Im writing a java application that does authentication via Smart Cards
(PKCS#11) and need to get it functional on OSX. Using the SunPKCS11
provider with the library out in /usr/libexec/SmartCardServices/pkcs11
it "half works". That is, it dosnt error, and can give some information
about the card and/or reader, but it seems to provide an empty KeyStore.
Ive looked around a little to see how to use the KeyChain via the
Apple.KeyChainStore provider instead, but I cant find any documentation
on it. Just using the basic usage examples Ive found:
ks = KeyStore.getInstance("KeychainStore","Apple");
ks.load(null,null);
I can see certificate entries for my smart card in the keystore, but no
key entries.
Ive found I can use keytool to test both cases easily:
keytool -keystore NONE -storetype PKCS11 -providerClass
sun.security.pkcs11.SunPKCS11 -providerArg pkcs11.config -list
The above lists PrivateKeyEntry's on Linux, and has 0 entries on Mac.
keytool -keystore NONE -storagetype KeychainStore -list -providerClass
com.apple.crypto.provider.Apple
The above lists trustedCertEntry's for the certs on the card, but no
PrivateKeyEntry.
Am I going about this wrong?
Jay
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Java-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/java-dev/email@hidden
This email sent to email@hidden
