T410 Smart Card problem

Similar Messages

• Smart Card Problem in Java with server

  Hi everybody.I use smart card authentication to sign my web application which was deployed in apache tomcat and I use servlet & jsp fro developing this web application.When deploy application on local machine there is no problem.
      public String getInfo(String password) {
          String certInfo = "";
          try {
              String configName = "C:/smartcards/config/pkcs11.cfg";
              String PIN = password;
              Provider p = new sun.security.pkcs11.SunPKCS11(configName);
              Security.addProvider(p);
              ((SunPKCS11) p).logout();
              KeyStore keyStore = KeyStore.getInstance("PKCS11");
              char[] pin = PIN.toCharArray();
              keyStore.load(null, pin);
              Enumeration aliasesEnum = keyStore.aliases();
              String alias = (String) aliasesEnum.nextElement();
              X509Certificate cert = (X509Certificate) keyStore.getCertificate(alias);
              certInfo += cert.toString();
          } catch (Exception e) {
              System.out.println(e.getMessage());
          return certInfo;
  The preceding method return String which was stored in smart card when I pass password of smart card.If password wrong load failed.
  Then I deployed this web app in the server.When I run this app everything is ok when I also remote desktop connected to server.When I close RDP I get Token has been removed exception on web server.How can I solve this problem.I want to also sign to app without remote desktop connection.

  Use PreparedStatement and SimpleDateFormat classes
  http://onesearch.sun.com/search/onesearch/index.jsp?qt=%2BPreparedStatement+%2BSimpleDateFormat+&qp=siteforumid%3Ajava48&chooseCat=allJava&col=developer-forums&site=dev

• Pls help me with smart card problem

  Hi,
  currently, i'm developing a system for my final year project. i've developed a webpage in PHP for clinic management. i also implement smart card in my system. the point of it is to make it easier for both parties - doctor and patient. each time patient comes to receive treatment, doc will check patient's smart card on previous drugs prescription. so then, doc will update it based on the treatment given on that day.
  the problem is, how i want to transmit the data from smart card to be displayed in the php page? maybe i should use applet but i don't know how.
  does anybody has applet source code on transmitting data from smart card to php page?
  i wud b really appreciate it...... thanks in advance.

  Have you checked the Schlumberger web site?
  What do you mean by "parsing from applet to php"? Parsing really isn't a data transfer method except maybe in a very tenuous sense.
  And do you really mean an applet (a small program run on the client and embedded in a web page) or are you using it as shorthand for any java program?
  If an applet, I suppose you could:
  1) use javascript to connect the applet to the web page, which would just happen to be created using PHP. So it would be all client-side operation.
  2) use HttpURLConnection (or, God help you, direct socket connections) to connect to a web server and interact with PHP to give/get data. In this case it would be client/server behavior, but the applet would have minimal interaction with the PHP page it's embedded in.
  3) Make it really fun (i.e.: complicated) by using javascript to connect to the page, and then use AJAX to connect to the server. I have no idea whether that's even possible using PHP.
  Maybe there are other options I haven't thought of.

• Smart Card Problem with AnyConnect over RDP

  Hello,
  For ASA 5545, v-8.6(1)2 and AnyConnect v-3.1.0165, I'm trying to start an AnyConnect client tunnel on a remote RDP (both ends Windows 7) machine and am having problems. The RDP is configured to proxy smart card devices which generally works fine. I'm using current SafeNet eToken with current client software. When I start AnyConnect from client machines (no RDP), the tunnel opens with no problem using the smart card. When I try to start the tunnel on the remote machine via RDP, I'm prompted for cert selection and smart card PIN, but get a popup from AnyConnect: 'VPN connection terminated, smart card removed from reader'. When I try to start the tunnel via RDP but use the ASA web server to start, the tunnel starts up fine with the smart card.
  For the problem condition, the Windows event log on the remote RDP machine shows 3 entires (see below) wrt acvpnagent show smart card removal errors but the USB device is always inserted. Also, in investigating, I changed the client profile 'server list' config to SSL instead of IPSec. Same failure but the popup does not show.
  VPN connection terminated, Smartcard removed from reader.
  Description: VPNMGR_ERROR_SMARTCARD_REMOVED:A smartcard required for the connection has been removed
  Thanks in advance for any assistance.
  Mike

  This can be resolved by going to services and disabling Smart card

• [T410] discrete gfx - Problem with Video Card and Windows Aero -anyone using 4Gb memory modules?

  [3/3/2010 Update]
  There's a issue of using 4Gb sticks on T410 currently that results in video output artifacts and aero interface problems when using Lenovo supplied drivers v8.16.11.8825. I think I can call it confirmed (Three people including me face this issue).
  Possible workaround is to install modified EliteBook 8440p video driver (read along this thread) comes with a BIG drawback of not being able to change brightness level within Windows 7. To sweeten it a little bit - you can set luminance level at POST screen, when computer boots up.
  [Original Message]
  Encountered strange behavoir of my T410.
  I have a T410 with 256Mb of Video Memory and 1440x900 display, a T61 with 128Mb of Video Memory and 1400x1050 dsplay and external monitor HP w2338h with 1920x1080 resolution.
  If I connect external monitor to my T410 and launch Visual Studio 2010 Beta 2 - image blinks and comes back with Aero disabled. Looking through event logs reveals the lack of memory. Entry information can be found further.
  Now If I do the same with my old Thinkpad T61, connect the same monitor using the same cable - I can open as many Visual Studio 2010 Beta 2 instances I like (tried 5) and nothing blinks and Aero stays enabled.
  Actually I find ridiculous, a notebook with more VRAM cannot archive the same performance as notebooks with less.
  Does anyone know what path should I pursue to solve this issue?
  UPDATE: Simply running multiple instances of Visual Studio 2010 Beta 2 without external monitor causes Aero disabled as well.
  Log Name:      Application
  Source:        Desktop Window Manager
  Date:          2/4/2010 7:32:21 PM
  Event ID:      9020
  Task Category: None
  Level:         Error
  Keywords:      Classic
  User:          N/A
  Computer:     
  Description:
  The Desktop Window Manager has encountered a fatal error (0x8007000e)
  Error 2/4/2010 7:32:21 PM Desktop Window Manager 9020 None
  Solved!
  Go to Solution.

