XML Signatures and X509 private key

> I need to sign an XML document in an applet, using

> JavaTM XML Digital Signature API Specification (JSR

> 105) using an individual's X509 certificate.All

> the example code I have seen generate a key pair on

> the fly or pull one from a keystore. I need to sign

> using the private key from the individual's

> certificate (contained on a smart card, but that's

> not important). Is there a way to generate a key

> using the public key from the certificate? Have not

> seen how to get the private key from the X509 cert.

> The smart card can be "unlocked" with the user's

> PIN.

> hanks in advance...

First of all, you cannot get the private key from a certificate, just the public one. In order to retrieve the private key you need to query the KeyStore object, assuming that a keypair (private/public) is stored there along with the certificate. The following snippet should do it:

KeyStore ks = KeyStore.getInstance(TYPE);

ks.load(stream, password1);

Enumeration aliases = ks.aliases();

String alias = aliases.nextElement();

X509Certificate cert = (X509Certificate) ks.getCertificate(alias);

PrivateKey pk = (PrivateKey) ks.getKey(alias, password2);

With regards to the smartcard now, the primary way of working with one is through the SunPKCS11 Provider. If you are running Windows and Java 1.6 or later, you can also use the SunMSCAPI provider which can access the smartcard through Windows CAPI, if the vendor provided integration with it. The latter is easier; you need only initialize the KeyStore as follows:

KeyStore ks = KeyStore.getInstance("Windows-MY");

ks.load(null, null);

For the PKCS11 route you need to have some additional configuration, so that the SunPKCS11 provider knows about the PKCS11 library that the vendor should have provided for accessing the smartcard.

See:

http://java.sun.com/javase/6/docs/technotes/guides/security/SunProviders.html

for more information on the providers and their configuration.

Kind regards,

Anestis

mrAnesta at 2007-7-12 8:26:23 >