Campus Smart Card Implementation

hello experts,
i am a new bee to this java technology
can anyone guide me main responsibilities(technical) to solve this scenario
A student is identified by an ID card. Every year there a number of students that join college should be issued an identity card. There could be different cards/receipts for different needs (One for Library, Bus pass, Payment of institution fees etc,.. ). This smart card solution addresses the above mentioned problems and provides convenience for both college administration and the students. This application has features like student profile that includes his/her performance in exams/sports, each year attendance, payment information that includes (fee/hostel/exams etc,..), Library authorization and history and other information that is required for administration purposes.
i appreciate your help
thanks alot for u r valuable time
i will reward the points for sure
Naveen

http://forum.java.sun.com/thread.jsp?forum=23&thread=357393&tstart=0&trange=15

Similar Messages

Java Game Smart Card Implementation

Hi,
As an assignment i have been told to design a smart card application,(theory only). My idea was that of cross-platform java games that could be stored on a smart card,so for example:
-the smart card could be used in PC and mobile (allowing games to be restarted at the same stage).
-the card would store high scores, character info, and background environments
- the card could send game data to friends, by either using the smart card in their devices or via the internet extracting and downloading from the card, or better still off the phone to anothers phone by selecting them from the address book
I was wondering if there were any other ideas that i could use, and more importantly the technical details of how to implement such a card
-ie which card
-how much memory
-the equipment required
I would appreciate all the help you could give me, and it is quite an interesting topic.
thanks
jag

http://forum.java.sun.com/thread.jsp?forum=23&thread=357393&tstart=0&trange=15

Help needed in learning the basics of Java Smart Card and implementation?

Hello every body,
I am trying to develop the applications on java contactless smart cards technology.
Can any body give me the details like how to start?
What are the required softwares and installation procedure and path settings and etc.?
I am the beginner in java smart card application development.
plz help me out

Dear Friend,
I would advice to divide learning into two main parts: JavaCard technology and contactless RFID cards. For JavaCard technology you can find useful articles on Sun web-site (developers.sun.com/mobility/javacard/articles/javacard1/). For contactless RFID you can find few useful books at Amazon. Regarding software you need JC development kit. How to install it there is an instrunction in JCDK user guide.
If it is not a secret what a javacard contactless card you are going to use in your work?
Yours
Dmitri

Simulation of smart card

Hi ppl,
I'm a student working on a project of simulation of smart card. It involes no hardware at all so the physical layer transmission is ignored. I'm gonna implement the smart card operation using two programmes "card.c" and "reader.c" in the same computer. Yes, it's C not java, but the idea is the same. I just wanna ask is that the programmes r about the same? I mean what exactly should the reader.c and the card.c do? Is it the reader.c simply sends out commands and then the card.c listens and waits for the commands like the client of a client-server scenario? And then once the card.c receives commands, it extracts the useful data according to the ISO17816-4 and then sends back response and the reader.c again provess the data recoived and sends another commands. And the transmission goes on, is it like that?
Plz give me some hits on these. Desperate for some help really.
Thanz sooo much ppl!!
Franky

Here's what I'm gonna do in the programs.
At the very first, the reader sends a reset RST to teh card and waits for repsonse. The card then responses with answer to reset ATR, this gives all the communications protocol used afterwards, so the card will choose like T=1.
And then the reader sends the GET CHALLENGE command to the card asking for a random number e.g. A and response from the card gives the challenge A to reader.
Reader then sends the encrypted challenge [A] with the EXTERNAL AUTHENTICATE command to card, the card replies with a YES or NO indicating if the challenges match.
Reader sends its challenge B with command INTERNAL AUTHENTICATE, card replies with encrypted challenge .
This finishes the challenge-response operation for mutual authentication. I read from books that the key used to encrypt and decrypt the challenge is the master key. But I have no clue how both entities can get hold of the key beforehand. Maybe there's sth like PKI for that.
And then, should there be a verification by using the PIN? So after this verification, the real data and message exchange should occur rite? And I read from books that some cards require every access to the card to have a PIN verification. Well, I think that's almost it for the security part. And I'll have to find some source on how to make a read application of the smart card, like a payment card or identification card. I think one of the most popular standards for payment card is EMV, and I dunno much for the identification card.

Problem with Sun PKCS#11 Provider and Ativcard smart card.