  mat3y wrote:
  I have the same problem with T410 and aero disabled.  I am not using VS and I get this error anyway.
  The Desktop Window Manager has encountered a fatal error (0x8007000e).
  This must be buggy drivers, on Lenovo download site is just the one and the only initial driver for T410 graphics card.
  What software were you actively using when this error occured?
  Thinkpad T500-2081 CTO | T9400 2.53GHz | 8 GB RAM | ATI HD3650 + Intel GM45 | 15.4" LED WXGA+ | Windows 8 | ATI Catalyst 13.1 (non-switchable)
  Thinkpad 390x | PII 333 | 256mb ram | NeoMagic 256AV | SVGA LCD | OS/2 v4.52

• Problem with Sun PKCS#11 Provider and Ativcard smart card.

  Hi,
  I'm trying to make a signature with a smartcard.
  I have no problem signing with my card in applications such as Microsoft Office, Outlook (they probably use CAPICOM or MS CryptoAPI).
  There is only one certificate on my card with non extractable pair of keys.
  When I`m using Java based application I have the following problem:
  I have Java 1.5.0 installed, and according to the reference guide on:
  http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html
  I configured "Sun PKCS#11 Provider".
  In file:
  %JAVA_HOME%/lib/security/java.security I inserted the following lines:
  # Configuration for security providers 1..6 omitted
  security.provider.7=sun.security.pkcs11.SunPKCS11 C:/pkcs11.cfg
  In my case (I`m using ActivCard) The file "C:/pkcs11.cfg" contains:
  name = ActivCard
  library = c:\windows\system32\acpkcs211.dll
  After that I try tu use configured provider with keytool.exe from jsdk.
  In cmdline:
  c:\Program Files\Java\jdk1.5.0_06\bin>keytool.exe -keystore NONE -storetype PKCS11 -list
  Enter keystore password:  1111
  Keystore type: PKCS11
  Keystore provider: SunPKCS11-ActivCard
  Your keystore contains 1 entry
  Cinek's dp ID, keyEntry,
  Certificate fingerprint (MD5): 36:19:DD:01:2E:A2:C5:F6:51:44:03:74:14:D5:62:C0
  So till now everything looks ok. Certificate is accessible.
  But when I trying to use jarsigner.exe to sign something:
  c:\Program Files\Java\jdk1.5.0_06\bin>jarsigner.exe -keystore NONE -storetype PKCS11 D:\Applet.jar "Cinek's dp ID"
  Enter Passphrase for keystore: 1111
  jarsigner error: java.lang.NullPointerException
  I`ve got the java.lang.NullPointerException !
  To find reason of the exception I`ve written simple application, which signs a byte array:
  import java.security.KeyStore;
  import java.security.PrivateKey;
  import java.security.PublicKey;
  import java.security.Signature;
  import java.security.cert.Certificate;
  import java.util.Enumeration;
  public class Main {
       public static void main(String[] args) throws Exception {
            PrivateKey privkey = null;
            char[] pin = { '1', '1', '1', '1' };
            KeyStore smartCardKeyStore = KeyStore.getInstance("PKCS11");
            smartCardKeyStore.load(null, pin);
            Enumeration aliasesEnum = smartCardKeyStore.aliases();
            if (aliasesEnum.hasMoreElements()) {
                 String alias = (String) aliasesEnum.nextElement();
                 privkey = (PrivateKey) smartCardKeyStore.getKey(alias, null);
                 byte[] aDocument = new byte[100];
                 Signature signatureAlgorithm = Signature.getInstance("SHA1withRSA");
                 signatureAlgorithm.initSign(privkey);
                 signatureAlgorithm.update(aDocument);
                 byte[] digitalSignature = signatureAlgorithm.sign();
  When I`ve run this application in last line in method signatureAlgorithm.sign() I got:
  Exception in thread "main" java.lang.NullPointerException
       at java.math.BigInteger.modPow(Unknown Source)
       at sun.security.rsa.RSACore.crtCrypt(Unknown Source)
       at sun.security.rsa.RSACore.rsa(Unknown Source)
       at sun.security.rsa.RSASignature.engineSign(Unknown Source)
       at java.security.Signature$Delegate.engineSign(Unknown Source)
       at java.security.Signature.sign(Unknown Source)
       at Main.main(Main.java:31)
  In debug, before this exception variables are:
  alias= "Cinek's dp ID"
  privkey =
  SunPKCS11-ActivCard RSA private key, 1024 bits (id 192168768, token object, not sensitive, extractable)
    modulus:          112271510887039102410124262012976131016781096451891854145879061791454872222254764386718257162446565027910080375427552248069203548913907633164297672417327888344423061606707834842776634133861005271620794248782338105033496749719965719732501903618453514554701005390412127008091861831421936757053019877456102263703
    public exponent:  65537
    private exponent: null
    prime p:          null
    prime q:          null
    prime exponent p: null
    prime exponent q: null
    crt coefficient:  null
  As you can see, private key has extractable attribute set, what is wrong. Attribute is set and key has no values.
  I think that can be the reason of NullPointerException. (Maybe when extractable = true, sign() methods expects key values filled).
  So, I can not sign anything.
  I tryed to add some additional attributes to file "C:/pkcs11.cfg":
  attributes(*,CKO_PRIVATE_KEY,*) = {
    CKA_EXTRACTABLE = false
  but with no effect. Key was still extractable.
  Can you help me to solve this problem?
  PS. I`m using acpkcs211.dll (v3.2.102.0) as an implementation of PKCS#11. (Activcard says that it is PKCS#11 v2.11 implementation)
  PS2. Sorry for my english

