While privateKey of a usb token is not accessible then Why we use keystore.getKey() in Java for digitally sign a pdf

Question

As per all readings I have found that, while using USB Token(HSM) we are unable to fetch private key from USB Token, Then Why we call KeyStore.getKey(alias,password) in java code.

I have done something like this where ks is my KeyStore object.

PrivateKey privateKey=(PrivateKey)ks.getKey(alias,pass.toCharArray());

and then print privateKey i get the following values.

  {algorithm: "RSA", encoded: null, format: null}

Can anybody explain the need of This step, and what it will do while we digitally sign a document using USB Token?

score 1 · Accepted Answer · answered Oct 06 '17 at 16:28

PrivateKey is an interface, the implementation depends on the cryptographic provider.

In your case, for an USB token, the provider (probably Sun pkcs#11) encapsulates the pkcs11 commands to the token when you executes a cryptographic operation. The private key is not really contained in your java service and the commands are executed on the token

A private key is non-extractable, so the encoded value must be null. For example if you use a Pkcs12 keystore ( a local .p12 file) you will see that encoded attribute contains the private key encoded in DER format

While privateKey of a usb token is not accessible then Why we use keystore.getKey() in Java for digitally sign a pdf

1 Answers1