JAVA Toolkit
| home | contact




Demos

 The examples directory contains several samples that show how to use this library. The following demos are included. Remind that your PKCS#11 token must support the required cryptographic mechanism to run; for example, the RSA demos will not run with a token that d/oes not support the required RSA mechanism. Beside the demos in the demo directory, there are several other demos included. The applet-demo directory includes a demo that shows how to use sign with a PKCS#11 token, for example a smart card, inside an applet. The iaik-jce-demos directory contains demos that show how to use this provider to create PKCS#7 signatures, to sign a certificate request, to sign public key and attribute certificates, to sign CRLs, and to sign OCSP requests and OCSP responses; these demos are based on the IAIK-JCE toolkit which is part of the PKCS#11 provider library.

These demo suites include samples for all important step in a typical life cycle of a key; i.e. there are demos for key-pair generation with export of the public key, a demo which constructs and signs a PKCS#10 certificate request, the import of a certificate chain. In addition, there are demos that show how to use a PKCS#11 token, for instance a smart card, to do SSL and TLS client authentication. Client authentication is done with a certificate from the token and signing with the token. There are two different SSL client authentication demos - first, for use with IAIK-SSL (iSaSiLk) which works with any JDK (in the isasilk-demo directory); second, for use with JDK 1.4 or higher and the included JSSE implementation which does only work with JDK 1.4 (in the jsse_jdk14-demo directory). The xsect-demo contains examples which show how to use the PKCS#11 provider to create and verify XML signatures using the IAIK XSECT library. In the iaik-cms-demo directory there are samples for using the PKCS#11 provider in combination with the IAIK-CMS library to create and verify CMS signatures, to encrypt and decrypt CMS data and to handle S/MIME messages.

The demos read their PKCS#11 module configuration from properties files. These properties files reside under the resources directory. You must ensure that the resources directory is included in the CLASSPATH. Otherwise, the demo will throw an exception saying something like iaik.pkcs.pkcs11.provider.IAIKPkcs11Exception: Required PKCS11_NATIVE_MODulE property has not been configured; e.g. check if properties files are in the CLASSPATH. In addition, you should not forget to edit the resources/iaik/pkcs/pkcs11/provider/IAIKPkcs11.properties file and enable the appropriate PKCS11_NATIVE_MODULE entry for your PKCS#11 module. Please note that most of the demo use dynamic provider registration. If you want to use the demos with static provider registration (i.e. through the java.security file), you will have to adapt the demo code.

 There is a Readme.txt file in each demo directory. It provides some basic information about the examples. The demos in the demo directory are grouped in the following categories:

  • ciphers

    Shows how to encrypt data using symmetric (AES, DES, Triple-DES) and asymmetric (RSA) algorithms.

  • hashes

    Shows how to hash data using hashing algorithms like MD5 or SHA256.

  • keyagreement

    Shows how to perform a keyagreement to agree on a common secret key between two parties using Diffie-Hellman.

  • keyfactory

    Shows how to encode, decode or generate keys using a keyfactory.

  • keygeneration

    Shows how to generate secret keys or key pairs, and how to derive new keys from existing keys.

  • keystore

    Shows how to use the PKCS#11 module as JCE/JCA keystore, how to read and add key or certificate entries to the keystore and how to import keys and certificates from a PKCS#12 file.

  • macs

    Shows how to calculate message authentication codes.

  • random

    Shows how to create random data.

  • signatures

    Shows how to sign data using RSA or ECDSA.

  • utils

    This folder includes methods frequently used in the demos and other helpful demos. The PatchToUTF8 demos show how to update the character encoding of labels and pins to UTF8 encoding.

  • wrapper

    Prints general information about the PKCS#11 token for debugging purposes.

  • and additionally includes three demos, how to change the PIN of a token, how to select

     a specific slot and how to use two different modules in one application.

 The demos in the iaik-jce-demos directory are:

  • DemoCa

    Shows how to use a PKCS#11 token to sign certificates for a basic CA.

  • PKCS7DecryptionDemoWithRSACipherProvider

    Shows how to decrypt a PKCS#7 enveloped data using the RSACipherProvider feature of the PKCS#7 implementation of the IAIK-JCE.

