1

为了防止令牌密码对话框,我通常使用 pkcs11interop 登录到 usbkey 并使用 capi 或 C# 中的一些 COM+ 控件进行数据签名。

但是现在我有了一个新的usbkey。当我第一次签名时,它仍然显示登录对话框。这个密钥的 pkcs11 dll 没有实现函数 C_SignUpdate,所以当我尝试在 Java 中使用 SunPkcs11 和 BouncyCastle 进行签名时,它会抛出异常:

    public static void main(String args[]) throws Exception {
        String configName = "d:\\javakey_My.cfg";
        String PIN = "123456";
        Provider prv = new SunPKCS11(configName);
        Security.addProvider(prv);
        KeyStore credentials = KeyStore.getInstance("PKCS11");
        char[] pin = PIN.toCharArray();
        credentials.load(null, pin);

        Key key = (PrivateKey) credentials.getKey("My Cert ID", null);
        Certificate[] chain = credentials
                .getCertificateChain("My Cert ID");
        X509Certificate cert = (X509Certificate) chain[0];
        Store certs = new JcaCertStore(Arrays.asList(chain));
        // set up the generator
        CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
        gen.addSignerInfoGenerator(new JcaSimpleSignerInfoGeneratorBuilder()
                .setProvider("SunPKCS11-MyKey").build("SHA1withRSA",
                        (PrivateKey) key, cert));
        gen.addCertificates(certs);
        // create the signed-data object
        CMSTypedData data = new CMSProcessableByteArray(
                "Hello World!".getBytes());
        CMSSignedData signed = gen.generate(data, false);
    }


Exception in thread "main" java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_FUNCTION_NOT_SUPPORTED
	at sun.security.pkcs11.P11Signature.engineUpdate(P11Signature.java:436)
	at java.security.Signature$Delegate.engineUpdate(Unknown Source)
	at java.security.Signature.update(Unknown Source)
	at java.security.Signature.update(Unknown Source)
	at org.bouncycastle.operator.jcajce.JcaContentSignerBuilder$SignatureOutputStream.write(Unknown Source)
	at org.bouncycastle.cms.SignerInfoGenerator.generate(Unknown Source)
	at org.bouncycastle.cms.CMSSignedDataGenerator.generate(Unknown Source)
	at Tryit.main(Tryit.java:108)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_FUNCTION_NOT_SUPPORTED
	at sun.security.pkcs11.wrapper.PKCS11.C_SignUpdate(Native Method)
	at sun.security.pkcs11.P11Signature.engineUpdate(P11Signature.java:430)
	... 7 more

有没有办法使用这个密钥来做 P7 签名?通过 .Net 或 Java,没有登录对话框。

4

0 回答 0