我試圖從MS-KeyStore簽署具有不同證書的字符串。 但是,我知道從MS-Keystore中的令牌導入密鑰。 所以,我的問題是 - 如果我通過密鑰庫並嘗試簽署帶有對pkcs11的引用的證書,我會彈出輸入pkcs11密碼。 如何檢查證書是否來自我的令牌?Java - PKCS11和MSKeyStore
在此先感謝!
這是我的代碼現在:
String alias;
byte[] data = "test".getBytes();
char[] pin = "pass".toCharArray();
try {
KeyStore ks = KeyStore.getInstance("Windows-MY");
ks.load(null, pin);
System.out.println("Provider: "+ks.getProvider());
System.out.println("KS size: " + ks.size());
Enumeration enumeration = ks.aliases();
while (enumeration.hasMoreElements()) {
alias = (String) enumeration.nextElement();
PrivateKey privateKey = (PrivateKey) ks.getKey(alias, null);
Certificate certificate = ks.getCertificate(alias);
Provider provider = ks.getProvider();
Signature signature = Signature.getInstance("SHA1withRSA", provider);
try {
signature.initSign(privateKey);
signature.update(data);
byte[] signedSignature = signature.sign();
System.out.println("\tGenerated signature for " + alias);
signature.initVerify(certificate);
signature.update(data);
if (signature.verify(signedSignature)) {
System.out.println("\tSignature verifified for " + alias);
} else {
System.out.println("\tCould not verify signature for " + alias);
}
} catch (Exception ex) {
System.out.println("\tError for " + alias);
}
}
} catch (KeyStoreException e) {
e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
} catch (CertificateException e) {
e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
} catch (NoSuchAlgorithmException e) {
e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
} catch (FileNotFoundException e) {
e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
} catch (IOException e) {
e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
} catch (UnrecoverableKeyException e) {
e.printStackTrace(); //To change body of catch statement use File | Settings | File Templates.
}
嗯,我不太明白。如果「出現彈出窗口並要求您輸入密碼」,您的問題是什麼?如果證書來自外部令牌,則這是它將被使用的方式:在檢索HSM的內容時,需要密碼。我可以說你想將外部令牌的證書與「軟」/導入到IE證書區分開來嗎? – FaithReaper