  • PKCS7DecryptionDemoWithUnwrapRSACipherProvider

    Shows how to decrypt a PKCS#7 enveloped data using the RSACipherProvider feature of the PKCS#7 implementation of the IAIK-JCE. In contrast to the previous example, this example uses the key unwrap function of the PKCS#11 module rather than the normal decrypt function.

  • PKCS7SigningDemo

    Shows how to create a PKCS#7 signature.

  • PKCS7SigningDemoWithRSACipherProvider

    Shows how to create a PKCS#7 signature using the RSACipherProvider feature of the PKCS#7 implementation of the IAIK-JCE.

  • SelfSignedCertificate

    Shows how to generate a key-pair and create a self-signed certificate.

  • SignAttributeCertificate

    Shows how to sign an X.509 attribute certificate.

  • SignCertificate

    Shows how to sign an X.509 public key certificate.

  • SignCertificateRequest

    Shows how to sign a PKCS#10 certificate request.

  • SignCRL

    Shows how to sign a CRL.

  • SignOCSPRequest

    Shows how to sign an OCSP request.

  • SignOCSPResponse

     Shows how to sign an OCSP response.

 The demos in the iaik-cms-demos directory are:

  • CreateEnvelopedData

    Creates an EnvelopedData structure using a given

     recipient certificate. This demo does not use the PKCS#11 provider, it

     is for convenience. Its output can be used as input to the

     EnvelopedDataStreamDemo.

  • EnvelopedDataStreamDemo

     This class shows how to decrypt data according to CMS using the

     PKCS#11 provider. This implementation uses the

     SecurityProvider feature of the CMS implementation of the

     IAIK-CMS toolkit.

  • SignedDataStreamDemo

     This class shows how to create explicitly or implicitly signed data according to CMS

     using the PKCS#11 provider. This implementation uses the

     SecurityProvider feature of the CMS implementation of the

     IAIK-CMS toolkit.

  • IaikPkcs11SecurityProvider

     This class implements a SecurityProvider for the IAIK-

     CMS toolkit. This SecurityProvider can handle

     IAIKPKCS11Key objects and is thus suitable for use with the

     PKCS#11 provider. The demos in this package use this class to get the

     IAIK-CMS library to use a PKCS#11 module instead of pure software

     crypto.

  • SMimeSignedDemo

     This example demonstrates how to create a signed S/MIME message and

     send it. It uses a PKCS#11 module (e.g. a smart card) to create the

     signature. This implementation uses the SecurityProvider

     feature of the CMS implementation of the IAIK-CMS toolkit.

 The demos in the xsect-demos directory are:

  • SignandVerifyXmlSig

     This class shows how to generate a XML-Signature with XSECT and the

     PKCS#11 provider. It is a slight modification of the sample that comes

     with XSECT. The signature value will be calculated in the PKCS#11 token.

     Verification is carried out without the PKCS#11 provider.

 The demos in the applet-demo directory are (please read the Readme.txt file):

  • RSASigningApplet

     This demo shows how to use the PKCS#11 Provider in an Java applet. It creates an RSA signature using a PKCS#11 token.

 The demos in the servlet-demo directory are (please read the Readme.txt file):

  • AddKeyEntryServlet

     This demo shows how to use the PKCS#11 Provider in a servlet. It generates a key-pair, creates a certificate

     corresponding to the key-pair, and adds the private key and the certificate as key entry to the keystore.

     The generated key entry is used for signing and verifying.

 The demos in the isasilk-demo directory are:

  • ClientAuthenticationSocketDemoIsasilk

     This class shows how to use a keystore of the PKCS#11 provider to

     authenticate a client to a server using RSA certificate and signature.

     The certificate will be read from the smart card and the signature for

     client authentication is done on the card.

  • IaikPkcs11SecurityProviderIsasilk

     This class implements the SecurityProvider interface of

     IAIK-SSL. It overrides the default behavior of the

     IaikProvider in a way that enables the use of PKCS#11 keys

     and the PKCS#11 provider.

 The demos in the jsse_jdk14-demo directory are:

  • ClientAuthenticationSocketDemoJsse14

     This class shows how to use a keystore of the PKCS#11 provider to

     authenticate a client to a server using RSA certificate and signature.

     The certificate will be read from the smart card and the signature for

     client authentication is done on the card.

 

 
print    tip a friend
back to previous page back  |  top to the top of the page