  Can I ask you one question?
  Which driver did you specify? I mean the smarcard reader driver or the smartcard itself driver?
  If the second, does it come along with the card? because as far as I know I just got the smart card but no software at all (apart the smartcard reader driver).
  Can you help me out with this?
  thanks in advance,
  Marco

• Problem signing PDF from smart card - BouncyCastle, IAIK Wrapper, iText

  Hello!
  I need to sign and timestamp a PDF document with a smartcard. I'm using Java 1.6, iText to manage PDF, BouncyCastle to deal with cryptography and the free IAIK WRAPPER to access the smartcard.
  I've already searched the Internet to solve my problem, read the PDF specifications about the signature and followed snippets that should've worked, but after a couple of weeks I still don't have working code, not even for the signature. All the tries I made yield messages like "Signature has been corrupted" or "Invalid signature" (I can't remember the exact messages, but they're not in English anyway :D ) when I verify the signature in Adobe Reader.
  My first goal was to use an encapsulated signature, using filter Adobe.PPKLITE, subfilter adbe.pkcs7.sha1 and a DER-Encoded PKCS#7 object as content.
  Among the tries I made, I used code such as (I don't include all modifications, just the ones I deem closer to the right approach):
       // COMMON - START
       ///// selectedKey is a iaik.pkcs.pkcs11.objects.Key instance of the private key I'm taking from the SC
       RSAPrivateKey signerPrivKey=(RSAPrivateKey)selectedKey;
       CertificateFactory certificateFactory=CertificateFactory.getInstance("X.509");
       ///// correspondingCertificate is a iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate instance of the certificate I'm taking from the SC
       byte[] derEncodedCertificate=correspondingCertificate.getValue().getByteArrayValue();
       X509Certificate signerCert=(X509Certificate)certificateFactory.generateCertificate(new ByteArrayInputStream(derEncodedCertificate));
       Provider provider=new BouncyCastleProvider();
       Security.addProvider(provider);
       ///// session is an instance of iaik.pkcs.pkcs11.Session
       session.signInit(Mechanism.SHA1_RSA_PKCS, signerPrivKey);
       File theFile = new File("C:\\toSign.pdf");
       FileInputStream fis = new FileInputStream(theFile);
       byte[] contentData = new byte[(int) theFile.length()];
       fis.read(contentData);
       fis.close();          
       PdfReader reader = new PdfReader(contentData);
       ByteArrayOutputStream baos = new ByteArrayOutputStream();
       PdfStamper stp = PdfStamper.createSignature(reader, baos, '\0');
       PdfSignatureAppearance sap = stp.getSignatureAppearance();
       // COMMON - END
       java.security.cert.X509Certificate[] certs=new java.security.cert.X509Certificate[1];
       CertificateFactory factory=CertificateFactory.getInstance("X.509");          
       certs[0]=(X509Certificate)factory.generateCertificate(new ByteArrayInputStream(correspondingCertificate.getValue().getByteArrayValue()));
       sap.setSignDate(new GregorianCalendar());
       sap.setCrypto(null, certs, null, null);
       sap.setReason("This is the reason");
       sap.setLocation("This is the Location");
       sap.setContact("This is the Contact");
       sap.setAcro6Layers(true);
       PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, PdfName.ADBE_PKCS7_SHA1);
       dic.setDate(new PdfDate(sap.getSignDate()));
       dic.setName(PdfPKCS7.getSubjectFields((X509Certificate)certs[0]).getField("CN"));
       sap.setCryptoDictionary(dic);
       int csize = 4000;
       HashMap exc = new HashMap();
       exc.put(PdfName.CONTENTS, new Integer(csize * 2 + 2));
       sap.preClose(exc);
       MessageDigest md = MessageDigest.getInstance("SHA1");
       InputStream s = sap.getRangeStream();
       int read = 0;
       byte[] buff = new byte[8192];
       while ((read = s.read(buff, 0, 8192)) > 0)
            md.update(buff, 0, read);
       byte[] signature=session.sign(buff);
       CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
       ArrayList list = new ArrayList();
       for (int i = 0; i < certs.length; i++)
            list.add(certs);
       CertStore chainStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(list), provider);
       generator.addCertificatesAndCRLs(chainStore);
       CMSProcessable content = new CMSProcessableByteArray(md.digest());
       CMSSignedData signedData = generator.generate(CMSSignedDataGenerator.ENCRYPTION_RSA, content, true, provider);
       byte[] pk = signedData.getEncoded();
       byte[] outc = new byte[csize];
       PdfDictionary dic2 = new PdfDictionary();
       System.arraycopy(pk, 0, outc, 0, pk.length);
       dic2.put(PdfName.CONTENTS, new PdfString(outc).setHexWriting(true));
       sap.close(dic2);
       File newOne = new File("C:\\signed.pdf");
       FileOutputStream fos = new FileOutputStream(newOne);
       fos.write(baos.toByteArray());
       fos.close();
  I figured this is the right approach, but I need a way to generate the CMSSignedData instance, which can't be done using addSigner (the only documented way I found), since the private key is not extractable from a smart card...
  Then I decided to give up and try with a detached signature:
       // COMMON - START
       // Same as above
       // COMMON - END
       sap.setSignDate(new GregorianCalendar());
       java.security.cert.X509Certificate[] certs=new java.security.cert.X509Certificate[1];
       CertificateFactory factory=CertificateFactory.getInstance("X.509");          
       certs[0]=(X509Certificate)factory.generateCertificate(new ByteArrayInputStream(correspondingCertificate.getValue().getByteArrayValue()));
       sap.setCrypto(null, certs, null, PdfSignatureAppearance.SELF_SIGNED);
       sap.setSignDate(java.util.Calendar.getInstance());
       sap.setExternalDigest (new byte[8192], new byte[20], "RSA");
       sap.preClose();
       MessageDigest messageDigest = MessageDigest.getInstance ("SHA1");
       byte buff[] = new byte[8192];
       int n;
       InputStream inp = sap.getRangeStream ();
       while ((n = inp.read (buff)) > 0)
            messageDigest.update (buff, 0, n);
       byte hash[] = messageDigest.digest();
       byte[] signature=session.sign(hash);
       PdfSigGenericPKCS sg = sap.getSigStandard ();
       PdfLiteral slit = (PdfLiteral)sg.get (PdfName.CONTENTS);
       byte[] outc = new byte[(slit.getPosLength () - 2) / 2];
       PdfPKCS7 sig = sg.getSigner ();
       sig.setExternalDigest (session.sign(hash), hash, "RSA");
       PdfDictionary dic = new PdfDictionary ();
       byte[] ssig = sig.getEncodedPKCS7();
       System.arraycopy (ssig, 0, outc, 0, ssig.length);
       dic.put (PdfName.CONTENTS, new PdfString (outc).setHexWriting(true));
       sap.close (dic);
       File newOne = new File("C:\\signed.pdf");
       FileOutputStream fos = new FileOutputStream(newOne);
       fos.write(baos.toByteArray());
       fos.close();
  I'm still stuck to the signature process, can anyone please tell me what I'm doing wrong and help me (snippets would be deeply appreciated), maybe even changing approach in order to be able to add a digital timestamp?
  Thank you very much in advance!
  PS: I had also tried to use the SunPKCS11 provider to access the smart card, I gave up for similar problems, but if someone has suggestions using it, they're welcome! :D

