0

I saw sample codes C4_01_SignWithPKCS11HSM.java and C4_02_SignWithPKCS11USB.java They both use SunPKCS11 provider which comes with java 1.8 (Am i wrong?).

So, What to do before 1.8? I tried putting sun library into java 1.7 installation but of course it got angry saying the class file formats are incompatible.

mehmet6parmak
  • 4,777
  • 16
  • 50
  • 71

1 Answers1

1

Actually, the examples you refer to were written for Java 7. Get the free ebook for which those examples were written and you'll read:

if you need to upgrade to make this example work on your OS, you may want to avoid the 64-bit version of Java 7, and opt for the 32-bit version. The SunPKCS11 provider is missing in the 64-bit version of Java 6 as well as Java 7. We’ll need that provider in the next chapter. There’s no ETA as to when Oracle will fix this problem.

That was written 3 years ago. You may want to check on the current status of that allegation.

As you know, all classes in sun packages, such as sun.security.pkcs11.SunPKCS11 aren't really supported by Oracle. Read the answers to It is a bad practice to use Sun's proprietary Java classes?

Community
  • 1
  • 1
Bruno Lowagie
  • 75,994
  • 9
  • 109
  • 165
  • Hi Bruno, Thank you for your help. Interestingly our java 1.7 64 bit installation on the server has sunpkcs.jar. We tried running the sample code and it worked. Have you ever seen people patching official installation in a way to include sunpkcs.jar? – mehmet6parmak Jul 14 '16 at 18:10
  • Also, we have tried some other PKCS11 wrappers but could only make it work with the code samples aforementioned. Do you have any easy to use pkcs11 wrapper suggestions? We tried jcryptoki but i guess it has problems on 64 bit linux systems (may be with a specific hsm vendor) – mehmet6parmak Jul 14 '16 at 18:13
  • The dependency on SUN packages has always been a problem. If you want to avoid this, you should really ask your HSM provider for the best solution. To avoid PKCS#11 problems with smart cards, I once wrote my own smart card library based on the smart card ISO specification: https://sourceforge.net/projects/smartcardsign/ If all else fails, you'll have to write a similar library to access your HSM. – Bruno Lowagie Jul 14 '16 at 18:24