2

I am new to cryptography, hence I want to ask about my company's requirements.

  1. We are using eToken with RSA support.
  2. I have developed a code that encrypt file with public key and stored it in another file.
  3. Now I want to pass the encrypted file to eToken, and here is my issue.

How can I access the eToken from a Java applet? Is it right that I have to pass encrypted file to eToken and it will decrypt file for me?

How can I do this?

Paŭlo Ebermann
  • 73,284
  • 20
  • 146
  • 210
Pravin
  • 195
  • 1
  • 4
  • 15
  • @Paulo Thanks paulo for your great help but still I am stuck here. – Pravin Oct 15 '11 at 06:07
  • Sorry, while I would like to help you, I don't know anything about eToken. – Paŭlo Ebermann Oct 15 '11 at 20:54
  • It's depend on token. Some token works like smart-card and you can control it using javax.smartcardio.* . If you add specification for your etoken I will help you. – pushistic Apr 21 '12 at 13:53
  • @pushistic thanks for replay, I am using Aladdin etoken, I can access etoken but at KeyStore.Builder.newInstance("pkcs11",pro ,pp); builder.setCallbackHandler(new MyGuiCallbackHandler()); here at MyGuiCallbackHandler shows cannot be resolved to type and also KeyStore store = builder.getKeyStore(); return null keys. what should i do? – Pravin Apr 24 '12 at 08:00
  • pkcs11 api can read keys only from pkcs11 key store. If you generate key using for example Microsoft CryptoAPI it will not help you. I didn't work with Aladdin etoken but think they must have released special api. If not you should specify certain way for keys generating and try to use this api. – pushistic Apr 25 '12 at 09:13
  • @pushistic actually problem was MyGuiCallbackHandler, which is not providing by Aladding etoken hence I replace it with DialogCallbackHandler that prompt for token password. Now I can access etoken but I have to do encryption at client side so, I can use Applet but, I think applet can't access client resources so how can i do that? – Pravin Apr 25 '12 at 12:43
  • @Balasaheb I don't understand your trouble :(. What can you access? What kind of client resources is inaccessible? Could you explain more detail? – pushistic Apr 25 '12 at 13:48
  • @pushistic I just want to know how to encrypt any data/file at client side? should I use applet to this job or is there any other way? If there are any example for encrypting data/file at client side please share it. – Pravin Apr 26 '12 at 05:14
  • Yes, you can encrypt any data on client side using http://docs.oracle.com/javase/1.5.0/docs/guide/security/CryptoSpec.html#CipherClass.( eToken also can encrypt any information, but in this case I can't help you, because I haven't worked with Aladdin api) – pushistic Apr 26 '12 at 06:44
  • 1
    Partial answer: Aladdin eToken is smart-card based. In principle you can either use PKCS-calls or APDU-interface. (I'm not sure, whether file encryption is in PKCS-scope). For APDU interface there is no trivial way to encrypt a whole file, if its size exceeds the key size (for security reasons it should be even below 40% of key size), since thn a method of partionining in smaller chunks is needed. – guidot Dec 19 '12 at 08:15
  • @guidot I have developed an Applet to access eToken and its working fine but I am confused with how to access public key and private key for encrypt and decrypt a file. If I am using eToken then am I on wright track that getting public and privet key from eToken to encrypt and decrypt a file? – Pravin Dec 19 '12 at 09:14
  • 1
    @Balasaheb: The interesting point of having a smart card at all is, to generate the key pair on the card, so the private key never leaves the card. So you have a command like "use key #3 to decrypt this" but won't ever get the key value itself. If you generated the key pair outside, you have to write private or public key as key objects into the card before the card is able to use it, because there is no command like "decipher this using the following data as key". Reading out a private key from a card is typically not possible at all. – guidot Dec 19 '12 at 12:27

0 Answers0