0

I am having a cac card that I am accessing through java code. I am extracting an x509 certificate and now I need to use this cert (or anything else that I can extract from the cac card) to sign a pdf document.

Currently, I am using the name and alis from the x509 and creating my own pfx which I am using with itext to sign BUT that's not the right approach. I need to use some form of the cert DIRECTLY to sign the pdf.

My questions are:

  1. Is it possible?
  2. If yes, how?
  3. If no, what are the alternatives?
  4. Does a smart card contain a pfx?

Help!

Eugen Konkov
  • 22,193
  • 17
  • 108
  • 158
dexter
  • 41
  • 1
  • 1
  • 7
  • 1
    The same was asked yesterday and mkl left some valuous comments: http://stackoverflow.com/questions/39744911/how-to-extract-a-pfx-from-x509-certificate-in-a-cac-card-to-sign-a-pdf-document – Egl Sep 29 '16 at 13:56
  • That doesn't seem to answer my questions...@Egl – dexter Sep 30 '16 at 06:52
  • His comments include links to a paper and source code that explain how to do it, if you have the pkcs11 library to access the CAC, which should be mandatory for you if you want to use a CAC. So yes, he answered your questions. – Egl Sep 30 '16 at 09:10
  • Mmmm, since you're new in stackoverflow, have you realized there is a "show more comments" link in the page I linked? In these additional comments is where the valuable comments are. – Egl Sep 30 '16 at 10:37
  • @Egl, In sample 4.1, he is using a config file that points to a library (library = /usr/lunasa/lib/libCryptoki2_64.so) http://docs.oracle.com/javase/7/docs/technotes/guides/security/p11guide.html -> this post talks about this library and says -"This is the full pathname (including extension) of the PKCS#11 implementation;..... C:\foo\mypkcs11.dll might be one on Windows" Where exactly do I get this dll? Does it come with a smart card? I checked in windows/system32 but couldn't find this even when I have my card plugged in – dexter Sep 30 '16 at 11:36
  • You have to change this /usr/lunasa/lib/libCryptoki2_64.so and put the pkcs11 library for CAC cards, that seems to be libcackey.so or libcackey.dll (check your CAC driver installation) – Egl Sep 30 '16 at 12:03
  • @Egl I installed opensc and found opensc-pkcs11.dll, But now am getting the following error java.security.KeyStoreException: PKCS11 not found at java.security.KeyStore.getInstance(Unknown Source) – dexter Oct 03 '16 at 05:40
  • Ask your CAC card provider for the PKCS11 library you need and how to install it. – Egl Oct 03 '16 at 09:23

0 Answers0