  Hello!
  I need to sign and timestamp a PDF document with a smartcard. I'm using Java 1.6, iText to manage PDF, BouncyCastle to deal with cryptography and the free IAIK WRAPPER to access the smartcard.
  I've already searched the Internet to solve my problem, read the PDF specifications about the signature and followed snippets that should've worked, but after a couple of weeks I still don't have working code, not even for the signature. All the tries I made yield messages like "Signature has been corrupted" or "Invalid signature" (I can't remember the exact messages, but they're not in English anyway :D ) when I verify the signature in Adobe Reader.
  My first goal was to use an encapsulated signature, using filter Adobe.PPKLITE, subfilter adbe.pkcs7.sha1 and a DER-Encoded PKCS#7 object as content.
  Among the tries I made, I used code such as (I don't include all modifications, just the ones I deem closer to the right approach):
       // COMMON - START
       ///// selectedKey is a iaik.pkcs.pkcs11.objects.Key instance of the private key I'm taking from the SC
       RSAPrivateKey signerPrivKey=(RSAPrivateKey)selectedKey;
       CertificateFactory certificateFactory=CertificateFactory.getInstance("X.509");
       ///// correspondingCertificate is a iaik.pkcs.pkcs11.objects.X509PublicKeyCertificate instance of the certificate I'm taking from the SC
       byte[] derEncodedCertificate=correspondingCertificate.getValue().getByteArrayValue();
       X509Certificate signerCert=(X509Certificate)certificateFactory.generateCertificate(new ByteArrayInputStream(derEncodedCertificate));
       Provider provider=new BouncyCastleProvider();
       Security.addProvider(provider);
       ///// session is an instance of iaik.pkcs.pkcs11.Session
       session.signInit(Mechanism.SHA1_RSA_PKCS, signerPrivKey);
       File theFile = new File("C:\\toSign.pdf");
       FileInputStream fis = new FileInputStream(theFile);
       byte[] contentData = new byte[(int) theFile.length()];
       fis.read(contentData);
       fis.close();          
       PdfReader reader = new PdfReader(contentData);
       ByteArrayOutputStream baos = new ByteArrayOutputStream();
       PdfStamper stp = PdfStamper.createSignature(reader, baos, '\0');
       PdfSignatureAppearance sap = stp.getSignatureAppearance();
       // COMMON - END
       java.security.cert.X509Certificate[] certs=new java.security.cert.X509Certificate[1];
       CertificateFactory factory=CertificateFactory.getInstance("X.509");          
       certs[0]=(X509Certificate)factory.generateCertificate(new ByteArrayInputStream(correspondingCertificate.getValue().getByteArrayValue()));
       sap.setSignDate(new GregorianCalendar());
       sap.setCrypto(null, certs, null, null);
       sap.setReason("This is the reason");
       sap.setLocation("This is the Location");
       sap.setContact("This is the Contact");
       sap.setAcro6Layers(true);
       PdfSignature dic = new PdfSignature(PdfName.ADOBE_PPKLITE, PdfName.ADBE_PKCS7_SHA1);
       dic.setDate(new PdfDate(sap.getSignDate()));
       dic.setName(PdfPKCS7.getSubjectFields((X509Certificate)certs[0]).getField("CN"));
       sap.setCryptoDictionary(dic);
       int csize = 4000;
       HashMap exc = new HashMap();
       exc.put(PdfName.CONTENTS, new Integer(csize * 2 + 2));
       sap.preClose(exc);
       MessageDigest md = MessageDigest.getInstance("SHA1");
       InputStream s = sap.getRangeStream();
       int read = 0;
       byte[] buff = new byte[8192];
       while ((read = s.read(buff, 0, 8192)) > 0)
            md.update(buff, 0, read);
       byte[] signature=session.sign(buff);
       CMSSignedDataGenerator generator = new CMSSignedDataGenerator();
       ArrayList list = new ArrayList();
       for (int i = 0; i < certs.length; i++)
            list.add(certs);
       CertStore chainStore = CertStore.getInstance("Collection", new CollectionCertStoreParameters(list), provider);
       generator.addCertificatesAndCRLs(chainStore);
       CMSProcessable content = new CMSProcessableByteArray(md.digest());
       CMSSignedData signedData = generator.generate(CMSSignedDataGenerator.ENCRYPTION_RSA, content, true, provider);
       byte[] pk = signedData.getEncoded();
       byte[] outc = new byte[csize];
       PdfDictionary dic2 = new PdfDictionary();
       System.arraycopy(pk, 0, outc, 0, pk.length);
       dic2.put(PdfName.CONTENTS, new PdfString(outc).setHexWriting(true));
       sap.close(dic2);
       File newOne = new File("C:\\signed.pdf");
       FileOutputStream fos = new FileOutputStream(newOne);
       fos.write(baos.toByteArray());
       fos.close();
  I figured this is the right approach, but I need a way to generate the CMSSignedData instance, which can't be done using addSigner (the only documented way I found), since the private key is not extractable from a smart card...
  Then I decided to give up and try with a detached signature:
       // COMMON - START
       // Same as above
       // COMMON - END
       sap.setSignDate(new GregorianCalendar());
       java.security.cert.X509Certificate[] certs=new java.security.cert.X509Certificate[1];
       CertificateFactory factory=CertificateFactory.getInstance("X.509");          
       certs[0]=(X509Certificate)factory.generateCertificate(new ByteArrayInputStream(correspondingCertificate.getValue().getByteArrayValue()));
       sap.setCrypto(null, certs, null, PdfSignatureAppearance.SELF_SIGNED);
       sap.setSignDate(java.util.Calendar.getInstance());
       sap.setExternalDigest (new byte[8192], new byte[20], "RSA");
       sap.preClose();
       MessageDigest messageDigest = MessageDigest.getInstance ("SHA1");
       byte buff[] = new byte[8192];
       int n;
       InputStream inp = sap.getRangeStream ();
       while ((n = inp.read (buff)) > 0)
            messageDigest.update (buff, 0, n);
       byte hash[] = messageDigest.digest();
       byte[] signature=session.sign(hash);
       PdfSigGenericPKCS sg = sap.getSigStandard ();
       PdfLiteral slit = (PdfLiteral)sg.get (PdfName.CONTENTS);
       byte[] outc = new byte[(slit.getPosLength () - 2) / 2];
       PdfPKCS7 sig = sg.getSigner ();
       sig.setExternalDigest (session.sign(hash), hash, "RSA");
       PdfDictionary dic = new PdfDictionary ();
       byte[] ssig = sig.getEncodedPKCS7();
       System.arraycopy (ssig, 0, outc, 0, ssig.length);
       dic.put (PdfName.CONTENTS, new PdfString (outc).setHexWriting(true));
       sap.close (dic);
       File newOne = new File("C:\\signed.pdf");
       FileOutputStream fos = new FileOutputStream(newOne);
       fos.write(baos.toByteArray());
       fos.close();
  I'm still stuck to the signature process, can anyone please tell me what I'm doing wrong and help me (snippets would be deeply appreciated), maybe even changing approach in order to be able to add a digital timestamp?
  Thank you very much in advance!
  PS: I had also tried to use the SunPKCS11 provider to access the smart card, I gave up for similar problems, but if someone has suggestions using it, they're welcome! :D

