smart Card tutorial : Part 1

When your application handles or performs sensitive data or operations, security becomes a major concern, which is why some companies decides to use Strong Authentication for their applications, also known as 'two factors authentication' : one thing that you have (the smart Card, or USB token), and one that you know (the PIN or password).

This article will be the start of a series of tutorials about smart cards (USB Tokens are readerless smartcards, so the same applies) : how to access, manage, generate keys etc... at the end of the articles, tou should be able to write smart-card-based applications for authentication, digital signatures and PIN/PUK management.

All the code will be using Standard interfaces to communicate with the smart card, no vendor specific one, so it should work with any kind of equipment you have. In other words, we will be using PKCS#11, the Cryptographic Token Interface Standard.

In order to use PKCS#11, you can either write your own wrappers using Java Native Interface (JNI) to export the native functions to java (will write a tutorial about that later), or you can download a free open source wrapper like iaik PKCS#11 Wrappers, which we will be using in this tutorial.

Requirements for this tutorial :

- A smart Card or USB Token of course.
- PKCS#11 Wrappers for java.
- PKCS#11 implementation library.

So, first things first, start by downloading the PKCS#11 wrappers from iaik web site. For the implementation librarie you will need to get it from your vendor, it's a .dll for windows, or a .so for linux, in my case i will be working with SafeNet Etoken Pro, so the library name is "eTPKCS11.dll".

Let's start by creating our class "SmartCardTutorial" with a constructor taking the library path as arg :

 public class SmartCardTutorial {  
   private Module pkcs11Module;  
   public SmartCardTutorial(String librarayPath) {  
     try {  
       pkcs11Module = Module.getInstance(librarayPath);  
       pkcs11Module.initialize(null);  
     } catch (IOException ex) {  
       Logger.getLogger(SmartCardTutorial.class.getName()).log(Level.SEVERE, null, ex);  
     } catch (TokenException ex) {  
       Logger.getLogger(SmartCardTutorialclass.getName()).log(Level.SEVERE, null, ex);  
     }  
   }  
 }  

in the code above we instantiated pkcs11Module, which will provide us informations about the connected smart cards/Tokens that we can access. Now, we will create a method that returns a list of all available slots, as we are not interested in empty slots, we will specify that we only want these with a token present :

 public Slot[] getTokenSlots() throws TokenException {  
     return pkcs11Module.getSlotList(Module.SlotRequirement.TOKEN_PRESENT);  
   }  

Now let's write a simple method that will print on the console the informations about the present token in the first slot, like its Serial number, vendor etc...

 public void printTokenInfos() throws TokenException {  
     Slot[] slots = getTokenSlots();  
     if (slots.length == 0) { //No tokens connected  
       System.out.println("Sorry, Couldn't find any token");  
     } else {  
       //Let's get the first slot  
       Slot selectedSlot = slots[0];  
       //Let's get the connected token  
       Token token = selectedSlot.getToken();  
       //Get the token infos  
       TokenInfo tokenInfo = token.getTokenInfo();  
       System.out.println("Token : " + tokenInfo.getLabel());  
       System.out.println("Vendor : " + tokenInfo.getManufacturerID());  
       System.out.println("Serial Number : " + tokenInfo.getSerialNumber());  
     }  
   }  

That's it for today folks, in the next article i will explain how to perform more advanced manipulation, like on-card RSA key-pair generation, storing and retrieving X509 certificates etc...