Class PKCS11SignatureToken

java.lang.Object
org.digidoc4j.signers.PKCS11SignatureToken
All Implemented Interfaces:
SignatureToken

public class PKCS11SignatureToken extends Object implements SignatureToken
Implements PKCS#11 interface for Smart Cards and hardware tokens.

It can be used for making digital signatures with Smart Cards (ID-Cards), USB tokens (Aladdin USB eToken), HSM (Hardware Security Module) or other hardware tokens that use PKCS#11 API.

PKCS#11 module path depends on your operating system and installed smart card or hardware token library.

If you are using OpenSC (https://github.com/OpenSC/OpenSC/wiki), then
For Windows, it could be C:\Windows\SysWOW64\opensc-pkcs11.dll,
For Linux, it could be /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so,
For OSX, it could be /usr/local/lib/opensc-pkcs11.so

  • Constructor Summary

    Constructors
    Constructor
    Description
    PKCS11SignatureToken(String pkcs11ModulePath, char[] password, int slotIndex)
    Initializes the PKCS#11 token.
    PKCS11SignatureToken(String pkcs11ModulePath, char[] password, int slotIndex, String label)
    Initializes the PKCS#11 token.
    PKCS11SignatureToken(String pkcs11ModulePath, eu.europa.esig.dss.token.PasswordInputCallback passwordCallback, int slotIndex)
    Initializes the PKCS#11 token with password callback.
    PKCS11SignatureToken(String pkcs11ModulePath, eu.europa.esig.dss.token.PasswordInputCallback passwordCallback, int slotIndex, String label)
    Initializes the PKCS#11 token with password callback.
  • Method Summary

    Modifier and Type
    Method
    Description
    void
     
    Returns signer certificate
    List<eu.europa.esig.dss.token.DSSPrivateKeyEntry>
    Fetches the private key entries from the hardware token for information purposes.
    byte[]
    sign(DigestAlgorithm digestAlgorithm, byte[] dataToSign)
    There must be implemented routines needed for signing
    void
    usePrivateKeyEntry(eu.europa.esig.dss.token.DSSPrivateKeyEntry keyEntry)
    For selecting a particular private key to be used for signing.

    Methods inherited from class java.lang.Object

    equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
  • Constructor Details

    • PKCS11SignatureToken

      public PKCS11SignatureToken(String pkcs11ModulePath, char[] password, int slotIndex)
      Initializes the PKCS#11 token.
      Parameters:
      pkcs11ModulePath - PKCS#11 module path, depends on your operating system and installed smart card or hardware token library.
      password - Secret pin code for digital signature.
      slotIndex - Token slot index, depends on the hardware token.
    • PKCS11SignatureToken

      public PKCS11SignatureToken(String pkcs11ModulePath, eu.europa.esig.dss.token.PasswordInputCallback passwordCallback, int slotIndex)
      Initializes the PKCS#11 token with password callback.

      This Password Callback is used in order to retrieve the password from the user when accessing the Key Store.

      Parameters:
      pkcs11ModulePath - PKCS#11 module path, depends on your operating system and installed smart card or hardware token library.
      passwordCallback - callback for providing the password for the private key.
      slotIndex - Token slot index, depends on the hardware token.
    • PKCS11SignatureToken

      public PKCS11SignatureToken(String pkcs11ModulePath, char[] password, int slotIndex, String label)
      Initializes the PKCS#11 token.
      Parameters:
      pkcs11ModulePath - PKCS#11 module path, depends on your operating system and installed smart card or hardware token library.
      password - Secret pin code for digital signature.
      slotIndex - Token slot index, depends on the hardware token.
      label - Label of the keypair in HSM.
    • PKCS11SignatureToken

      public PKCS11SignatureToken(String pkcs11ModulePath, eu.europa.esig.dss.token.PasswordInputCallback passwordCallback, int slotIndex, String label)
      Initializes the PKCS#11 token with password callback.

      This Password Callback is used in order to retrieve the password from the user when accessing the Key Store.

      Parameters:
      pkcs11ModulePath - PKCS#11 module path, depends on your operating system and installed smart card or hardware token library.
      passwordCallback - callback for providing the password for the private key.
      slotIndex - Token slot index, depends on the hardware token.
      label - Label of the keypair in HSM.
  • Method Details

    • getPrivateKeyEntries

      public List<eu.europa.esig.dss.token.DSSPrivateKeyEntry> getPrivateKeyEntries()
      Fetches the private key entries from the hardware token for information purposes. The actual private key remains on the token and won't be accessible.
      Returns:
      list of private key entries.
    • usePrivateKeyEntry

      public void usePrivateKeyEntry(eu.europa.esig.dss.token.DSSPrivateKeyEntry keyEntry)
      For selecting a particular private key to be used for signing.
      Parameters:
      keyEntry - Private key entry to set
    • getCertificate

      public X509Certificate getCertificate()
      Description copied from interface: SignatureToken
      Returns signer certificate
      Specified by:
      getCertificate in interface SignatureToken
      Returns:
      signer certificate
    • sign

      public byte[] sign(DigestAlgorithm digestAlgorithm, byte[] dataToSign)
      Description copied from interface: SignatureToken
      There must be implemented routines needed for signing
      Specified by:
      sign in interface SignatureToken
      Parameters:
      digestAlgorithm - provides needed information for signing
      dataToSign - data to sign
      Returns:
      signature raw value
    • close

      public void close()
      Specified by:
      close in interface SignatureToken