKCS11Object.CKA_CLASS] = PKCS11Object.CKO_PRIVATE_KEY; attr[PKCS11Object.CKA_KEY_TYPE] = PKCS11Object.CKK_RSA; attr[PKCS11Object.CKA_LABEL] = "MyPrivateRSAKey"; attr[PKCS11Object.CKA_PRIME_1] = new ByteString("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", HEX); attr[PKCS11Object.CKA_PRIME_2] = new ByteString("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", HEX); attr[PKCS11Object.CKA_EXPONENT_1] = new ByteString("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", HEX); attr[PKCS11Object.CKA_EXPONENT_2] = new ByteString("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", HEX); attr[PKCS11Object.CKA_COEFFICIENT] = new ByteString("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", HEX); attr[PKCS11Object.CKA_MODULUS] = new ByteString("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", HEX); attr[PKCS11Object.CKA_PUBLIC_EXPONENT] = new ByteString("11", HEX); var prk = new PKCS11Object(s, attr); // Create RSA public key var attr = new Array(); attr[PKCS11Object.CKA_CLASS] = PKCS11Object.CKO_PUBLIC_KEY; attr[PKCS11Object.CKA_KEY_TYPE] = PKCS11Object.CKK_RSA; attr[PKCS11Object.CKA_LABEL] = "MyPublicRSAKey"; attr[PKCS11Object.CKA_MODULUS] = new ByteString("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", HEX); attr[PKCS11Object.CKA_PUBLIC_EXPONENT] = new ByteString("11", HEX); var puk = new PKCS11Object(s, attr); // Create RSA public key in SCSH3 var key = new Key(); key.setType(Key.PUBLIC); key.setComponent(Key.MODULUS, new ByteString("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", HEX)); key.setComponent(Key.EXPONENT, new ByteString("11", HEX)); var crypto = new Crypto(); // Initiate signing operation s.signInit(PKCS11Session.CKM_SHA1_RSA_PKCS, prk); // Single step signing var msg = new ByteString("Hello World", ASCII); var signature = s.sign(msg); print("Signature : " + signature); // Decrypt block with public key var plain = crypto.decrypt(key, Crypto.RSA, signature); print("Plain = " + plain); // Verify signature with SCSH3 assert(crypto.verify(key, Crypto.RSA, msg, signature)); // Verify signature with PKCS#11 s.verifyInit(PKCS11Session.CKM_SHA1_RSA_PKCS, puk); // Single step verifying var msg = new ByteString("Hello World", ASCII); assert(s.verify(msg, signature)); // Initiate signing operation s.signInit(PKCS11Session.CKM_SHA1_RSA_PKCS, prk); // Multi-Step signing (Step 1) var msg = new ByteString("Hello ", ASCII); s.signUpdate(msg); // Multi-Step signing (Step 2) var msg = new ByteString("World", ASCII); s.signUpdate(msg); var signature = s.signFinal(); print("Signature : " + signature); var plain = crypto.decrypt(key, Crypto.RSA, signature); print("Plain = " + plain); // Verify signature with SCSH3 var msg = new ByteString("Hello World", ASCII); assert(crypto.verify(key, Crypto.RSA, msg, signature)); // Initiate verifying operation s.verifyInit(PKCS11Session.CKM_SHA1_RSA_PKCS, puk); // Multi-Step verifying (Step 1) var msg = new ByteString("Hello ", ASCII); s.verifyUpdate(msg); // Multi-Step verifying (Step 2) var msg = new ByteString("World", ASCII); s.verifyUpdate(msg); assert(s.verifyFinal(signature)); s.close(); sign()PrototypeByteString sign(ByteString message) DescriptionCall C_Sign() to finish a PKCS#11 signature operation. The method returns the signature. Arguments
Return
Exceptions