Hi,
I'm trying to make a signature with a smartcard.
I have no problem signing with my card in applications such as Microsoft Office, Outlook (they probably use CAPICOM or MS CryptoAPI).
There is only one certificate on my card with non extractable pair of keys.
When I`m using Java based application I have the following problem:
I have Java 1.5.0 installed, and according to the reference guide on:
http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html
I configured "Sun PKCS#11 Provider".
In file:
%JAVA_HOME%/lib/security/java.security I inserted the following lines:
# Configuration for security providers 1..6 omitted
security.provider.7=sun.security.pkcs11.SunPKCS11 C:/pkcs11.cfg
In my case (I`m using ActivCard) The file "C:/pkcs11.cfg" contains:
name = ActivCard
library = c:\windows\system32\acpkcs211.dll
After that I try tu use configured provider with keytool.exe from jsdk.
In cmdline:
c:\Program Files\Java\jdk1.5.0_06\bin>keytool.exe -keystore NONE -storetype PKCS11 -list
Enter keystore password: 1111
Keystore type: PKCS11
Keystore provider: SunPKCS11-ActivCard
Your keystore contains 1 entry
Cinek's dp ID, keyEntry,
Certificate fingerprint (MD5): 36:19:DD:01:2E:A2:C5:F6:51:44:03:74:14:D5:62:C0
So till now everything looks ok. Certificate is accessible.
But when I trying to use jarsigner.exe to sign something:
c:\Program Files\Java\jdk1.5.0_06\bin>jarsigner.exe -keystore NONE -storetype PKCS11 D:\Applet.jar "Cinek's dp ID"
Enter Passphrase for keystore: 1111
jarsigner error: java.lang.NullPointerException
I`ve got the java.lang.NullPointerException !
To find reason of the exception I`ve written simple application, which signs a byte array:
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.cert.Certificate;
import java.util.Enumeration;
public class Main {
     public static void main(String[] args) throws Exception {
          PrivateKey privkey = null;
          char[] pin = { '1', '1', '1', '1' };
          KeyStore smartCardKeyStore = KeyStore.getInstance("PKCS11");
          smartCardKeyStore.load(null, pin);
          Enumeration aliasesEnum = smartCardKeyStore.aliases();
          if (aliasesEnum.hasMoreElements()) {
               String alias = (String) aliasesEnum.nextElement();
               privkey = (PrivateKey) smartCardKeyStore.getKey(alias, null);
               byte[] aDocument = new byte[100];
               Signature signatureAlgorithm = Signature.getInstance("SHA1withRSA");
               signatureAlgorithm.initSign(privkey);
               signatureAlgorithm.update(aDocument);
               byte[] digitalSignature = signatureAlgorithm.sign();
When I`ve run this application in last line in method signatureAlgorithm.sign() I got:
Exception in thread "main" java.lang.NullPointerException
     at java.math.BigInteger.modPow(Unknown Source)
     at sun.security.rsa.RSACore.crtCrypt(Unknown Source)
     at sun.security.rsa.RSACore.rsa(Unknown Source)
     at sun.security.rsa.RSASignature.engineSign(Unknown Source)
     at java.security.Signature$Delegate.engineSign(Unknown Source)
     at java.security.Signature.sign(Unknown Source)
     at Main.main(Main.java:31)
In debug, before this exception variables are:
alias= "Cinek's dp ID"
privkey =
SunPKCS11-ActivCard RSA private key, 1024 bits (id 192168768, token object, not sensitive, extractable)
modulus:          112271510887039102410124262012976131016781096451891854145879061791454872222254764386718257162446565027910080375427552248069203548913907633164297672417327888344423061606707834842776634133861005271620794248782338105033496749719965719732501903618453514554701005390412127008091861831421936757053019877456102263703
public exponent: 65537
private exponent: null
prime p:          null
prime q:          null
prime exponent p: null
prime exponent q: null
crt coefficient: null
As you can see, private key has extractable attribute set, what is wrong. Attribute is set and key has no values.
I think that can be the reason of NullPointerException. (Maybe when extractable = true, sign() methods expects key values filled).
So, I can not sign anything.
I tryed to add some additional attributes to file "C:/pkcs11.cfg":
attributes(*,CKO_PRIVATE_KEY,*) = {
CKA_EXTRACTABLE = false
but with no effect. Key was still extractable.
Can you help me to solve this problem?
PS. I`m using acpkcs211.dll (v3.2.102.0) as an implementation of PKCS#11. (Activcard says that it is PKCS#11 v2.11 implementation)
PS2. Sorry for my english

