Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support PKCS11 KeyStores without keyStorePath #34

Merged
merged 1 commit into from
Mar 29, 2023

Conversation

sopgreg
Copy link
Contributor

@sopgreg sopgreg commented Mar 28, 2023

PKCS11 keystores as used by smart cards or HSMs don't require a keystore path. Apart from this fact, not much is different from a programmer's perspective compared to PKCS12.

Add this type to EKeyStoreType and adjust any classes like KeyStoreHelper to account for the fact of a missing keystore path.

@phax phax merged commit 842a3f2 into phax:master Mar 29, 2023
@sopgreg sopgreg deleted the pkcs11KeyStore branch March 29, 2023 09:59
@phax
Copy link
Owner

phax commented Mar 29, 2023

Thanks for the PR - I happily included it. Do you eventually have a quick link on how to easily setup the SoftHSM for testing?

@sopgreg
Copy link
Contributor Author

sopgreg commented Mar 29, 2023

For a simple start, you can install the windows package or build it yourself for linux,

https://medium.com/@purnomowhy.1981/installation-guide-softhsm2-in-windows-2e08649411c3
https://github.com/opendnssec/SoftHSMv2

The configuration is then a simple .cfg file as follows, which needs to be either referenced in JDKs java.security file or programatically via Provider#configure (as done in the unit test)

name = SoftHSM2
library = C:\SoftHSM2\lib\softhsm2-x64.dll
showInfo = true
slotListIndex = 0

via JDK: https://docs.oracle.com/en/java/javase/11/security/pkcs11-reference-guide1.html

phax added a commit that referenced this pull request Jun 18, 2023
phax added a commit that referenced this pull request Jun 18, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants