Access token usb

[Francesco]

Hi everybody
I have to access by java to a token usb (PKCS11) to see if it's
connected or not ...
I've got the productor-dll but I'm not able to make it worked because
I've passed for JNI so Make my Dll....
Is there any other solution?
Thanks all
Jean

 

[Roedy Green]

I have to access by java to a token usb (PKCS11) to see if it's
connected or not ...
I've got the productor-dll but I'm not able to make it worked because
I've passed for JNI so Make my Dll....
Is there any other solution?
Thanks all

Java has a PKCS#11 interface, see
http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html

 

[Francesco]

Java has a PKCS#11 interface, seehttp://java.sun.com/javase/6/docs/technotes/guides/security/p11guide....

This is to make some PKCS11 operation, but I need a way to connect to
my tokenUsb...
I have only .dll but I can't find the way to connect...

 

[Roedy Green]

This is to make some PKCS11 operation, but I need a way to connect to
my tokenUsb...
I have only .dll but I can't find the way to connect...

I would imagine you need some software from the token vendor, a
PKCS#11 provider or a C interface you get at via JNI. What
brand/model of token are you using? I am curious about this because I
would like to use tokens to control access to subsets of Replicator
files. See http://mindprod.com/webstart/replicatormanual.html

 

[Francesco]

I would imagine you need some software from the token vendor, a
PKCS#11 provider or a C interface you get at via JNI.  What
brand/model of token are you using?  I am curious about this because I
would like to use tokens to control access to subsets of Replicator
files.  Seehttp://mindprod.com/webstart/replicatormanual.html

I have a dll (writen c by the productor of the token)... But I can't
connect to it...

 

[Francesco]

I would imagine you need some software from the token vendor, a
PKCS#11 provider or a C interface you get at via JNI.  What
brand/model of token are you using?  I am curious about this because I
would like to use tokens to control access to subsets of Replicator
files.  Seehttp://mindprod.com/webstart/replicatormanual.html

I'm using a Alladin Token Usb

 

[Roedy Green]

Their main competitor, SafeNet (iKey) might have a Java interface. The
iKey 1000 had one, but it has since been cracked, so it is not secure
now.

I have been talking with the iKey people. They don't just post info.
They want you to talk to sales people. I have done that and am
awaiting talking to a tech.

 

[Roedy Green]

I have a dll (writen c by the productor of the token)... But I can't
connect to it...

If anyone is to help you they need to read the docs. Who is the
producer of the token? Where can you read up on the C interface?

 

[Roedy Green]

I'm using a Alladin Token Usb

the eToken PRO USB?

 

[Roedy Green]

I'm using a Alladin Token Usb

A have ordered the SDK. Perhaps then I can have a look. How much are
the tokens?

 

[Francesco]

A have ordered the SDK.  Perhaps then I can have a look.  How much are
the tokens?

eToken Pro Java 72K OS755

 

[Francesco]

I have to use it on windows so tehere is no problem...
I try it now...
Thanks

 

[Francesco]

the eToken PRO USB?

Yes

 

[Francesco]

I have worked with these tokens previously.  You can access them using the  
standard Java KeyStore class, on Windows at least, as long as you have  
installed the RTE (Runtime Environment) from the vendor (it's available  
 from their FTP site).  There's no need to use JNI.

Dan.

Using Java KeyStore I can generate, compare, work with the key... I
only need to see if token is connected and read the user... I have
already certificate installed on....

 

[Roedy Green]

eToken Pro Java 72K OS755

They seem to be in the order of $30 to $40.

 

[Roedy Green]

Java has a PKCS#11 interface, see
http://java.sun.com/javase/6/docs/technotes/guides/security/p11guide.html

What happens when you type:

keytool -keystore NONE -storetype PKCS11 -providerName
SunPKCS11-SmartCard -list

all on one line.

I think a PKCS11 driver broadcasts its existence in a way that Keytool
and Java can discover it without having to provide some sort of
address.

 

[Francesco]

What happens when you type:

keytool -keystore NONE -storetype PKCS11  -providerName
SunPKCS11-SmartCard  -list

all on one line.

I think a PKCS11 driver broadcasts its existence in a way that Keytool
and Java can discover it without having to provide some sort of
address.

I got: KeyTool Error: no Such Provider SunPKCS11-SmartCard

 

[Roedy Green]

If you have specific questions, let me know

My application is the Replicator, a program that maintains a mirror of
a set of files on subscriber client machines using only ordinary HTTP
protocol.

I would like to extend it to serve the original requestors, a group of
internationals drug researchers sharing confidential data. They want
to be able segregate the database into groups and allow individuals
access to some subset of those files.

I thought I might handle it this way.

I issue thumbdrives to each user, each with an embedded private key,
that is not changeable or discoverable.

I encrypt the various sections of the database with a different
symmetric key. I then send a copy of the keys to the sections of the
database they are permitted to access to the various subscribers
encrypted with their public keys.

The private key cannot be duplicated, though of course I have no
control of a subscriber sharing decrypted information inappropriately.

I can cut off access to updates to data, by changing the symmetric key
of a section of the database and resending the encrypted keys to the
subscribers via an automated, transparent process. I can also
re-encrypt and resend data. This blocks further access, though of
course does not block access to any thing previously decrypted.

In the world of drug research, participants are very cautious about
what data they share with whom. Currently, everyone sees everything.
This inhibits sharing.

I can't seem to get any information that would let me know how to CODE
this. All is glowing warm fuzzy sales literature telling me how
wonderfully secure all will be.

I presume there must be some sort of PKCS11 driver. I presume there
is some way I can get it at, much the way I can get at a
private-public key in a keystore, but some algorithms I request are
actually computed by the thumbdrive itself. Presumably then the set
is very limited.

At the minimum I need a way to decrypt a symmetric key with a fob's
private key and get the fob to disclose it public key.

Failing that, I need some one-way mechanism to load the fob with some
private keys, in a way that is not reproducible or discoverable, and
have it do some sort of hash/decrypt with them on chip for me later.

What I would hope to find is COMPLETE sample code for various
applications, and install instructions for the drivers, or perhaps
software simulators for the fobs so you experiment with the software
and the fob's abilities without having to buy a great basket of them
just to find out what they can do.

 

[Francesco]

With JNA I made connection to eTPKCS11.dll (the productor dll) but
when I do a while cycle of WaitForSlotEvent I can't intercept the
events of my token USB...
Anybody have some Java examples of this token with that dll?
I hope so...
Thanks

 

[Roedy Green]

With JNA I made connection to eTPKCS11.dll (the productor dll) but
when I do a while cycle of WaitForSlotEvent I can't intercept the
events of my token USB...
Anybody have some Java examples of this token with that dll?
I hope so...
Thanks

if you send me the DLL and a token, I would be happy to experiment for
you.