Using Smartcard to enter UserID in my Java form

StackOverflow https://stackoverflow.com/questions/20872462

  •  23-09-2022
  •  | 
  •  

Question

I am very new to Java and Smartcard programming. I have this requirement which looks simple but I am unable to find the exact resource till now.

I have a JPanel form which asks for User ID. Once User ID is entered, there is a whole deal of programming done which works fine.

My requirement is, I want User ID to be entered using a Javacard. So, Java card should contain User ID which populates the UserID text box of my JPanel when it is swiped into card reader.

Any help in this regard is highly appreciated.

Thanks

Was it helpful?

Solution

Depends on what protocol the smart card implements. A smart card can respond to arbitrary requests (known as APDUs) with arbitrary responses. Typically, your conversation with the smart card goes like this:

  • App: “List the X.509 certificates (usernames and public keys) for which you know the private keys.”
  • Card: “X.509 certificate for CN=Bob, signed by company’s Active Directory with CN=...”
  • App: “Authenticate the user using this PIN: 1234”
  • Card: “PIN valid.” The card is now ready to use its private key.
  • App: “Tell me the RSA (PKCS#1) signature using your private key of this 32-byte random number ...32 bytes...”
  • Card: “...128-byte signature...”
  • App verifies that the signature is valid using the public key, proving that the card does indeed have the private key stored in it. Note that the app is never allowed to actually read the private key; it is never transferred off the card.

That is the basic back-and-forth that you want to have with a smart card. What specific API you need to use depends on what protocol/libraries the card maker gives you. It sounds like you don’t really care about authenticating the card; you just want to read the username off of it. Then you can just stop after the first step. But you have to go through all steps if you want to make sure the card is authentic and not a duplicate.

Commonly, the company that programmed the smart card for PKI will also provide a native library that implements the PKCS#11 C interface. If this is the case, then you can configure the SunPKCS11 JCE Provider to use the correct pkcs11 .dll or .dylib. Then you can access the KeyStore and PrivateKey on the card.

If the card adheres to a standard protocol such as PKCS#15, then you may be able to use the OpenSC pkcs11 dynamic library instead along with SunPKCS11 JCE provider. You can also use OpenSC’s command line utilities to test the card.

An alternative is to speak directly to the smart card using APDUs. You do this using the javax.smartcardio API (although I should warn you that Sun’s implementation is buggy on OS X; use jnasmartcardio instead). For this, you need to know the specific protocol that the card is supposed to implement. This is commonly PKCS#15; see MyEID APDUs for an abbreviated list of the essential APDUs.

OTHER TIPS

Have you looked at this? Not tested personally but it might be a starting point. http://docs.oracle.com/javase/7/docs/jre/api/security/smartcardio/spec/

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top