Dynamically Creating a PKCS#11 Configuration

The previous post was about how a smartcard – or any other token – can be accessed from java. But this requires a configuration that is fed into the PKCS#11 API. On changing environments, hardcoding this configuration is most-likely a bad idea, especially for the slot ID.

PKCS#11 Slot Retrieval

Prior to generating the PKCS#11 configuration, the slot where the token is located has to be identified. This can be done using C_GetSlotList. This method returns an array of available slots. By providing the argument true, only a list of slots with available tokens will be returned.

In this sample, libraryPath is a field holding the path to the PKCS#11 dynamic library. Furthermore, it will only return a slot if at least one token is available.

PKCS#11 Configuration Generation

Generating the configuration with a given slot is straightforward. Simply concatenate the necessary key/value pairs and transform it to an InputStream.

Configuration with Dynamic Slot

Finally, the previous two steps have to be combined. Retrieve a slot and create a proper configuration if a token is available.

This sample will return a pre-fabricated configuration to be provided to SunPKCS11. If no token is available, it an empty value will be returned.

Example Code

References

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.