Example// See PKCS11Session.signInit() for a complete example signUpdate()PrototypesignUpdate(ByteString message) DescriptionCall C_SignUpdate() to continue a PKCS#11 signature operation. Arguments
Return
Exceptions
Example// See PKCS11Session.signInit() for a complete example signFinal()PrototypeByteString signFinal() DescriptionCall C_SignFinal() to finish a PKCS#11 signature operation. The method returns the signature. Return
Exceptions
Example// See PKCS11Session.signInit() for a complete example verifyInit()PrototypeverifyInit(Number mechanism, PKCS11Object key) verifyInit(Number mechanism, Key key) verifyInit(Number mechanism, PKCS11Object key, ByteString parameter) verifyInit(Number mechanism, Key key, ByteString parameter) DescriptionCall C_verifyInit() to start a PKCS#11 signature verification operation. The method accepts keys in two different formats. Either as PKCS11Object or as Key object. The former can be obtained using the PKCS11Session.enumerateObjects() methods, the later using the KeyStore.getKeyFromKeyStore() method. Arguments
Return
Exceptions
Example// See PKCS11Session.signInit() for a complete example verify()Prototypeboolean verify(ByteString message, ByteString signature) DescriptionCall C_Verify() to finish a PKCS#11 signature verification operation. Arguments
Return
Exceptions
Example// See PKCS11Session.signInit() for a complete example verifyUpdate()PrototypeverifyUpdate(ByteString message) DescriptionCall C_VerifyUpdate() to continue a PKCS#11 signature verification operation. Arguments
Return
Exceptions
Example// See PKCS11Session.signInit() for a complete example verifyFinal()Prototypeboolean signFinal(ByteString signature) DescriptionCall C_VerifyFinal() to finish a PKCS#11 signature verification operation. Return
Exceptions
Example// See PKCS11Session.signInit() for a complete example encryptInit()PrototypeencryptInit(Number mechanism, PKCS11Object key) encryptInit(Number mechanism, Key key) encryptInit(Number mechanism, PKCS11Object key, ByteString parameter) encryptInit(Number mechanism, Key key, ByteString parameter) DescriptionCall C_EncryptInit() to start a PKCS#11 encryption operation. The method accepts keys in two different formats. Either as PKCS11Object or as Key object. The former can be obtained using the PKCS11Session.enumerateObjects() methods, the later using the KeyStore.getKeyFromKeyStore() method. Arguments
Return
Exceptions
Example// Login as user in a read/write session var s = new PKCS11Session(p, 1, true); s.login("12345678"); // Define 3 different single DES key values var keyval1 = new ByteString("7CA110454A1A6E57", HEX); var keyval2 = new ByteString("0131D9619DC1376E", HEX); var keyval3 = new ByteString("9DC1376E0131D961", HEX); // Create crypto object for internal reference var crypto = new Crypto(); // Create DES session key var attr = new Array(); attr[PKCS11Object.CKA_CLASS] = PKCS11Object.CKO_SECRET_KEY; attr[PKCS11Object.CKA_KEY_TYPE] = PKCS11Object.CKK_DES; attr[PKCS11Object.CKA_LABEL] = "MyPrivateDESKey1"; attr[PKCS11Object.CKA_ID] = new ByteString("0101", HEX); attr[PKCS11Object.CKA_TOKEN] = false; attr[PKCS11Object.CKA_SENSITIVE] = true; attr[PKCS11Object.CKA_EXTRACTABLE] = false; attr[PKCS11Object.CKA_VALUE] = keyval1; var k1p11 = new PKCS11Object(s, attr); // Internal reference var k1ref = new Key(); k1ref.setComponent(Key.DES, keyval1); // Create DES2 session key var attr = new