Can I ask you one question?
Which driver did you specify? I mean the smarcard reader driver or the smartcard itself driver?
If the second, does it come along with the card? because as far as I know I just got the smart card but no software at all (apart the smartcard reader driver).
Can you help me out with this?
thanks in advance,
Marco

Digital Signatures with Smart Cards

Hi folks,
It is my first time with digital signatures on R/3 system. Im at customer that uses smart cards (hardware cryptography). We are doing the SAPCRYPTOLIB and front end installations. After finish these tasks, we need to implement the signatures into 3 workflow processes. I already read the SSF programmers guide, API specifications and SSF user guide. But I still have some doubts:
The SSF profile is stored into smart card with private key information, but where are the public keys stored? (PAB Private Address Book of my trusted circle).
Do I need the CRLs? Note: this is only for workflow processes that run inside of customer landscape; this is not a B2B scenario.
We dont have clear yet how we sign the data; we are thinking sign a BOR object. Create an attribute and use it to pass the signer data. Note: for the customer, the objective is user authenticity guarantee.
The BOR object instance ends when the flows finish, so wee need to store the signed data for auditable reasons. A database table can be a good approach or there is another standard way?
P.S.: anyone have documentation about this subject, something like how-to with guidelines?
Thanks in advance,
Ricardo.
Message was edited by:
Ricardo Quintino

The SmartCard device is present at the frontend PC - and that's the place where the digital signature operation has to take place. Important is the "What You See Is What You Sign" principle: it has to be ensured that the data that is to be signed (using the private key stored on the SmartCard) is exactly the same as the one that is displayed to the user.
Notice: there is a different scenario where the server is signing the data (after prompting the user for userID and password and validating that information).
The signed data is then transported back to the server where it is stored (to ensure auditibility); usually you'll have to keep the (archived) data for years; the public key need to be archived as well.
Notice: it is possible to attach the certificate (-> public key) which has been used to sign the data to the signed data.
Regards, Wolfgang

Pkcs#11 and smart card reader

Hi everybody,
In my applet code
i'm trying to implement "attached signature" reading keystore from a smartcard.
I'm using SunPKCS11 provider and infocamere smart card, so i load SunPKCS11.dll for PKCS#11 standard.
my code is:
String pkcs11ConfigFile = "c:\\smartcards\\config\\SI_PKCS11.cfg";
Provider pkcs11Provider = new sun.security.pkcs11.SunPKCS11(pkcs11ConfigFile);
Security.addProvider(pkcs11Provider);
where SI_PKCS11.cfg file contains 2 lines like follow:
name = test
library = C:\WINNT\system32\SI_PKCS11.dll
when I try to sign without smart card in the device reader i catch "PKCS#11 not found" exception, while when I try with smart card inside the device the applet stop on loading the provider and it doesn't continue without any errors in java console. Can anyone help me?
thanks a lot for every answer
best reagards

I should add that I am using Windows 7 and my CSS version is 8.3, I can also verify my smart card works for other applications, only thinkvantage CSS 8.3 does not work.

