As I read here here:
"Unlike most Java Cryptography Architecture (JCA) providers, the Sun PKCS#11 Provider does not implement the cryptographic functionality directly; it relies on a native PKCS#11 implementation to which it forwards all operations. This implementation must be available as a .dll file in Windows or a .so file in UNIX and Linux. For example, if you use the Utimaco SafeGuard Smartcard Provider for Windows, the PKCS#11 implementation is the library pkcs201n.dll."
Are smartcard provider obliged to have jca provider? For example where can I find jca provider for gemalto ?
The PKCS#11 Reference Guide is a good place to start.
Gemalto smart cards always ship with a PKCS#11 DLL, unfortunately it has different names depending on the card. Just look through the files that came with your installation until you find a DLL with "p" and "11" in it :)
After you located it, you may follow the steps given in the reference guide, i.e. create a configuration file that points to the PKCS#11 library etc. If everything went well, you should be able to access the smart card as simply as
KeyStore ks = KeyStore.getInstance("PKCS11");
ks.load(null, "pin".toCharArray());
Please note that for production code you should implement a proper CallbackHandler
as outlined in the guide, of course - the above is just for a quick check that everything works.
Are smartcard provider obliged to have jca provider? For example where can I find jca provider for gemalto ?
No, of course not, that fully depends on what's in the contract. It's quite likely you get a PKCS#11 compatible library (with more or less functionality depending on the provider/card). It's likely but probably not fully tested that this is compatible with the PKCS#11 provider, which is a bit picky on how things are configured. The delivery of an actual JCA provider is a rarity, and you are lucky if you can get one that actually works.
[EDIT]
About the different question in the title: only the Sun PKCS#11 provider requires you to configure a .dll
. Others may require one depending on the implementation. If the provider depends on OS support (e.g. the CAPI provider uses Windows functionality) it will probably require a non-configurable .dll
or .so
somewhere on the library path. Bouncy Castle and other pure Java providers generally don't require any .dll
or .so
.
Contact Gemalto to see if they have a JCA provider, they should know for sure.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With