Array(); attr[PKCS11Object.CKA_CLASS] = PKCS11Object.CKO_SECRET_KEY; attr[PKCS11Object.CKA_KEY_TYPE] = PKCS11Object.CKK_DES2; attr[PKCS11Object.CKA_LABEL] = "MyPrivateDESKey2"; attr[PKCS11Object.CKA_ID] = new ByteString("0102", HEX); attr[PKCS11Object.CKA_TOKEN] = false; attr[PKCS11Object.CKA_SENSITIVE] = true; attr[PKCS11Object.CKA_EXTRACTABLE] = false; attr[PKCS11Object.CKA_VALUE] = keyval1.concat(keyval2); var k2p11 = new PKCS11Object(s, attr); // Internal reference var k2ref = new Key(); k2ref.setComponent(Key.DES, keyval1.concat(keyval2)); // Create DES3 session key var attr = new Array(); attr[PKCS11Object.CKA_CLASS] = PKCS11Object.CKO_SECRET_KEY; attr[PKCS11Object.CKA_KEY_TYPE] = PKCS11Object.CKK_DES3; attr[PKCS11Object.CKA_LABEL] = "MyPrivateDESKey3"; attr[PKCS11Object.CKA_ID] = new ByteString("0103", HEX); attr[PKCS11Object.CKA_TOKEN] = false; attr[PKCS11Object.CKA_SENSITIVE] = true; attr[PKCS11Object.CKA_EXTRACTABLE] = false; attr[PKCS11Object.CKA_VALUE] = keyval1.concat(keyval2).concat(keyval3); var k3p11 = new PKCS11Object(s, attr); // Internal reference var k3ref = new Key(); k3ref.setComponent(Key.DES, keyval1.concat(keyval2).concat(keyval3)); var message = new ByteString("Hello World !!!!", ASCII); var iv = new ByteString("0000000000000000", HEX); // Encrypt with PKCS#11 - single step s.encryptInit(PKCS11Session.CKM_DES_ECB, k1p11); var cipher = s.encrypt(message); print("Cipher : " + cipher); // Verify with internal reference var ref = crypto.encrypt(k1ref, Crypto.DES_ECB, message); print("Ref : " + ref); assert(ref.equals(cipher)); // Decrypt with PKCS#11 s.decryptInit(PKCS11Session.CKM_DES_ECB, k1p11); var plain = s.decrypt(cipher); print("Plain : " + plain.toString(ASCII)); assert(plain.equals(message)); // Encrypt with PKCS#11 - multi step s.encryptInit(PKCS11Session.CKM_DES_ECB, k1p11); var cipher = s.encryptUpdate(message.left(8)); var cipher = cipher.concat(s.encryptUpdate(message.right(8))); var l = s.encryptFinal(); assert(l == null); print("Cipher : " + cipher); assert(ref.equals(cipher)); // Encrypt with PKCS#11 - single step s.encryptInit(PKCS11Session.CKM_DES3_ECB, k2p11); var cipher = s.encrypt(message); print("Cipher : " + cipher); // Verify with internal reference var ref = crypto.encrypt(k2ref, Crypto.DES_ECB, message); print("Ref : " + ref); assert(ref.equals(cipher)); // Decrypt with PKCS#11 s.decryptInit(PKCS11Session.CKM_DES3_ECB, k2p11); var plain = s.decrypt(cipher); print("Plain : " + plain.toString(ASCII)); assert(plain.equals(message)); // Encrypt with PKCS#11 - multi step s.encryptInit(PKCS11Session.CKM_DES3_ECB, k2p11); var cipher = s.encryptUpdate(message.left(8)); var cipher = cipher.concat(s.encryptUpdate(message.right(8))); var l = s.encryptFinal(); assert(l == null); print("Cipher : " + cipher); assert(ref.equals(cipher)); // Encrypt with PKCS#11 - single step s.encryptInit(PKCS11Session.CKM_DES3_ECB, k3p11); var cipher = s.encrypt(message); print("Cipher : " + cipher); // Verify with internal reference var ref = crypto.encrypt(k3ref, Crypto.DES_ECB, message); print("Ref : " + ref); assert(ref.equals(cipher)); // Decrypt with PKCS#11 s.decryptInit(PKCS11Session.CKM_DES3_ECB, k3p11); var plain = s.decrypt(cipher); print("Plain : " + plain.toString(ASCII)); assert(plain.equals(message)); // Encrypt with PKCS#11 - multi step s.encryptInit(PKCS11Session.CKM_DES3_ECB, k3p11); var cipher = s.encryptUpdate(message.left(8)); var cipher = cipher.concat(s.encryptUpdate(message.right(8))); var