Re: [Fed-Talk] Exchange 2010
Re: [Fed-Talk] Exchange 2010
- Subject: Re: [Fed-Talk] Exchange 2010
- From: "Timothy J. Miller" <email@hidden>
- Date: Mon, 11 May 2009 09:12:50 -0500
Jay Kline wrote:
Netscape (way back when) had some stuff in the Javascript API for
doing crypto (signing, etc). Its too bad that never caught on.
It only had signing anyway (crypto.signText()):
http://docs.sun.com/source/816-6152-10/sgntxt.htm
Here's the current incarnation, and while it seems to be aimed at key
generation it should work for signing (again, no API for encrypting) and
it's totally dependent on Mozilla:
https://developer.mozilla.org/en/JavaScript_crypto
And the Java method dosnt work on OS X, since PKCS#11 support is
broken, and the Apple Keychain support in Java wont work for
smartcards either.
The Apple PKCS#11 module is broken, but there are others. The OpenSC
PKCS#11 module works fine with PIVs and *very* recent CACs (i.e., CACs
that are also PIVs).
From what I understand, KeyStore.getInstance("KeychainStore", "Apple")
*does* work, with caveats; the worst being that enumerating multiple
private keys is broken. We'll see what the next JRE update brings.
The last alternative is to use the javax.smartcardio API, which has the
advantage of being portable and the disadvantage of only being supported
in Apple's Java 6. However, it, too, has a bug: Apple's Java 6 is
64-bit *only*, but the PC/SC framework has only 32-bit targets. That's
a simple bug I expect should be fixed soon.
-- Tim
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden