Friday, November 19, 2010

smart Card tutorial : Part 1

When your application handles or performs sensitive data or operations, security becomes a major concern, which is why some companies decides to use Strong Authentication for their applications, also known as 'two factors authentication' : one thing that you have (the smart Card, or USB token), and one that you know (the PIN or password).

This article will be the start of a series of tutorials about smart cards (USB Tokens are readerless smartcards, so the same applies) : how to access, manage, generate keys etc... at the end of the articles, tou should be able to write smart-card-based applications for authentication, digital signatures and PIN/PUK management.

All the code will be using Standard interfaces to communicate with the smart card, no vendor specific one, so it should work with any kind of equipment you have. In other words, we will be using PKCS#11, the Cryptographic Token Interface Standard.

In order to use PKCS#11, you can either write your own wrappers using Java Native Interface (JNI) to export the native functions to java (will write a tutorial about that later), or you can download a free open source wrapper like iaik PKCS#11 Wrappers, which we will be using in this tutorial.

Requirements for this tutorial :
- A smart Card or USB Token of course.
- PKCS#11 Wrappers for java.
- PKCS#11 implementation library.

So, first things first, start by downloading the PKCS#11 wrappers from iaik web site. For the implementation librarie you will need to get it from your vendor, it's a .dll for windows, or a .so for linux, in my case i will be working with SafeNet Etoken Pro, so the library name is "eTPKCS11.dll".

Let's start by creating our class "SmartCardTutorial" with a constructor taking the library path as arg :

 public class SmartCardTutorial {  
   private Module pkcs11Module;  
   public SmartCardTutorial(String librarayPath) {  
     try {  
       pkcs11Module = Module.getInstance(librarayPath);  
       pkcs11Module.initialize(null);  
     } catch (IOException ex) {  
       Logger.getLogger(SmartCardTutorial.class.getName()).log(Level.SEVERE, null, ex);  
     } catch (TokenException ex) {  
       Logger.getLogger(SmartCardTutorialclass.getName()).log(Level.SEVERE, null, ex);  
     }  
   }  
 }  

in the code above we instantiated pkcs11Module, which will provide us informations about the connected smart cards/Tokens that we can access. Now, we will create a method that returns a list of all available slots, as we are not interested in empty slots, we will specify that we only want these with a token present :

 public Slot[] getTokenSlots() throws TokenException {  
     return pkcs11Module.getSlotList(Module.SlotRequirement.TOKEN_PRESENT);  
   }  

Now let's write a simple method that will print on the console the informations about the present token in the first slot, like its Serial number, vendor etc...

 public void printTokenInfos() throws TokenException {  
     Slot[] slots = getTokenSlots();  
     if (slots.length == 0) { //No tokens connected  
       System.out.println("Sorry, Couldn't find any token");  
     } else {  
       //Let's get the first slot  
       Slot selectedSlot = slots[0];  
       //Let's get the connected token  
       Token token = selectedSlot.getToken();  
       //Get the token infos  
       TokenInfo tokenInfo = token.getTokenInfo();  
       System.out.println("Token : " + tokenInfo.getLabel());  
       System.out.println("Vendor : " + tokenInfo.getManufacturerID());  
       System.out.println("Serial Number : " + tokenInfo.getSerialNumber());  
     }  
   }  

That's it for today folks, in the next article i will explain how to perform more advanced manipulation, like on-card RSA key-pair generation, storing and retrieving X509 certificates etc...

8 comments:

  1. Interesting tutorial. I enjoyed reading the information that you have posted above about smart cards. There are so many authentication schemes available that used to secure the sensitive data. But the one that you have discussed is highly effective and is used in digital/ electronic signature technique too.
    digital signature software

    ReplyDelete
  2. It's hard to come by experienced people on digital security and it seems like you know what you're talking about. Thank you for sharing.
    You can also visit: Medisoft software
    Prefered software by most medical professionals

    ReplyDelete
  3. This comment has been removed by the author.

    ReplyDelete
  4. I like the valuable information you provide regarding data security. I will bookmark this and check again frequently. I am quite certain I will learn lots of new stuff right here. Thank you.

    Check this out:
    medical billing company

    ReplyDelete
  5. This comment has been removed by the author.

    ReplyDelete
  6. Very important tutorial.It helped me in my graduation project entitled " developement of application for managing smart card".
    Thank you.

    ReplyDelete