Provider problem by building a secure transmission to a Smart Card

Hi
I have this problem:
I must accomplish a secure transmission with a smart card,
So the transmission is RSA coded.
A RSA key is generated, without any problems I think because the modulus is printed out.
And because he write the key to the card.
But when the transmission with the card begin the program breaks with the error message it could not find any RSA Provider
I use :
- Java 1.4.1
- bcprov-jdk14-117.jar
- jce unrestricted policy files
- cryptix-jce-20030102-snap
- FlexiFullProvider-1.1.3.signed.jar
- OCF1.2
The Programm code with causes the Error :
Line 78
public boolean enableSecureMessaging(CardFilePath path, byte keyNumber)
throws NoSuchAlgorithmException,
InvalidKeyException,
CardServiceException,
CardTerminalException {
KeyPairGenerator rsaKeyPairGenerator;
KeyPair rsaKeyPair;
RSAPubKey     rsaPublicKey;
RSAPrivCrtKey rsaPrivateKey;
RSAPrivateKeySpec rsaPrivateKeySpec;
DESedeKeySpec desKeySpec;
IV iv;
byte[] modulus;
byte[] exponent;
byte[] privateExponent;
byte[] modulusRecord;
byte[] exponentRecord;
byte[] sessionKey;
CredentialBag credentialBag;
TCOS2CredentialStore credentialStore;
ReceiveRSACommunicationCredential rsaCommunicationCredential;
DESedeCommunicationCredential desCommunicationCredential;
PassThruCommunicationCredential passThruCommunicationCredential;
// - RSA KeyPairGenerator initialisieren und ein Schl�sselpaar mit
// 512 Bit erstellen
rsaKeyPairGenerator = KeyPairGenerator.getInstance("RSA");
rsaKeyPairGenerator.initialize(0x200);
rsaKeyPair = rsaKeyPairGenerator.generateKeyPair();
//::B::
Provider[] providern =java.security.Security.getProviders();
     for (int i = 0; i<providern.length;i++)
          System.out.println(providern.getName());
     System.out.println(providern[i].getInfo());
          System.out.println("----------*******----------");
//::E::
// - Public und Private Key aus dem Schl�sselpaar extrahieren
System.out.println(rsaKeyPair);
rsaPublicKey = (RSAPubKey)rsaKeyPair.getPublic();
System.out.println(rsaPublicKey.toString());
rsaPrivateKey = (RSAPrivCrtKey)rsaKeyPair.getPrivate();
modulus = rsaPublicKey.getModulus().toByteArray();
exponent = rsaPublicKey.getPublicExponent().toByteArray();
privateExponent = rsaPrivateKey.getPrivateExponent().toByteArray();
// - Komponenten des Public Key f�r die recordbasierte Speicherung in ein
// Bytearray schreiben
modulusRecord = new byte[0x43];
exponentRecord = new byte[0x06];
modulusRecord[0x00] = (byte)0x01;
modulusRecord[0x01] = (byte)0x41;
exponentRecord[0x00] = (byte)0x02;
exponentRecord[0x01] = (byte)0x04;
System.arraycopy(modulus, 0x00, modulusRecord, 0x43-modulus.length, modulus.length);
System.arraycopy(exponent, 0x00, exponentRecord, 0x06-exponent.length, exponent.length);
// - Komponenten des Public Key auf die Karte schreiben
// Dieser Public Key wird anschlie�end benutzt, um den SessionKey f�r die
// �bertragung zu verschl�sseln
fscs.writeRecord(path, 0x01, modulusRecord);
fscs.writeRecord(path, 0x02, exponentRecord);
// - Private Key in einer KeySpec speichern
rsaPrivateKeySpec = new RSAPrivateKeySpec(rsaPrivateKey.getModulus(),
rsaPrivateKey.getPrivateExponent());
// - Credential f�r die KommuniKation mit der Karte erstellen
// Verschl�sselt wird die RAPDU von der Karte zum PC mit dem zuvor in der
// Karte abgelegten Public Key
credentialBag = new CredentialBag();
credentialStore = new TCOS2CredentialStore();
rsaCommunicationCredential = new ReceiveRSACommunicationCredential();
System.out.println("Hier bricht die Sau ab!! [Martin, hat nat�rlich recht]");
//THIS LINE CAUSES THE ERROR AS YOU SEE
rsaCommunicationCredential.initCipher(rsaPrivateKeySpec, keyNumber, null); System.out.println("Das Schwein i weiter unten!! [Amir]");
credentialStore.storeCredential(0x00, rsaCommunicationCredential);
credentialBag.addCredentialStore(credentialStore);
Debug Message::
Bitte Karte einlegen
[INFO     ] de.telesec.opencard.tcos20.service.TCOS2CardServiceFactory.getCardType
--- message TCOS 2.0 Release 3 smart card detected
--- thread Thread[main,5,main]
--- source class de.telesec.opencard.tcos20.service.TCOS2CardServiceFactory
[DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.initialize
--- message
--- thread Thread[main,5,main]
--- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
[DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.initialize
--- message
--- thread Thread[main,5,main]
--- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
[DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.initialize
--- message
--- thread Thread[main,5,main]
--- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
[DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.initialize
--- message
--- thread Thread[main,5,main]
--- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
[DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.initialize
--- message
--- thread Thread[main,5,main]
--- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
FlexiCore
SunJSSE
Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
SunJCE
SunJCE Provider (implements DES, Triple DES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
SunRsaSign
SUN's provider for RSA signatures
SUN
SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
SunJGSS
Sun (Kerberos v5)
CryptixCrypto
Cryptix JCE Strong Crypto Provider
BC
BouncyCastle Security Provider v1.17
java.security.KeyPair@80fa6f
modulus n: 0x4fa8e0ef3fba114c9a4fa74848007f611e01dc4b9ecde00dce08bcf86643a7385a82b4fb8206c6bf28ed82ce69e1541947c7a91e4528e10dc5c06c1142e10a91
exponent e: 0x10001
[DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.tcosSelect
--- message mode: 8 response mode: 0 data: DF 01 45 C1
--- thread Thread[main,5,main]
--- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
[DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.buildAndSendCommandAPDU
--- message cla ins p1 p2 data le
--- thread Thread[main,5,main]
--- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
[DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.buildAndSendCommandAPDU
--- message cred: null
--- thread Thread[main,5,main]
--- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
[INFO     ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.sendCommandAPDU
--- message Command: APDU_Buffer = 00A4080004DF0145C100 (hex) | lc = 4 | le = 0
--- thread Thread[main,5,main]
--- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
[INFO     ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.sendCommandAPDU
--- message Response: opencard.core.terminal.ResponseAPDU@1b9ce4b
0000: 6F 2F 83 02 45 C1 81 02 00 50 82 03 05 41 43 85 o/..E....P...AC.
0010: 06 01 C4 06 10 00 00 86 18 B2 00 00 00 FF FF DC ................
0020: 00 00 00 FF FF 2A 00 00 00 FF FF EE 00 00 00 FF .....*..........
0030: FF 90 00 ...
--- thread Thread[main,5,main]
--- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
[DEBUG    ] de.telesec.opencard.tcos20.isofs.fileinfo.TCOS2CardFileInfo.TCOS2CardFileInfo
--- message Data: 0000: 6F 2F 83 02 45 C1 81 02 00 50 82 03 05 41 43 85 o/..E....P...AC.
0010: 06 01 C4 06 10 00 00 86 18 B2 00 00 00 FF FF DC ................
0020: 00 00 00 FF FF 2A 00 00 00 FF FF EE 00 00 00 FF .....*..........
0030: FF .
--- thread Thread[main,5,main]
--- source class de.telesec.opencard.tcos20.isofs.fileinfo.TCOS2CardFileInfo
[DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.tcosUpdateRecord
--- message SFI: -1 Mode: 4 Record Number: 1 Data: 0000: 01 41 00 4F A8 E0 EF 3F BA 11 4C 9A 4F A7 48 48 .A.O...?..L.O.HH
0010: 00 7F 61 1E 01 DC 4B 9E CD E0 0D CE 08 BC F8 66 ..a...K........f
0020: 43 A7 38 5A 82 B4 FB 82 06 C6 BF 28 ED 82 CE 69 C.8Z.......(...i
0030: E1 54 19 47 C7 A9 1E 45 28 E1 0D C5 C0 6C 11 42 .T.G...E(....l.B
0040: E1 0A 91 ...
--- thread Thread[main,5,main]
--- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
[DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.buildAndSendCommandAPDU
--- message cla ins p1 p2 data
--- thread Thread[main,5,main]
--- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
[DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.buildAndSendCommandAPDU
--- message cred: null
--- thread Thread[main,5,main]
--- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
[INFO     ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.sendCommandAPDU
--- message Command: APDU_Buffer = 00DC0104430141004FA8E0EF3FBA114C9A4FA74848007F611E01DC4B9ECDE00DCE08BCF86643A7385A82B4FB8206C6BF28ED82CE69E1541947C7A91E4528E10DC5C06C1142E10A91 (hex) | lc = 67 | le = -1
--- thread Thread[main,5,main]
--- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
[INFO     ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.sendCommandAPDU
--- message Response: opencard.core.terminal.ResponseAPDU@1292d26
0000: 90 00 ..
--- thread Thread[main,5,main]
--- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
[DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.tcosUpdateRecord
--- message SFI: -1 Mode: 4 Record Number: 2 Data: 0000: 02 04 00 01 00 01 ......
--- thread Thread[main,5,main]
--- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
[DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.buildAndSendCommandAPDU
--- message cla ins p1 p2 data
--- thread Thread[main,5,main]
--- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
[DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.buildAndSendCommandAPDU
--- message cred: null
--- thread Thread[main,5,main]
--- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
[INFO     ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.sendCommandAPDU
--- message Command: APDU_Buffer = 00DC020406020400010001 (hex) | lc = 6 | le = -1
--- thread Thread[main,5,main]
--- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
[INFO     ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.sendCommandAPDU
--- message Response: opencard.core.terminal.ResponseAPDU@5329c5
0000: 90 00 ..
--- thread Thread[main,5,main]
--- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
Hier bricht die Sau ab!! [Martin, hat nat�rlich recht]
java.lang.RuntimeException: Cannot find any provider supporting RSA
     at de.telesec.opencard.tcos20.security.credential.ReceiveRSACommunicationCredential.initCipher(ReceiveRSACommunicationCredential.java:132)
     at sample.enableSecureMessaging(sample.java:160)
     at sample.start(sample.java:522)
     at sample.main(sample.java:564)
Process sample finished
I hope you can help me !

