如何使用pkcs11interop生成pkcs7签名信封

时间:2015-01-24 18:59:02

标签: signature pkcs#7 pkcs#11 envelope

为了防止令牌密码对话框,我通常使用pkcs11interop登录到usbkey并使用capi或C#中的某些COM +控件进行数据签名。

但现在我有一个新的usbkey。当我第一次签名时它仍然显示登录对话框。这个密钥的pkcs11 dll没有实现函数C_SignUpdate,所以当我尝试签名时,在Java中使用SunPkcs11和BouncyCastle会引发异常:

    public static void main(String args[]) throws Exception {
        String configName = "d:\\javakey_My.cfg";
        String PIN = "123456";
        Provider prv = new SunPKCS11(configName);
        Security.addProvider(prv);
        KeyStore credentials = KeyStore.getInstance("PKCS11");
        char[] pin = PIN.toCharArray();
        credentials.load(null, pin);

        Key key = (PrivateKey) credentials.getKey("My Cert ID", null);
        Certificate[] chain = credentials
                .getCertificateChain("My Cert ID");
        X509Certificate cert = (X509Certificate) chain[0];
        Store certs = new JcaCertStore(Arrays.asList(chain));
        // set up the generator
        CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
        gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder()
                .setProvider("SunPKCS11-MyKey").build("SHA1withRSA",
                        (PrivateKey) key, cert));
        gen.addCertificates(certs);
        // create the signed-data object
        CMSTypedData data = new CMSProcessableByteArray(
                "Hello World!".getBytes());
        CMSSignedData signed = gen.generate(data, false);
    }



 
Exception in thread "main" java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_FUNCTION_NOT_SUPPORTED
	at sun.security.pkcs11.P11Signature.engineUpdate(P11Signature.java:436)
	at java.security.Signature$Delegate.engineUpdate(Unknown Source)
	at java.security.Signature.update(Unknown Source)
	at java.security.Signature.update(Unknown Source)
	at org.bouncycastle.operator.jcajce.JcaContentSignerBuilder$SignatureOutputStream.write(Unknown Source)
	at org.bouncycastle.cms.SignerInfoGenerator.generate(Unknown Source)
	at org.bouncycastle.cms.CMSSignedDataGenerator.generate(Unknown Source)
	at Tryit.main(Tryit.java:108)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_FUNCTION_NOT_SUPPORTED
	at sun.security.pkcs11.wrapper.PKCS11.C_SignUpdate(Native Method)
	at sun.security.pkcs11.P11Signature.engineUpdate(P11Signature.java:430)
	... 7 more




有没有办法让P7签名使用这个键?通过.Net或Java,无需登录对话框。

0 个答案:

没有答案
相关问题
最新问题