l = s.encryptFinal(); assert(l == null); print("Cipher : " + cipher); assert(ref.equals(cipher)); // Encrypt with PKCS#11 - single step s.encryptInit(PKCS11Session.CKM_DES_CBC, k1p11, iv); var cipher = s.encrypt(message); print("Cipher : " + cipher); // Verify with internal reference var ref = crypto.encrypt(k1ref, Crypto.DES_CBC, message, iv); print("Ref : " + ref); assert(ref.equals(cipher)); // Decrypt with PKCS#11 s.decryptInit(PKCS11Session.CKM_DES_CBC, k1p11, iv); var plain = s.decrypt(cipher); print("Plain : " + plain.toString(ASCII)); assert(plain.equals(message)); // Encrypt with PKCS#11 - multi step s.encryptInit(PKCS11Session.CKM_DES_CBC, k1p11, iv); var cipher = s.encryptUpdate(message.left(8)); var cipher = cipher.concat(s.encryptUpdate(message.right(8))); var l = s.encryptFinal(); assert(l == null); print("Cipher : " + cipher); assert(ref.equals(cipher)); // Encrypt with PKCS#11 - single step s.encryptInit(PKCS11Session.CKM_DES3_CBC, k2p11, iv); var cipher = s.encrypt(message); print("Cipher : " + cipher); // Verify with internal reference var ref = crypto.encrypt(k2ref, Crypto.DES_CBC, message, iv); print("Ref : " + ref); assert(ref.equals(cipher)); // Decrypt with PKCS#11 s.decryptInit(PKCS11Session.CKM_DES3_CBC, k2p11, iv); var plain = s.decrypt(cipher); print("Plain : " + plain.toString(ASCII)); assert(plain.equals(message)); // Encrypt with PKCS#11 - multi step s.encryptInit(PKCS11Session.CKM_DES3_CBC, k2p11, iv); var cipher = s.encryptUpdate(message.left(8)); var cipher = cipher.concat(s.encryptUpdate(message.right(8))); var l = s.encryptFinal(); assert(l == null); print("Cipher : " + cipher); assert(ref.equals(cipher)); // Encrypt with PKCS#11 - single step s.encryptInit(PKCS11Session.CKM_DES3_CBC, k3p11, iv); var cipher = s.encrypt(message); print("Cipher : " + cipher); // Verify with internal reference var ref = crypto.encrypt(k3ref, Crypto.DES_CBC, message, iv); print("Ref : " + ref); assert(ref.equals(cipher)); // Decrypt with PKCS#11 s.decryptInit(PKCS11Session.CKM_DES3_CBC, k3p11, iv); var plain = s.decrypt(cipher); print("Plain : " + plain.toString(ASCII)); assert(plain.equals(message)); // Encrypt with PKCS#11 - multi step s.encryptInit(PKCS11Session.CKM_DES3_CBC, k3p11, iv); var cipher = s.encryptUpdate(message.left(8)); var cipher = cipher.concat(s.encryptUpdate(message.right(8))); var l = s.encryptFinal(); assert(l == null); print("Cipher : " + cipher); assert(ref.equals(cipher)); // Encrypt / decrypt with RSA // Create RSA private key var attr = new Array(); attr[PKCS11Object.CKA_CLASS] = PKCS11Object.CKO_PRIVATE_KEY; attr[PKCS11Object.CKA_KEY_TYPE] = PKCS11Object.CKK_RSA; attr[PKCS11Object.CKA_LABEL] = "MyPrivateRSAKey"; attr[PKCS11Object.CKA_PRIME_1] = new ByteString("c0a0758cdf14256f78d4708c86becdead1b50ad4ad6c5c703e2168fbf37884cb", HEX); attr[PKCS11Object.CKA_PRIME_2] = new ByteString("f01734d7960ea60070f1b06f2bb81bfac48ff192ae18451d5e56c734a5aab8a5", HEX); attr[PKCS11Object.CKA_EXPONENT_1] = new ByteString("b54bb9edff22051d9ee60f9351a48591b6500a319429c069a3e335a1d6171391", HEX); attr[PKCS11Object.CKA_EXPONENT_2] = new ByteString("d3d83daf2a0cecd3367ae6f8ae1aeb82e9ac2f816c6fc483533d8297dd7884cd", HEX); attr[PKCS11Object.CKA_COEFFICIENT] = new ByteString("b8f52fc6f38593dabb661d3f50f8897f8106eee68b1bce78a95b132b4e5b5d19", HEX); attr[PKCS11Object.CKA_MODULUS] = new