Ok i have solved the Problem by myself, the solution is to do :
-rsaKeyPairGenerator = KeyPairGenerator.getInstance("RSA");
but the cipher musst be
- cipher = Cipher.getInstance("RSA/ECB/PKCS#1");
in the Java-Security all Providers have to disable be adding a # bevor each line
only this line has to put in
- security.provider.1=sun.security.provider.Sun
and last you have to load the Flexi Core and the cryptix Providers dynamicly
-Security.addProvider(new de.flexiprovider.core.FlexiCoreProvider());
-Security.addProvider(new cryptix.jce.provider.CryptixCrypto());

Signing web form data with a PKCS#11 Smart Card

Hi,
I would like to know what is the best solution to sign a web form using a PKCS#11 Smart card.
I already read some examples where is used an applet based on the Sun PKCS#11 Provider.
The problem that i found in this solution is the need of java 5.0 and the need to know the filename that have the implementation of the native library.
My problem is that the web form is to be available in internet and can be sign with more than one smart card reader, so i didn't like to impose the java 5.0 and i don't have any way of knowing the implementation filename.
Thanks in advanced,
Ricardo Constantino
Accenture

Can I ask you one question?
Which driver did you specify? I mean the smarcard reader driver or the smartcard itself driver?
If the second, does it come along with the card? because as far as I know I just got the smart card but no software at all (apart the smartcard reader driver).
Can you help me out with this?
thanks in advance,
Marco

Smart cards

I�m an undergraduate student from a local university in Malaysia and right now I�m doing my final year report - implementing healthcare systems using smart cards. It�s an idea about by using the smart card; we can assess the personal details, insurance details and medical details so that become useful especially in emergency case.
But right now I facing some problems after read the material that i got from the internet, because it�s totally different than what I have taught about. Below is some of my question:
a.     Does it mean that the data were stored in some kind of server but not in the smart cards?
b.     How can we reach the data just by using the smart cards?
c.     How am I going to demonstrated my project, by setting up the network?
d.     Is it possible to use Windows98se as the operating system for this project?
e.     Actually what does Microsoft Visual J++ and Visual Basic do in this project?
h.     It�s there any other reference for me on this project?

Frend,
Please contact me on my email, I may be of some help.
Regards
Lawrence

How to Smart Card integrated with database ..im beginner

Dear,
im beginner for Technologies Smart Card.. I have ACOS2 and reader ACR30D ..I hope u can helping me..please my question?
1. How to java or Visul Basic integrated and presenting data on file in card (like name, address, phone number, ..etc)?
2. Please give me sample project in Visual Basic..?
its just for finnal test me.
Thanks for all
Best Reagard,
[email protected]

hello,
Check the section titled Reference Implementation on this page out.
http://www.opencard.org/index-downloads.shtml
Also if you really need codes in VB, this guys have stuff like that
http://www.motechno.com/x509-sdk.0.html
Tha development kit MAY be all you need
All the best,

Smart card logon with third party CA combined with ADFS to Office 365

Greetings,
I've been trying figure out how to implement ADFS to Office 365 in MS cloud in our environment, with little luck. I have a working 2012 domain and we are already using smart card logon on Windows 7/8 workstations. Certificates on smart cards are issued by
3rd party CA. This far every thing is fine and working, necessary root certificates are added to trusted Trusted Root Certification Authorities, UPN suffixes and users' UPNs are set according to UPN on the certificates and users successfully log on to
workstations with smart cards.
Now I face the requirement to enable SSOto Office 365 with accounts from our AD. I've been told by our MS partner and Dr. Google that in order to do that user account name (upn) in AD and in O365 need to match. Now the fact that account UPN in our AD is
not usable in O365 (because it is set to match 3rd party certificate UPN) and I have not found a way to enable smart card log on without changing UPN in AD.
Does anyone has experience of such a configuration? Is it possible to use AD federation to O365 at all in our case?
Best regards, and thanks in advance
Timo

On Fri, 25 Apr 2014 09:27:05 +0000, Timo Kallioniemi wrote:
Now I face the requirement to enable SSOto Office 365 with accounts from our AD. I've been told by our MS partner and Dr. Google that in order to do that user account name (upn) in AD and in O365 need to match. Now the fact that account UPN in our AD
is not usable in O365 (because it is set to match 3rd party certificate UPN) and I have not found a way to enable smart card log on without changing UPN in AD.
Does anyone has experience of such a configuration? Is it possible to use AD federation to O365 at all in our case?
This is not a general Windows server security issue. You should post your
question in an O365 support forum.
http://community.office365.com/en-us/f/default.aspx
Paul Adare - FIM CM MVP
Technology is dominated by two types of people: Those who understand
what they do not manage. Those who manage what they do not understand.
-- Putt's Law

Support for smart-card authentication in PowerBuilder based application

Hi, I have an application on PB11.5 with an Oracle DB back-end (11.2g). My DoD customer wants the application to use their DoD CAC Card (Smart Card) to authenticate against the Enterprise - Windows Active Directory domain, currently the application uses user-id\password for user authentication. Is this something newer versions of PB can support and implement? Thank you.

You have a couple of choices:
1. Depending on how old their workstations are, or if they have ACTIVCLIENT installed, you could call the CAPICOMM ActiveX using OLE commands
2. A solution that doesn't require that ActiveX is to use the Smart Card SDK built into newer versions of Windows. It does require a lot lower level coding though, as you have to issue specific APDU commands to the card and know how to handle the responses.
I posted a sample of the latter to the NNTP groups back in 2011. I suppose I should get around to creating a blog entry explaining how to use it.

PKI Certificates on smart cards.

Hi techies,
I am a Smart card operating system developer.
I m working on a PKI OS project.
and i m stuck while implementing the verify certificate command.
Well currently the issue i m facing is how to store certificates on smart card.
i mean which file to use, which format to use, (may be x.509), which document is relevent for implementation point of view.
could anybody help me out.
Regards,
Rishabh Agarwal

Hi Polat,
thanks for reply as i thought i wont have any reply.
well I am talking about a native card not a java card but i think it doesnt make any diffrence as at application level both are same. (diffrent at implementation level not application level)
so here i got some clue after searching meterial and brainstorming... we need to read following documents
1) PKCS#1 v2.1
2) PKCS#15
3) PKCS#7 (may be, as i havent gone through it yet)
I am almost ready with my OS for native card and have tested some its features except related to certificate...
Now i want to test it with some CSP application i dont know how will it go... i m trying to get some demo CSP code in which i can change and test my card by integrating it to some windows aplications.
if you have any clue about abovementioned then pls let me know..
and please ask if you need any help from my side
Regards
Rishabh Agarwal

Windows smart card logon and kdc certificate (2008R2)

