2-way SSL with JCAPI an non-exportable private key

Hello,

I have a certificate/key in the local MS keystore and want to use this for client authentication (2-way SSL). However, the private key is marked as non-exportable.

But during the SSL handshake i get the following exception:

java.security.InvalidKeyException: Modulus is missing

(full stack trace below).

When using an exportable private key AND setting

JCAPIProperties.getInstance().setPrivateKeyExportable(true);

to true, the ssl handshake succeeds.

Is it possible to use JCAPI for this purpose (2-way SSL with non-exportable key)?

Unfortunately, using exportable private keys is not an option.

Thanks in advance,
Michael

Sample code:

import java.security.*;

import java.security.cert.CertificateException;



import javax.net.ssl.*;

import com.pheox.jcapi.*;



public class JcapiSSL {



	private static final String HOST = "localhost";

	private static final int PORT = 443;

	

	public static void main(String args[]) throws Exception {

		System.out.println(JCAPIUtil.getEnvironmentInfo());

		JCAPIProperties.setLogging(true);

		

		//JCAPIProperties.getInstance().setPrivateKeyExportable(true);



		SSLSocketFactory sslFactroy = null;

		SSLContext context;

		KeyManagerFactory kmf;

		KeyStore keystore;

		

		context = SSLContext.getInstance("TLS");

		kmf = KeyManagerFactory.getInstance("SunX509");

		

		keystore = KeyStore.getInstance("msks", "JCAPI");

		keystore.load(null, null);

		

		KeyStore truststore = KeyStore.getInstance("msks", "JCAPI");

		

		TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());

		tmf.init(truststore);



		kmf.init(keystore, new char[]{});

		

		context.init(kmf.getKeyManagers(), new TrustManager[]{new MyTrust()}, null);

		sslFactroy = context.getSocketFactory();

	    SSLSocket socket = (SSLSocket)sslFactroy.createSocket(HOST, PORT);

	 

	    socket.startHandshake();

	    socket.close();

	}

	

	// accept all server certs

    static class MyTrust implements X509TrustManager {

		public void checkClientTrusted(java.security.cert.X509Certificate[] arg0, String arg1) throws CertificateException { }

		public void checkServerTrusted(java.security.cert.X509Certificate[] arg0, String arg1) throws CertificateException { }

		public java.security.cert.X509Certificate[] getAcceptedIssuers() { return null;	}

    }

}

Full stack trace:

Exception in thread "main" javax.net.ssl.SSLHandshakeException: Error signing certificate verify
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1518)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:174)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:609)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:160)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:495)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:433)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:818)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1030)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1057)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1041)
at JcapiSSL.main(JcapiSSL.java:38)
Caused by: java.security.InvalidKeyException: Modulus is missing
at sun.security.rsa.RSAKeyFactory.checkKey(RSAKeyFactory.java:112)
at sun.security.rsa.RSAKeyFactory.toRSAKey(RSAKeyFactory.java:76)
at com.sun.crypto.provider.RSACipher.engineGetKeySize(DashoA12275)
at javax.crypto.Cipher.b(DashoA12275)
at javax.crypto.Cipher.a(DashoA12275)
at javax.crypto.Cipher.init(DashoA12275)
at java.security.Signature$CipherAdapter.engineInitSign(Signature.java:1205)
at java.security.Signature$Delegate.init(Signature.java:1079)
at java.security.Signature$Delegate.chooseProvider(Signature.java:1036)
at java.security.Signature$Delegate.engineInitSign(Signature.java:1109)
at java.security.Signature.initSign(Signature.java:503)
at com.sun.net.ssl.internal.ssl.RSASignature.engineInitSign(RSASignature.java:108)
at java.security.Signature$Delegate.engineInitSign(Signature.java:1107)
at java.security.Signature.initSign(Signature.java:503)
at com.sun.net.ssl.internal.ssl.HandshakeMessage$CertificateVerify.<init>(HandshakeMessage.java:1002)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:605)
... 8 more

Environment info:

-------------- Environment info start --------------
JCAPI version: 1.1.2.0
JCAPI DLL version: 1.1.2.0

Certificate/system stores:
My
Root
Trust
CA
UserDS
TrustedPublisher
Disallowed
AuthRoot
TrustedPeople
ACRS
ADDRESSBOOK
REQUEST

Using cert entry store: ADDRESSBOOK
Using key entry store: My
Using intermediate cert store: CA
Using root cert store: Root
Using untrusted cert store: null

