search

AbdullahAlhussein / USB_Token_PKI_Encryption_Decryption_Text

PKI Token provide secure storage for digital certificates and private keys. They allow public-key cryptography and digital signatures to be leveraged securely, without risk of leaking the private key information.
0 stars 1 forks source link
cryptography decryption encryption etoken java pkcs pkcs11 pki token

readme

USB_Token_PKI_Encryption_Decryption_Text


Overview

Group-1198

PKI tokens are hardware devices that store digital certificates and private keys securely. When you need to encrypt, decrypt or sign something, the token does this internally in a secure chip meaning the keys are never at risk of being stolen.


USB token based certificates are an implementation of PKCS#11, one of the Public-Key Cryptography Standards. Digital signature certificates are issued by a Certificate Authority (CA).


PKCS#11

The PKCS #11 standard defines a platform-independent API to cryptographic tokens, such as hardware security modules (HSM) and smart cards.

The API defines most commonly used cryptographic object types (RSA keys, X.509 Certificates, DES/Triple DES keys, etc.) and all the functions needed to use, create/generate, modify and delete those objects Read more PKCS11.


Specifications of the USB Token that worked on :

Token name: eToken

Token category: Hardware

Product name: SafeNet eToken 5110 FIPS

Model: Token 15.0.0.3 15.0.19

Card type: Java Card

OS version: eToken Java Applet 1.8.5


installation


The programs and systems used and the most important uses Software package must be installed :

1- safeNet Authentication Client

2-Entrust Entelligence Security Provider

3-Download eTPKCS11.dll

4-Download sunpkcs11.jar


Add an external configuration file which content following information:

In order to enable the JDK to access the security token, you will first need to create a configuration file. Open any plain-text editor and create a file named eToken.cfg. The file should contain 2, possibly 3, lines:

name=eTokenn 
library=c:\WINDOWS\system32\eTPKCS11.dll  
slot=0

Note: The default slot number when left unspecified is 0. SafeNet eToken 5100 will automatically assign to slot 0, therefore there will be no need for the slot line in the .cfg file. However this may need to be changed depending on the number of eTokens/SmartCard readers installed. The default slot number for the SafeNet Ikey 4000 is slot 3. The slot line will be required when using a SafeNet iKey 4000.


Also, add an external library, which is sunpkcs11.jar to run provider PKCS11 :

 sun.security.pkcs11.SunPKCS11 providerPKCS11 = new sun.security.pkcs11.SunPKCS11(pkcs11Config);


Run the program

When you run the program, a window will appear to enter the password to be able to connect to the USB Token and get the Certificates

PKI23


 KeyStore.CallbackHandlerProtection chp = new KeyStore.CallbackHandlerProtection(new MyGuiCallbackHandler() {});
 KeyStore.Builder builder = KeyStore.Builder.newInstance("PKCS11", null, chp);
 KeyStore keyStore = builder.getKeyStore();


After that, it will select the required certificates, which are the encryption certificate

  if( x509Certificate.getKeyUsage()[2] == true)


and access to the keys

 Key key = keyStore.getKey(alias, null); 
 privateKey  =  (PrivateKey )key ; 
 publicKey = x509Certificate.getPublicKey();


Then the program will encrypt the text and then it will decrypt the text


PKI8


Good Luck