• Provider problem by building a secure transmission to a Smart Card

  Hi
  I have this problem:
  I must accomplish a secure transmission with a smart card,
  So the transmission is RSA coded.
  A RSA key is generated, without any problems I think because the modulus is printed out.
  And because he write the key to the card.
  But when the transmission with the card begin the program breaks with the error message it could not find any RSA Provider
  I use :
  - Java 1.4.1
  - bcprov-jdk14-117.jar
  - jce unrestricted policy files
  - cryptix-jce-20030102-snap
  - FlexiFullProvider-1.1.3.signed.jar
  - OCF1.2
  The Programm code with causes the Error :
  Line 78
  public boolean enableSecureMessaging(CardFilePath path, byte keyNumber)
  throws NoSuchAlgorithmException,
  InvalidKeyException,
  CardServiceException,
  CardTerminalException {
  KeyPairGenerator rsaKeyPairGenerator;
  KeyPair rsaKeyPair;
  RSAPubKey     rsaPublicKey;
  RSAPrivCrtKey rsaPrivateKey;
  RSAPrivateKeySpec rsaPrivateKeySpec;
  DESedeKeySpec desKeySpec;
  IV iv;
  byte[] modulus;
  byte[] exponent;
  byte[] privateExponent;
  byte[] modulusRecord;
  byte[] exponentRecord;
  byte[] sessionKey;
  CredentialBag credentialBag;
  TCOS2CredentialStore credentialStore;
  ReceiveRSACommunicationCredential rsaCommunicationCredential;
  DESedeCommunicationCredential desCommunicationCredential;
  PassThruCommunicationCredential passThruCommunicationCredential;
  // - RSA KeyPairGenerator initialisieren und ein Schl�sselpaar mit
  // 512 Bit erstellen
  rsaKeyPairGenerator = KeyPairGenerator.getInstance("RSA");
  rsaKeyPairGenerator.initialize(0x200);
  rsaKeyPair = rsaKeyPairGenerator.generateKeyPair();
  //::B::
  Provider[] providern =java.security.Security.getProviders();
       for (int i = 0; i<providern.length;i++)
            System.out.println(providern.getName());
       System.out.println(providern[i].getInfo());
            System.out.println("----------*******----------");
  //::E::
  // - Public und Private Key aus dem Schl�sselpaar extrahieren
  System.out.println(rsaKeyPair);
  rsaPublicKey = (RSAPubKey)rsaKeyPair.getPublic();
  System.out.println(rsaPublicKey.toString());
  rsaPrivateKey = (RSAPrivCrtKey)rsaKeyPair.getPrivate();
  modulus = rsaPublicKey.getModulus().toByteArray();
  exponent = rsaPublicKey.getPublicExponent().toByteArray();
  privateExponent = rsaPrivateKey.getPrivateExponent().toByteArray();
  // - Komponenten des Public Key f�r die recordbasierte Speicherung in ein
  // Bytearray schreiben
  modulusRecord = new byte[0x43];
  exponentRecord = new byte[0x06];
  modulusRecord[0x00] = (byte)0x01;
  modulusRecord[0x01] = (byte)0x41;
  exponentRecord[0x00] = (byte)0x02;
  exponentRecord[0x01] = (byte)0x04;
  System.arraycopy(modulus, 0x00, modulusRecord, 0x43-modulus.length, modulus.length);
  System.arraycopy(exponent, 0x00, exponentRecord, 0x06-exponent.length, exponent.length);
  // - Komponenten des Public Key auf die Karte schreiben
  // Dieser Public Key wird anschlie�end benutzt, um den SessionKey f�r die
  // �bertragung zu verschl�sseln
  fscs.writeRecord(path, 0x01, modulusRecord);
  fscs.writeRecord(path, 0x02, exponentRecord);
  // - Private Key in einer KeySpec speichern
  rsaPrivateKeySpec = new RSAPrivateKeySpec(rsaPrivateKey.getModulus(),
  rsaPrivateKey.getPrivateExponent());
  // - Credential f�r die KommuniKation mit der Karte erstellen
  // Verschl�sselt wird die RAPDU von der Karte zum PC mit dem zuvor in der
  // Karte abgelegten Public Key
  credentialBag = new CredentialBag();
  credentialStore = new TCOS2CredentialStore();
  rsaCommunicationCredential = new ReceiveRSACommunicationCredential();
  System.out.println("Hier bricht die Sau ab!! [Martin, hat nat�rlich recht]");
  //THIS LINE CAUSES THE ERROR AS YOU SEE
  rsaCommunicationCredential.initCipher(rsaPrivateKeySpec, keyNumber, null); System.out.println("Das Schwein i weiter unten!! [Amir]");
  credentialStore.storeCredential(0x00, rsaCommunicationCredential);
  credentialBag.addCredentialStore(credentialStore);
  Debug Message::
  Bitte Karte einlegen
  [INFO     ] de.telesec.opencard.tcos20.service.TCOS2CardServiceFactory.getCardType
  --- message TCOS 2.0 Release 3 smart card detected
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2CardServiceFactory
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.initialize
  --- message
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.initialize
  --- message
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.initialize
  --- message
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.initialize
  --- message
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.initialize
  --- message
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  FlexiCore
