This project is devoted to provide a simple software layer for digital signature, when an hardware cryptographic token is required.
The main goal is to maintain platform independence, and application environment neutrality (web and standalone usage examples are provided). The default implementation tries to comply as strictly as possible with the italian law digital signature directives.
j4sign has the ambition to be the first Java2 free software implementation of an "italian law - compliant" digital signature. Other similar software exists, see SmartSign and OpenSignature projects, but they use primarily C, C++ language.
The project core is practically an extension of the open source BouncyCastle cryptographic libraries for using PKCS#11 tokens.
PKCS stands for Public Key Cryptographic Standards, and is a set of specifications proposed by RSA Security Inc.; many of them has become RFCs or are de-facto standards. PKCS#11, for example, is the most widely used API for interacting with cryptographic tokens, because it was the first adopted in web browsers. For more informations about PKCS standards go to RSA Labs website.
Since PKCS#11 standard is an API specification in C language, implementations provided by token manufacturers
are typically native libraries. The project uses Java Native Interface and related native libraries
to interact with tokens.
For PKCS11 we use the excellent pkcs11 wrapper developed by IAIK of Graz University of Technology, released under an Apache/BSD-style license.
For basic SmartCard detection we use also the PCSC wrapper developed by the Open Card Framework consortium; this wrapper (the wrapper only) also is released under Apache/BSD-style license.
The project addressed the Windows1 OS initially, due to the prevalent
availability of pkcs11 implementation libraries for this platform.
As of release 0.1.2 Linux support has been introduced, and now (2010) the availability of proprietary PKCS#11 Linux libraries is quite common; many thanks to Antonino Iacono from opensignature project for his precious help in setting up Linux stuff.
OpenSC project Free Software pkcs11 implementation (opensc-pkcs11 library), which supports lot of tokens both on Linux and Windows, works with j4sign, but is not usable currently with tokens that protect PIN entry and signature function with Secure Messaging.
The upcoming 0.12 release of OpenSC will introduce support for Secure Messaging, and in particular for dynamic negotiation of SM keys, as in IAS-ECC. Unfortunately, some Italian Certification Authorities still embed static symmetric keys for Secure Messaging both inside tokens and in PKCS11 proprietary libraries.
Both Freesigner and verifica-firma latest versions now support CAdES with sha256 hashing.
Note: In the examples signature verification only ensures signed data integrity; a complete verification to ensure non-repudiation requires checking the full certification path including the CA root certificate, and CRL verification on the CA side. Both Freesigner and verifica-firma take care of that.
j4sign is Free/Libre software, released under the GNU GPL version 2 (or later) License.
(1) Windows® is a registered trademark of Microsoft Corporation.
(2) Java is a registered trademark of Sun Microsystems, Inc.
Style respectfully borrowed from Blue Robot's Layout Reservoir