[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Code Signing *.jars using DoD PKI Hard token

Posted on 2012-12-28
1
Medium Priority
?
2,175 Views
Last Modified: 2013-01-05
I am at my wits end and will try Experts Exchange for once. Is there any guidance on how to code sign *.jar files using DoD PKI hard card.  The Code Signing certificate is embedded in the card once I get it, however, how do I use the card to sign my *.jar files?
0
Comment
Question by:raychamp
1 Comment
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 38728828
maybe of interest - see "Java Keystore". it uses jarsigner and pfx to sign .jar file. however, CAC (or smart card) is not supposed to have private key exported hence you will not have pfx.  

http://www.ewert-technologies.ca/blog/articles/cross-platform-code-signing

challenge is how to create and link the keystore used for signing to CAC.
there is an old article series (see pg1,2 and 3)  on smart card in general using pkcs#11 which you should take a look first for general smartcard

Pg1-http://www.developer.com/java/other/article.php/3587361/Java-Applet-for-Signing-with-a-Smart-Card.htm
Pg2-http://www.developer.com/java/other/article.php/10936_3587361_2/Java-Applet-for-Signing-with-a-Smart-Card.htm
pg3-http://www.developer.com/java/other/article.php/10936_3587361_3/Java-Applet-for-Signing-with-a-Smart-Card.htm

Specifically the pkcs#11 is using Sun java library seems to be the common way for java. Closest I can find for such java codes (2 links) to CAC are stated below which can be useful ref.

//Create our certificates from our CAC Card
         String configName = "card.config";
         Provider p = new sun.security.pkcs11.SunPKCS11(configName);
         Security.addProvider(p);

http://stackoverflow.com/questions/752890/how-to-connect-to-https-server-using-common-access-card/753129#753129

http://stackoverflow.com/questions/544056/common-access-card-cac-authentication-using-java

You can check this out this section "Signing and Verification with the On-Card Certificate" for the signing as well, but it will be rather similar as above (pg1-3) links

http://rostislav-matl.blogspot.sg/2012/04/using-smart-card-as-keystore-in-java.html

Hope it helps...Personally never done that ....
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ransomware, the malware that locks down its victim’s files until they pay up, has always been a frustrating issue to deal with. However, a recent mobile ransomware will make the issue a little more personal… by sharing the victim’s mobile browsing h…
What monsters are hiding in your child's room? In this article I will share with you a tech horror story that could happen to anyone, along with some tips on how you can prevent it from happening to you.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Suggested Courses

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question