  SunJSSE
  Sun JSSE provider(implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
  SunJCE
  SunJCE Provider (implements DES, Triple DES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
  SunRsaSign
  SUN's provider for RSA signatures
  SUN
  SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
  SunJGSS
  Sun (Kerberos v5)
  CryptixCrypto
  Cryptix JCE Strong Crypto Provider
  BC
  BouncyCastle Security Provider v1.17
  java.security.KeyPair@80fa6f
  modulus n: 0x4fa8e0ef3fba114c9a4fa74848007f611e01dc4b9ecde00dce08bcf86643a7385a82b4fb8206c6bf28ed82ce69e1541947c7a91e4528e10dc5c06c1142e10a91
  exponent e: 0x10001
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.tcosSelect
  --- message mode: 8 response mode: 0 data: DF 01 45 C1
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.buildAndSendCommandAPDU
  --- message cla ins p1 p2 data le
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.buildAndSendCommandAPDU
  --- message cred: null
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [INFO     ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.sendCommandAPDU
  --- message Command: APDU_Buffer = 00A4080004DF0145C100 (hex) | lc = 4 | le = 0
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [INFO     ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.sendCommandAPDU
  --- message Response: opencard.core.terminal.ResponseAPDU@1b9ce4b
  0000: 6F 2F 83 02 45 C1 81 02 00 50 82 03 05 41 43 85 o/..E....P...AC.
  0010: 06 01 C4 06 10 00 00 86 18 B2 00 00 00 FF FF DC ................
  0020: 00 00 00 FF FF 2A 00 00 00 FF FF EE 00 00 00 FF .....*..........
  0030: FF 90 00 ...
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.isofs.fileinfo.TCOS2CardFileInfo.TCOS2CardFileInfo
  --- message Data: 0000: 6F 2F 83 02 45 C1 81 02 00 50 82 03 05 41 43 85 o/..E....P...AC.
  0010: 06 01 C4 06 10 00 00 86 18 B2 00 00 00 FF FF DC ................
  0020: 00 00 00 FF FF 2A 00 00 00 FF FF EE 00 00 00 FF .....*..........
  0030: FF .
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.isofs.fileinfo.TCOS2CardFileInfo
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.tcosUpdateRecord
  --- message SFI: -1 Mode: 4 Record Number: 1 Data: 0000: 01 41 00 4F A8 E0 EF 3F BA 11 4C 9A 4F A7 48 48 .A.O...?..L.O.HH
  0010: 00 7F 61 1E 01 DC 4B 9E CD E0 0D CE 08 BC F8 66 ..a...K........f
  0020: 43 A7 38 5A 82 B4 FB 82 06 C6 BF 28 ED 82 CE 69 C.8Z.......(...i
  0030: E1 54 19 47 C7 A9 1E 45 28 E1 0D C5 C0 6C 11 42 .T.G...E(....l.B
  0040: E1 0A 91 ...
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.buildAndSendCommandAPDU
  --- message cla ins p1 p2 data
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.buildAndSendCommandAPDU
  --- message cred: null
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [INFO     ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.sendCommandAPDU
  --- message Command: APDU_Buffer = 00DC0104430141004FA8E0EF3FBA114C9A4FA74848007F611E01DC4B9ECDE00DCE08BCF86643A7385A82B4FB8206C6BF28ED82CE69E1541947C7A91E4528E10DC5C06C1142E10A91 (hex) | lc = 67 | le = -1
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [INFO     ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.sendCommandAPDU
  --- message Response: opencard.core.terminal.ResponseAPDU@1292d26
  0000: 90 00 ..
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.tcosUpdateRecord
  --- message SFI: -1 Mode: 4 Record Number: 2 Data: 0000: 02 04 00 01 00 01 ......
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.buildAndSendCommandAPDU
  --- message cla ins p1 p2 data
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [DEBUG    ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.buildAndSendCommandAPDU
  --- message cred: null
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [INFO     ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.sendCommandAPDU
  --- message Command: APDU_Buffer = 00DC020406020400010001 (hex) | lc = 6 | le = -1
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  [INFO     ] de.telesec.opencard.tcos20.service.TCOS2BaseCardService.sendCommandAPDU
  --- message Response: opencard.core.terminal.ResponseAPDU@5329c5
  0000: 90 00 ..
  --- thread Thread[main,5,main]
  --- source class de.telesec.opencard.tcos20.service.TCOS2BaseCardService
  Hier bricht die Sau ab!! [Martin, hat nat�rlich recht]
  java.lang.RuntimeException: Cannot find any provider supporting RSA
       at de.telesec.opencard.tcos20.security.credential.ReceiveRSACommunicationCredential.initCipher(ReceiveRSACommunicationCredential.java:132)
       at sample.enableSecureMessaging(sample.java:160)
       at sample.start(sample.java:522)
       at sample.main(sample.java:564)
  Process sample finished
  I hope you can help me !

