Access token usb

[Francesco]

if you send me the DLL and a token, I would be happy to experiment for
you.

Eh eh
For the dll no problem, but for the token I can't do this... I've got
it only one...

 

[Francesco]

Roedy,

this seems a "typical" authentication problem, and adding decrypting of
content in a symmetric key way (lordy, I hope I'm not messing up in the
terms here, it's been a while I have actually had to man-handle the iKey
and deal with pki )

There is sample code from SafeNet, however, probably not in Java, but C,
VisualBasic and perhaps Delphi. I will ask to see if my boss has
anything he can provide to you by email.

I have many examples writen in C++...
But I have to write Java... I tried to port them but there is
something wrong....

 

[Francesco]

Roedy,

this seems a "typical" authentication problem, and adding decrypting of
content in a symmetric key way (lordy, I hope I'm not messing up in the
terms here, it's been a while I have actually had to man-handle the iKey
and deal with pki )

There is sample code from SafeNet, however, probably not in Java, but C,
VisualBasic and perhaps Delphi. I will ask to see if my boss has
anything he can provide to you by email.

I have many examples writen in C++...
But I have to write Java... I tried to port them but there is
something wrong....

 

[Roedy Green]

You can of course keep
data encrypted at all times before delivering it to anyone.

That was my plan, to deliver all the data encrypted, and later decide
which data you can view, but leave it normally in encrypted form.

 

[Roedy Green]

You can of course keep
data encrypted at all times before delivering it to anyone.

That was my plan, to deliver all the data encrypted, and later decide
which data you can view, but leave it normally in encrypted form.

 

[Roedy Green]

I would think the server has to control this, in the form of users,
roles and groups. It is not necessary to do that through encryption,
although it seems your customers trusts that more (and they do not trust
their admins).

Still, someone is going to have to have full access.

One of the design constraints was lack of server side code.. All I
had was a vanilla http server, no Servlets, no SSL. The problem is
working within the constraints of a large bureaucracy.

 

[Roedy Green]

I would think the server has to control this, in the form of users,
roles and groups. It is not necessary to do that through encryption,
although it seems your customers trusts that more (and they do not trust
their admins).

Still, someone is going to have to have full access.

One of the design constraints was lack of server side code.. All I
had was a vanilla http server, no Servlets, no SSL. The problem is
working within the constraints of a large bureaucracy.

 

[Roedy Green]

Not sure what you mean by "set". The set of algorythms?
IIRC, the iKey authentication works through challenges. The private key
will never leave the token. Those computations happen inside the token.

set of JCE methods.

I realise that is how tokens work, but I don't see how JCE hooks into
that. It seem to have Private Key and Public key objects. Perhaps it
works even when the private key is inaccessible in the token.

 

[Roedy Green]

Not sure what you mean by "set". The set of algorythms?
IIRC, the iKey authentication works through challenges. The private key
will never leave the token. Those computations happen inside the token.

set of JCE methods.

I realise that is how tokens work, but I don't see how JCE hooks into
that. It seem to have Private Key and Public key objects. Perhaps it
works even when the private key is inaccessible in the token.

 

[Roedy Green]

The SDK is also the necessary starting place if you want to use their
tokens at all - since you can't get the APIs any other way. So it can be
a good investment. Start with the iKey 2032, it's cheaper than the 4000.

What really bugs me is they want you to buy tokens and SDKs before you
know what the beast is capable of.

There is barely a single hard fact in any of the sales literature on
any vendor's site. They are also cagey about prices, not even
ballpark prices.

 

[Roedy Green]

The SDK is also the necessary starting place if you want to use their
tokens at all - since you can't get the APIs any other way. So it can be
a good investment. Start with the iKey 2032, it's cheaper than the 4000.

What really bugs me is they want you to buy tokens and SDKs before you
know what the beast is capable of.

There is barely a single hard fact in any of the sales literature on
any vendor's site. They are also cagey about prices, not even
ballpark prices.

 

[Roedy Green]

I hope this helps. Guess it's back to the seller of your area.

apparently there isn't one.

 

[Roedy Green]

I hope this helps. Guess it's back to the seller of your area.

apparently there isn't one.

 

[Francesco]

Have you looked at JavaCard?

Other than that, without you posting working code
<http://mindprod.com/jgloss/sscce.html>
and extensive log/error reporting,
we can't guess what you're doing wrong.

I tried but I think the only way is to load my dll and use its
method...

 

[Francesco]

I did it. I can read certificates and the token.
I used the SunPkcs11.jar included in the jdk 1.50.

My problem now is that in some client I have java 1.3 and with this
when i try to define providers it makes error.

This is my code:

String pkcs11config = "name = eToken library = c:/windows/system32/
eTPKCS11.dll";
byte[] pkcs11configBytes = pkcs11config.getBytes();
ByteArrayInputStream configStream = new
ByteArrayInputStream(pkcs11configBytes);

Provider prov = new sun.security.pkcs11.SunPKCS11(configStream); //
This makes me errors
Security.addProvider(prov);
.....................

Thanks to all

 

[Roedy Green]

Oh? I found 4 distributors for Canada through here

on that website it asked me for my postal code and it said I would
have to deal direct since there were no dealers in my area. I guess
the two databases are not in sync.