Package org.digidoc4j.signers
Class PKCS11SignatureToken
java.lang.Object
org.digidoc4j.signers.PKCS11SignatureToken
- All Implemented Interfaces:
SignatureToken
Implements PKCS#11 interface for Smart Cards and hardware tokens.
It can be used for making digital signatures with Smart Cards (ID-Cards), USB tokens (Aladdin USB eToken),
HSM (Hardware Security Module) or other hardware tokens that use PKCS#11 API.
PKCS#11 module path depends on your operating system and installed smart card or hardware token library.
If you are using OpenSC (https://github.com/OpenSC/OpenSC/wiki), then
For Windows, it could be C:\Windows\SysWOW64\opensc-pkcs11.dll,
For Linux, it could be /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so,
For OSX, it could be /usr/local/lib/opensc-pkcs11.so
For Windows, it could be C:\Windows\SysWOW64\opensc-pkcs11.dll,
For Linux, it could be /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so,
For OSX, it could be /usr/local/lib/opensc-pkcs11.so
-
Constructor Summary
ConstructorsConstructorDescriptionPKCS11SignatureToken
(String pkcs11ModulePath, char[] password, int slotIndex) Initializes the PKCS#11 token.PKCS11SignatureToken
(String pkcs11ModulePath, char[] password, int slotIndex, String label) Initializes the PKCS#11 token.PKCS11SignatureToken
(String pkcs11ModulePath, eu.europa.esig.dss.token.PasswordInputCallback passwordCallback, int slotIndex) Initializes the PKCS#11 token with password callback.PKCS11SignatureToken
(String pkcs11ModulePath, eu.europa.esig.dss.token.PasswordInputCallback passwordCallback, int slotIndex, String label) Initializes the PKCS#11 token with password callback. -
Method Summary
Modifier and TypeMethodDescriptionvoid
close()
Returns signer certificateList
<eu.europa.esig.dss.token.DSSPrivateKeyEntry> Fetches the private key entries from the hardware token for information purposes.byte[]
sign
(DigestAlgorithm digestAlgorithm, byte[] dataToSign) There must be implemented routines needed for signingvoid
usePrivateKeyEntry
(eu.europa.esig.dss.token.DSSPrivateKeyEntry keyEntry) For selecting a particular private key to be used for signing.
-
Constructor Details
-
PKCS11SignatureToken
Initializes the PKCS#11 token.- Parameters:
pkcs11ModulePath
- PKCS#11 module path, depends on your operating system and installed smart card or hardware token library.password
- Secret pin code for digital signature.slotIndex
- Token slot index, depends on the hardware token.
-
PKCS11SignatureToken
public PKCS11SignatureToken(String pkcs11ModulePath, eu.europa.esig.dss.token.PasswordInputCallback passwordCallback, int slotIndex) Initializes the PKCS#11 token with password callback. This Password Callback is used in order to retrieve the password from the user when accessing the Key Store.- Parameters:
pkcs11ModulePath
- PKCS#11 module path, depends on your operating system and installed smart card or hardware token library.passwordCallback
- callback for providing the password for the private key.slotIndex
- Token slot index, depends on the hardware token.
-
PKCS11SignatureToken
Initializes the PKCS#11 token.- Parameters:
pkcs11ModulePath
- PKCS#11 module path, depends on your operating system and installed smart card or hardware token library.password
- Secret pin code for digital signature.slotIndex
- Token slot index, depends on the hardware token.label
- Label of the keypair in HSM.
-
PKCS11SignatureToken
public PKCS11SignatureToken(String pkcs11ModulePath, eu.europa.esig.dss.token.PasswordInputCallback passwordCallback, int slotIndex, String label) Initializes the PKCS#11 token with password callback. This Password Callback is used in order to retrieve the password from the user when accessing the Key Store.- Parameters:
pkcs11ModulePath
- PKCS#11 module path, depends on your operating system and installed smart card or hardware token library.passwordCallback
- callback for providing the password for the private key.slotIndex
- Token slot index, depends on the hardware token.label
- Label of the keypair in HSM.
-
-
Method Details
-
getPrivateKeyEntries
Fetches the private key entries from the hardware token for information purposes. The actual private key remains on the token and won't be accessible.- Returns:
- list of private key entries.
-
usePrivateKeyEntry
public void usePrivateKeyEntry(eu.europa.esig.dss.token.DSSPrivateKeyEntry keyEntry) For selecting a particular private key to be used for signing.- Parameters:
keyEntry
- Private key entry to set
-
getCertificate
Description copied from interface:SignatureToken
Returns signer certificate- Specified by:
getCertificate
in interfaceSignatureToken
- Returns:
- signer certificate
-
sign
Description copied from interface:SignatureToken
There must be implemented routines needed for signing- Specified by:
sign
in interfaceSignatureToken
- Parameters:
digestAlgorithm
- provides needed information for signingdataToSign
- data to sign- Returns:
- signature raw value
-
close
public void close()- Specified by:
close
in interfaceSignatureToken
-