org.digidoc4j.signers

Class PKCS11SignatureToken

java.lang.Object

org.digidoc4j.signers.PKCS11SignatureToken

All Implemented Interfaces:

SignatureToken

public class PKCS11SignatureToken
extends Object
implements SignatureToken

Implements PKCS#11 interface for Smart Cards and hardware tokens.

It can be used for making digital signatures with Smart Cards (ID-Cards), USB tokens (Aladdin USB eToken), HSM (Hardware Security Module) or other hardware tokens that use PKCS#11 API.

PKCS#11 module path depends on your operating system and installed smart card or hardware token library.

If you are using OpenSC (https://github.com/OpenSC/OpenSC/wiki), then
For Windows, it could be C:\Windows\SysWOW64\opensc-pkcs11.dll,
For Linux, it could be /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so,
For OSX, it could be /usr/local/lib/opensc-pkcs11.so

Constructor Summary

Constructors

Constructor and Description
PKCS11SignatureToken(String pkcs11ModulePath, char[] password, int slotIndex) Initializes the PKCS#11 token.
PKCS11SignatureToken(String pkcs11ModulePath, char[] password, int slotIndex, String label) Initializes the PKCS#11 token.
PKCS11SignatureToken(String pkcs11ModulePath, eu.europa.esig.dss.token.PasswordInputCallback passwordCallback, int slotIndex) Initializes the PKCS#11 token with password callback.
PKCS11SignatureToken(String pkcs11ModulePath, eu.europa.esig.dss.token.PasswordInputCallback passwordCallback, int slotIndex, String label) Initializes the PKCS#11 token with password callback.

Method Summary

Modifier and Type	Method and Description
void	close()
X509Certificate	getCertificate() Returns signer certificate
List<eu.europa.esig.dss.token.DSSPrivateKeyEntry>	getPrivateKeyEntries() Fetches the private key entries from the hardware token for information purposes.
byte[]	sign(DigestAlgorithm digestAlgorithm, byte[] dataToSign) There must be implemented routines needed for signing
void	usePrivateKeyEntry(eu.europa.esig.dss.token.DSSPrivateKeyEntry keyEntry) For selecting a particular private key to be used for signing.

Methods inherited from class java.lang.Object

equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

PKCS11SignatureToken

public PKCS11SignatureToken(String pkcs11ModulePath,
                            char[] password,
                            int slotIndex)

Initializes the PKCS#11 token.

Parameters:

pkcs11ModulePath - PKCS#11 module path, depends on your operating system and installed smart card or hardware token library.

password - Secret pin code for digital signature.

slotIndex - Token slot index, depends on the hardware token.

PKCS11SignatureToken

public PKCS11SignatureToken(String pkcs11ModulePath,
                            eu.europa.esig.dss.token.PasswordInputCallback passwordCallback,
                            int slotIndex)

Initializes the PKCS#11 token with password callback.

This Password Callback is used in order to retrieve the password from the user when accessing the Key Store.

Parameters:

pkcs11ModulePath - PKCS#11 module path, depends on your operating system and installed smart card or hardware token library.

passwordCallback - callback for providing the password for the private key.

slotIndex - Token slot index, depends on the hardware token.

PKCS11SignatureToken

public PKCS11SignatureToken(String pkcs11ModulePath,
                            char[] password,
                            int slotIndex,
                            String label)

Initializes the PKCS#11 token.

Parameters:

pkcs11ModulePath - PKCS#11 module path, depends on your operating system and installed smart card or hardware token library.

password - Secret pin code for digital signature.

slotIndex - Token slot index, depends on the hardware token.

label - Label of the keypair in HSM.

PKCS11SignatureToken

public PKCS11SignatureToken(String pkcs11ModulePath,
                            eu.europa.esig.dss.token.PasswordInputCallback passwordCallback,
                            int slotIndex,
                            String label)

Initializes the PKCS#11 token with password callback.

This Password Callback is used in order to retrieve the password from the user when accessing the Key Store.

Parameters:

pkcs11ModulePath - PKCS#11 module path, depends on your operating system and installed smart card or hardware token library.

passwordCallback - callback for providing the password for the private key.

slotIndex - Token slot index, depends on the hardware token.

label - Label of the keypair in HSM.

Method Detail

getPrivateKeyEntries

public List<eu.europa.esig.dss.token.DSSPrivateKeyEntry> getPrivateKeyEntries()

Fetches the private key entries from the hardware token for information purposes. The actual private key remains on the token and won't be accessible.

Returns:

list of private key entries.

usePrivateKeyEntry

public void usePrivateKeyEntry(eu.europa.esig.dss.token.DSSPrivateKeyEntry keyEntry)

For selecting a particular private key to be used for signing.

Parameters:

keyEntry - Private key entry to set

getCertificate

public X509Certificate getCertificate()

Description copied from interface: SignatureToken

Returns signer certificate

Specified by:

getCertificate in interface SignatureToken

Returns:

signer certificate

sign

public byte[] sign(DigestAlgorithm digestAlgorithm,
                   byte[] dataToSign)

Description copied from interface: SignatureToken

There must be implemented routines needed for signing

Specified by:

sign in interface SignatureToken

Parameters:

digestAlgorithm - provides needed information for signing

dataToSign - data to sign

Returns:

signature raw value

close

public void close()

Specified by:

close in interface SignatureToken