  Ok i have solved the Problem by myself, the solution is to do :
  -rsaKeyPairGenerator = KeyPairGenerator.getInstance("RSA");
  but the cipher musst be
  - cipher = Cipher.getInstance("RSA/ECB/PKCS#1");
  in the Java-Security all Providers have to disable be adding a # bevor each line
  only this line has to put in
  - security.provider.1=sun.security.provider.Sun
  and last you have to load the Flexi Core and the cryptix Providers dynamicly
  -Security.addProvider(new de.flexiprovider.core.FlexiCoreProvider());
  -Security.addProvider(new cryptix.jce.provider.CryptixCrypto());

• Problem signing certificates from external token (smart card)

  I can not sign PDF documents with an external token (smart card) through a card reader of a Cherry keyboard.
  The card drivers perfectly detect the card and certificates in it, however when trying to sign a certificate in Adobe and select the location of the certificate click in the option "A device attached to this computer" ... I get an error indicating that no device is connected to the computer appears.
  I have tried several different card readers, it seems a problem of drives because the middleware card recognizes all tested certificates readers, however it seems that Adobe is not able to find the card reader. It has happened with several teams. In one team made a clone and deploy it to another machine with the same hardware environment, the firm run properly in the pdf that clone, however on the original computer is not working.
  You have any idea what could be the problem? Thank you very much in advance.

  If the digital ID's corresponding public-key certificate is not getting added to either the Windows Certificate Store, or Mac Keychain Access when you plug the card into the card reader, then you need to load the PKCS#11 module via the Acrobat UI. The module will be a DLL on Windows or a bundle file on the Mac. The problem is there is no one file name to look for, you would need to consult the hardware's documentation to find the name of the file. Once you know the name you can add the P11 module from the Security Settings dialog and then Acrobat will then see the digital ID(s) loaded on the smart card.
  Steve

• Problems initializi​ng a SafeNet 330 through the BlackBerry Smart Card Reader

  Hi,
  I successfully managed to use the BlackBerry Smart Card Reader from my PC. Now I'm trying to initialize a SafeNet 330 smart card with the SafeNet BSEC tool from the PC. But whatever I do the initializing fails.
  Has anyone successfully initialized a card this way through the BlackBerry Smart Card reader?
  I'm suspecting a problem with the reader why I'll try to find my Gemplus400 reader and see if that works.
  Thanks
  Chris
  Solved!
  Go to Solution.