ByteString("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", HEX); attr[PKCS11Object.CKA_PUBLIC_EXPONENT] = new ByteString("11", HEX); var prk = new PKCS11Object(s, attr); // Create RSA public key var attr = new Array(); attr[PKCS11Object.CKA_CLASS] = PKCS11Object.CKO_PUBLIC_KEY; attr[PKCS11Object.CKA_KEY_TYPE] = PKCS11Object.CKK_RSA; attr[PKCS11Object.CKA_LABEL] = "MyPublicRSAKey"; attr[PKCS11Object.CKA_MODULUS] = new ByteString("b4a7e46170574f16a97082b22be58b6a2a629798419be12872a4bdba626cfae9900f76abfb12139dce5de56564fab2b6543165a040c606887420e33d91ed7ed7", HEX); attr[PKCS11Object.CKA_PUBLIC_EXPONENT] = new ByteString("11", HEX); var puk = new PKCS11Object(s, attr); var message = new ByteString("Hello World !!!!", ASCII); s.encryptInit(PKCS11Session.CKM_RSA_PKCS, puk); var cipher = s.encrypt(message); print("Cipher = " + cipher); s.decryptInit(PKCS11Session.CKM_RSA_PKCS, prk); var plain = s.decrypt(cipher); print("Plain = " + plain.toString(ASCII)); encrypt()PrototypeByteString encrypt(ByteString message) DescriptionCall C_Encrypt() to perform a PKCS#11 encryption operation. The method returns the cipher text. Arguments
Return
Exceptions
Example// See PKCS11Session.encryptInit() for a complete example encryptUpdate()PrototypeByteString encryptUpdate(ByteString message) DescriptionCall C_EncryptUpdate() to encrypt a block of data in a PKCS#11 encryption operation. Arguments
Return
Exceptions
Example// See PKCS11Session.encryptInit() for a complete example encryptFinal()PrototypeByteString encryptFinal() DescriptionCall C_EncryptFinal() to finish a PKCS#11 encryption operation. The method returns the last encrypted block or null, depending on the algorithm. Return
Exceptions
Example// See PKCS11Session.encryptInit() for a complete example decryptInit()PrototypedecryptInit(Number mechanism, PKCS11Object key) decryptInit(Number mechanism, Key key) decryptInit(Number mechanism, PKCS11Object key, ByteString parameter) decryptInit(Number mechanism, Key key, ByteString parameter) DescriptionCall C_DecryptInit() to start a PKCS#11 decryption operation. The method accepts keys in two different formats. Either as PKCS11Object or as Key object. The former can be obtained using the PKCS11Session.enumerateObjects() methods, the later using the KeyStore.getKeyFromKeyStore() method. Arguments
Return
Exceptions
Example// See PKCS11Session.encryptInit() for a complete example decrypt()PrototypeByteString decrypt(ByteString message) DescriptionCall C_Decrypt() to perform a PKCS#11 decryption operation. The method returns the plain text. Arguments
Return
Exceptions
Example// See PKCS11Session.encryptInit() for a complete example decryptUpdate()PrototypeByteString decryptUpdate(ByteString message) DescriptionCall C_DecryptUpdate() to decrypt a block of data in a PKCS#11 decryption operation. Arguments
Return
Exceptions
Example// See PKCS11Session.encryptInit() for a complete example decryptFinal()PrototypeByteString decryptFinal() DescriptionCall C_DecryptFinal() to finish a PKCS#11 decryption operation. The method returns the last decrypted block or null, depending on the algorithm. Return
Exceptions
Example// See PKCS11Session.encryptInit() for a complete example close()Prototypeclose() DescriptionClose session Return
Exceptions
Examplevar s = new PKCS11Session(p, 1, false); s.close(); © Copyright 2003 - 2010 CardContact Software & System Consulting, Minden, Germany |