Available CSPs:
Gemplus GemSAFE Card CSP v1.0
Infineon SICRYPT Base Smart Card CSP
Microsoft Base Cryptographic Provider v1.0
Microsoft Base DSS and Diffie-Hellman Cryptographic Provider
Microsoft Base DSS Cryptographic Provider
Microsoft DH SChannel Cryptographic Provider
Microsoft Enhanced Cryptographic Provider v1.0
Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider
Microsoft Enhanced RSA and AES Cryptographic Provider (Prototype)
Microsoft Exchange Cryptographic Provider v1.0
Microsoft RSA SChannel Cryptographic Provider
Microsoft Strong Cryptographic Provider
Schlumberger Cryptographic Service Provider

Using CSP: Microsoft Enhanced Cryptographic Provider v1.0

Supported PKCS#11 CSPs:
FTSafe ePass2000 RSA Cryptographic Service Provider
eToken Base Cryptographic Provider
SmartTrust Cryptographic Service Provider
SI_CSP
SafeSign CSP Version 1.0
AR Base Cryptographic Provider
Athena ASECard Crypto CSP

User added PKCS#11 CSPs:

Loaded JCAPI plugins: No plugins loaded!
Registered JCE providers: SUN, version 1.5
SunJSSE, version 1.5
SunJCE, version 1.5
SunJGSS, version 1.0
SunSASL, version 1.5
JCAPI, version 1.12

java.version: 1.5.0_09
java.vendor: Sun Microsystems Inc.
java.vm.version: 1.5.0_09-b01
java.vm.vendor: Sun Microsystems Inc.
os.name: Windows XP
os.arch: x86
os.version: 5.1
java.library.path: C:\Program Files\Java\jdk1.5.0_09\bin;.;C:\WINDOWS\system32;C:\WINDOWS;C:\Program Files\Java\jdk1.5.0
_09\bin;C:\Program Files\Support Tools\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Company\Tool;C:\Progr
am Files\Java\j2re1.4.2_02\bin\;C:\PROGRA~1\IBM\SQLLIB\BIN;C:\PROGRA~1\IBM\SQLLIB\FUNCTION;C:\Program Files\Java\j2re1.4
.2_02\bin\;C:\Program Files\IBM\WebSphere MQ\bin;C:\Program Files\IBM\WebSphere MQ\tools\c\samples\bin;C:\Program Files\
Java\j2re1.4.2_02\bin\;
-------------- Environment info end --------------

Hi Michael,

Unfortunately, your private key must be exportable through MS CAPI when using it in Java SSL. This is not a JCAPI issue, it's a limitation in the JSSE framework.

If you want to get around this, then buy yourself a PKCS#11 hardware token, store your private key and certificate chain on the token. and then use it together with SUN's PKCS#11 provider (available in Java 5). This is also the most secure solution for you if securing your private key is of most importance.

Regards,
Tommy

hi tommy,
Thanks for you kindly assistance,
This is the point:
1) I have a smartkey reader usbr30 pkcs11 incompatible.
2) This smartkey reader is ok for access by i.e.
3) I have only pcsc driver
4) I can sign with this smartkey reader with jcapi.
5) Private key is not exportable.
6) JCAPIProperties.getInstance().setPrivateKeyExportable(true); doesn't work
because it isn't pkcs11.

Now After your last post, I have made a own keymanager class for export private key,
but I get this error in handshake:

Exception in thread "main" javax.net.ssl.SSLHandshakeException: Error signing certificate verify
Caused by: java.security.InvalidKeyException: You must use a RSA public key for encryption.
at se.assembla.jce.provider.ms.MSCipherRSAJNI.engineInit(Unknown Source)
at javax.crypto.Cipher.init(DashoA13*..)
at java.security.Signature$CipherAdapter.engineInitSign(Signature.java:1202)
at java.security.Signature$Delegate.init(Signature.java:1076)
at java.security.Signature$Delegate.chooseProvider(Signature.java:1033)
at java.security.Signature$Delegate.engineInitSign(Signature.java:1106)
at java.security.Signature.initSign(Signature.java:49
at com.sun.net.ssl.internal.ssl.RSASignature.engineInitSign(RSASignature.java:10
at java.security.Signature$Delegate.engineInitSign(Signature.java:1104)
at java.security.Signature.initSign(Signature.java:49
at com.sun.net.ssl.internal.ssl.HandshakeMessage$CertificateVerify.<init>(HandshakeMessage.java:1213)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloDone(ClientHandshaker.java:715)
... 16 more

this is the code for connection

KeyStore ks1 = KeyStore.getInstance("msks", "JCAPI");
ks1.load(null, null);