  Using the Gemplus400 reader did the trick. Looks like the BlackBerry SCR reader stumbles about setting the password during the intialization as it does set the label successfully.

• Smart Card reader for T410

  Hi everybody, I'm new in this topic...
  I want install a Smart Card reader on my Thinkpad T410 2537-WBB but I don't say what I need. There are two component, the 60Y5029 and the 60Y5030...what is the right one? And I must also buy a cable 45M2894? Thanks and sorry for my english
  Solved!
  Go to Solution.

  h2bazza wrote:
  Thanks wditters!! What is the difference between 60Y5029 and 60Y5030? Can you suggest me a store?
  The difference is possibly a brand thing, for instance Gemplus and or another brand. Not a clue and not really important. Any Lenovo dealer should be able to order the parts directly form IBM. End users cannot.
  Lenovo Premium Business Partner
  X1 Carbon Touch | i7-3667U | 8Gb | 256Gb | HD 4000 | 14HD+ | WWAN | W8.1 Pro RTM x64 |

• SMART CARD READER ProBook 6570b problem

  Last august, i bought a ProBook 657b, with a smart card reader installed (standard)
  A few days after I bought it, it worked perfectly and I could read the information on my ID
  But since a day or 2, it does not work anymore.
  I think the PC has troubles finding this device.
  Is there someone who has any idea how I can solve this problem? 
  GRTZ

  Hey there,
  What operating system are you currently using? Also are you receiving any error messages when trying to use the smart card reader? Have you been using only 1 smart card, or do you have a extra one handy that you could test with?
  Thanks,
  Sean
  -------------How do I give Kudos? | How do I mark a post as Solved? --------------------------------------------------------

• Problem with CertificateRequest when using a smart card

  Hello,
  I have used the ssl debug statement to determine that ssl server is sending a CertificateRequest and a list of CAs. The smart card is opened via a password and I think X509KeyManagerImpl compares the Issuer of the smart card certificates with the server sent CAs. However since the issuer is an intermediate CA and only the root CA is in this list, the smartcard certificates are rejected. I CAN'T have the intermediate CA place in the ssl server list.
  Using SSLConnect (KeyManager, X509TrustManager, null). The KeyManager is using NSS and the TrustManager is using opensc-pkcs11 via SunPKCS11. The OS is Linux, kernel 2.6.35.10-74.fc14.i686.
  The intermediate CA is in the local cert store.
  The application being used is DavMail.
  Am I correct in stating that the the smart card certificates are checked against the server sent CAs?
  Does anyone know how to get Java to use he local cert store to find the intermediate CA and then verify it against the Root CA in the server sent list?

  Placed in wrong forum. Moved it to Security Java Secure Socket Extension (JSSE)

• X240 touch screen and smart card seader problem

  Hello
  I installed Smart Card Reader (FRU 04X3984) to my X240 touch and after that the touch screen doesnt work. OS says that the "no pen or touch input available for this display". If I unplug the SCR cable from MB then touch function is going to work again. There are no conflict messages in system, they just doesnt work together!! 

  Hello moban2010,
  It sounds like you have two separate issues going on here. For the display and touchscreen response I suggest you use the following article to help isolate and resolve the situation.
  iPhone, iPad, iPod touch: Troubleshooting touchscreen response
  http://support.apple.com/kb/ts1827
  For the alert you are getting that your sim card is not installed, there is another great article.
  iPhone: Troubleshooting No SIM
  http://support.apple.com/kb/TS4148
  Thanks for reaching out,
  -Joe

• Blackberry Smart Card Reader Problem

  I am trying to setup a Blackberry Smart Card Reader for two factor authentication.  Right now I am trying to set it up with a 8300, once I get that working I will set it up with a 9000 as well.
  I have succesfully paired the Smart Card Reader with the 8300.
  I have a smart card from 360 Web Secure, that is supposed to be a ISO 7816 PC/SC T=0.  It has been setup with 360 Web Secure software for windows logon.
  When I try and turn on two-factor authentication on the blackberry (User Authenticator - Enabled), I get the error:
  Unable to initialize the user authenticator, no supported user authenticator is present.
  I'm guessing that my 360 Web Secure card is not actually compatible, as the Registered Card Drivers listed in the smart card settings on the blackberry are: SafeNet 330, PIV, and GSA CAC.  Since I can't find any material as to wether the 360 card is compatible with these formats, it probably isn't.
  I've spent hours searching the net for a card that would work and I have no idea.  There are many place selling all kinds of cards, but they are all blank cards and seem to need a large enterprise software package to be able to program/manage them....
  So, as an individual, where do i get a card that I can use for two-factor authentication with the blackberry smart card reader?

  This smart card is not supported by the BlackBerry. You would have to write drivers for it yourself.
  The only smart cards which are supported right now are the SafeNet 330, the DoD CAC and the PIV for US federal governments. The later two are actually special versions of the SafeNet 330 with some specific extensions.
  If you want to use smart cards on the BlackBerry you'll therefore need to purchase a SafeNet 330 card along with all the software and hardware to initialize the card on a PC and create/import the certificate.
  Hope that helps.
  Chris