dear,
we are trying to implement a smartcard logon on 2008r2 dc and ca. Environment:
Domain controller - windows server 2008 R2
CA - windows server 2008 R2
testing server - windows server 2008 R2
when using smartcard logon, a message pops up "The system could not log you on. You cannot use a smart card to log on because smart
card logon is not supported for your user account. Contact your system administrator to ensure that smart card logon is configured for your organization.".
The domain controller has an error message : "Event 19: This event indicates an attempt was made to use smartcard logon, but the KDC is unable to use the PKINIT protocol because it is missing a suitable certificate",
when using "net stop kdc && net start kdc" there is a warning : "event 29 : The Key Distribution Center (KDC) cannot find a suitable certificate to use for smart card logons, or the KDC certificate could not be verified. Smart card
logon may not function correctly if this problem is not resolved. To correct this problem, either verify the existing KDC certificate using certutil.exe or enroll for a new KDC certificate."
There were 2 dead CAs in the environment, we deleted them manually by following the instructions in http://support.microsoft.com/kb/555151;
We tried to renew the domain controller certification with the instructions in http://technet.microsoft.com/en-us/library/cc734096.aspx；http://technet.microsoft.com/en-us/library/cc733944(v=ws.10).aspx,
the result of "certutil -dcinfo verify" seemed to be correct, but the event 19 and 29 are still there.
How could we resolve this problem? Thanks in advance
The output of "certutil -dcinfo verify" is :
0: CTXDC
*** Testing DC[0]: CTXDC
** Enterprise Root Certificates for DC CTXDC
Certificate 0:
Serial Number: 781902753c5627b64bd4e45c38b648df
Issuer: CN=demo2CA, DC=demo2, DC=internal, DC=jiean-technologies, DC=lan
NotBefore: 2013/4/11 11:57
NotAfter: 2018/4/11 12:07
Subject: CN=demo2CA, DC=demo2, DC=internal, DC=jiean-technologies, DC=lan
Certificate Template Name: CA
CA Version: V0.0
Signature matches Public Key
Root Certificate: Subject matches Issuer
Template: CA, Root Certification Authority
Cert Hash(sha1): 24 43 b0 79 33 8d f4 74 2d 52 df 75 3a 50 73 85 62 25 fb 86
** KDC certificate for DC
CTXDC
certificate 0:
Serial Number: 611648d2000000000030
Issuer: CN=demo2CA, DC=demo2, DC=internal, DC=jiean-technologies, DC=lan
NotBefore: 2013/4/21 12:05
NotAfter: 2014/4/21 12:05
Subject: CN=CTXDC.demo2.internal.jiean-technologies.lan
Certificate Template Name: DomainController
Non-root Certificate
template: DomainController, domain controller
Cert Hash(sha1): e5 e5 5f 80 b0 cd 7f b5 3d 86 51 3e f3 70 d0 8e 39 48 45 cd
dwFlags = CA_VERIFY_FLAGS_NT_AUTH (0x10)
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
Application[0] = 1.3.6.1.5.5.7.3.1
Server Authentication
Application[1] = 1.3.6.1.5.5.7.3.2
Client Authentication
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT (0x40000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_NT_AUTH
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwRevocationFreshnessTime: 10 Hours, 36 Minutes, 16 Seconds
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwRevocationFreshnessTime: 10 Hours, 36 Minutes, 16 Seconds
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=0
Issuer: CN=demo2CA, DC=demo2, DC=internal, DC=jiean-technologies, DC=lan
NotBefore: 2013/4/21 12:05
NotAfter: 2014/4/21 12:05
Subject: CN=CTXDC.demo2.internal.jiean-technologies.lan
Serial: 611648d2000000000030
SubjectAltName: Other Name:DS object GUID=04 10 f1 68 15 d4 e6 4a 8c 40 80 c6 15 16 1d 26 49 4d, DNS Name=CTXDC.demo2.internal.jiean-technologies.lan
Template: DomainController
e5 e5 5f 80 b0 cd 7f b5 3d 86 51 3e f3 70 d0 8e 39 48 45 cd
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
CRL 54:
Issuer: CN=demo2CA, DC=demo2, DC=internal, DC=jiean-technologies, DC=lan
52 95 06 73 26 3a 6a 22 a3 6f d7 6e b2 f3 4c 3d 02 9b 7e 54
Delta CRL 55:
Issuer: CN=demo2CA, DC=demo2, DC=internal, DC=jiean-technologies, DC=lan
8c c0 97 5e a3 13 9d a1 5c a2 c1 86 e8 65 ff b0 8b ea f4 a3
Application[0] = 1.3.6.1.5.5.7.3.2
Server Authentication
Application[1] = 1.3.6.1.5.5.7.3.1
Client Authentication
CertContext[0][1]: dwInfoStatus=10c dwErrorStatus=0
Issuer: CN=demo2CA, DC=demo2, DC=internal, DC=jiean-technologies, DC=lan
NotBefore: 2013/4/11 11:57
NotAfter: 2018/4/11 12:07
Subject: CN=demo2CA, DC=demo2, DC=internal, DC=jiean-technologies, DC=lan
Serial: 781902753c5627b64bd4e45c38b648df
Template: CA
24 43 b0 79 33 8d f4 74 2d 52 df 75 3a 50 73 85 62 25 fb 86
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
Exclude leaf cert:
33 0e 29 2d 44 b0 f9 5d a8 7d 03 26 52 e0 cf 00 4c bf 66 2d
Full chain:
04 60 4a 63 ea 44 36 5a 8a 3e 43 b5 23 2a ee 8e a6 05 16 3b
Verified Issuance Policies: None
Verified Application Policies:
1.3.6.1.5.5.7.3.2
Server Authentication
1.3.6.1.5.5.7.3.1
Client Authentication
1 KDC certs for CTXDC
CertUtil: -DCInfo command completed successfully.

The KDC certificate must be good for "SmartCard logon" purpose. It is currently not.
I you do not use smartcards, do not worry.

Campus Smart Card Implementation

Similar Messages

Maybe you are looking for