OwnKeyManager ownKeyManager=new OwnKeyManager(null, ks1, alias,"mypin");

X509Certificate[] cert=(X509Certificate[])ownKeyManager.getCertificateChain(alias);
KeyManager[] kmf2 = new KeyManager [] {ownKeyManager};

KeyStore serverKeyStore = KeyStore.getInstance("JKS");
System.out.println("done!");

serverKeyStore.load(null, "".toCharArray() );
System.out.println("done!");

KeyStore ks2 = KeyStore.getInstance("msks", "JCAPI");
ks2.load(null, null);
JCAPIProperties.getInstance().setExclusiveMSCertStore(ks2, "Root");
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(ks2);
SSLContext c = SSLContext.getInstance( "SSL", "SunJSSE");
c.init(kmf2,tmf.getTrustManagers(), null);

My public key is rsa, and I don't understant this error.

Thanks in advance.
Marco

I have forgotten it.
I think that I have only handle of key...

Hi Marco,

Your stack trace is most peculiar:


Exception in thread "main" javax.net.ssl.SSLHandshakeException: Error signing certificate verify

Caused by: java.security.InvalidKeyException: You must use a RSA public key for encryption.

at se.assembla.jce.provider.ms.MSCipherRSAJNI.engineInit(Unknown Source)

If you want to use the Assembla JCE provider, then you have to speak with the guys at Assembla about your problem.

If you want to use JCAPI together with a hardware token in your SSL enabled program, then there are some JCAPI specific limitations to take into consideration:
1. There must be a PKCS#11 DLL available for your hardware token, and JCAPI must be configured to use it (either supported by default, or you have to add it manually through the method JCAPIUtil().addPKCS11CSP(String, String)).
2. You must use Java 5 or higher since the JCAPI SSL plugin is using SUN's PKCS#11 provider that is include in Java 5 and higher versions.
3. You have to use the JCAPI SSL plugin. If you're using JCAPI with your own key- and trust managers, then the JCAPI PKCS#11 support will not be available since it is utilised by the key- and trust managers within the JCAPI SSL plugin. Shortly meaning that you can only use JCAPI with your own key- and trust managers if the private key is exportable from MS CAPI.

Since your environment do not provide a PKCS#11 DLL for your CSP, then you cannot use JCAPI or SUN's PKCS#11 provider. But there is probably a solution available for you; SUN has implemented a MS CAPI provider in Java 6 that should support hardware tokens in SSL. A good starting point here would be:
http://java.sun.com/javase/6/docs/technotes/guides/security/SunProviders.html#SunMSCAPI
http://java.sun.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html

Seamless SSL support for JCAPI with hardware tokens without required PKCS#11 support is subject to version 2.0.

Regards,
Tommy

Thank you for your support and the Assembla team (I have used the same libraries for another project).
I use Java 1.6 because of its new features for smart keys and token.
Now I've tried Sun MSCAPI, but during handshake it popups a window for PIN request, but I don't like it because I need to automatize all the login process without manually inserting anything.

Regards,
Marco

Thank you for your support and the Assembla team (I have used the same libraries for another project).

No problem.

Now I've tried Sun MSCAPI, but during handshake it popups a window for PIN request, but I don't like it because I need to automatize all the login process without manually inserting anything.

Ok. I've not tested it myself with hardware tokens, but I admit that it sounds annoying.

Well, what you can do now is the following:
1. Get hold of the required PKCS#11 DLL for your SysGillo CSP. All CSPs that I've heard of do provide support through PKCS#11, so a good thing to do is to get in contact with the SysGillo CSP manufacturer and ask for the file. Another possibility is that you might already have the file in question on your hard drive. I made a search on the net for SysGillo and found the following interesting page (http://www.digitaltrust.it/i-sign/token.php). It shows the following SysGillo associated PKCS#11 files (perhaps you can find one or more of them on your hard drive?):
IpmPki32.dll
IpmPkilu.dll
IpmPkilc.dll

2. Or buy yourself another hardware token. I've had a discussion with a sales manager at Advanced Card Systems Ltd, and he says that the ACR30 model is old and is about to be phased out (and he has never heard about the SysGillo CSP). Perhaps there are other solutions available that will suit your needs?

Regards,
Tommy

Thanks for your kind help,

IpmPki32.dll
IpmPkilu.dll
IpmPkilc.dll

I haven't found dll, there are only pcsc dll.

2) I said this idea more time ago, my boss refused this option, because this key store have sensible data.

Seamless SSL support for JCAPI with hardware tokens without required PKCS#11 support is subject to version 2.0.

This is for me! I attend this version!!!

Regards
Marco