Bug#751041: include config file to use OpenSC as Java Security Provider

Mon, 09 Jun 2014 12:06:30 -0700 

Package: opensc
Version: 0.13.0-5
Severity: wishlist
Tags: patch

This is a complete patch that can be applied with `git am` that provides a
config file that Java uses to make OpenSC a Java Security Provider.  This
makes it easy to use OpenSC in Java code, keytool, and jarsigner.  That means
you can then use an HSM via OpenSC for signing jars, Android APKs, etc.


From 7bdb045adfa863f65b6ff59d940b6ec0dab78bba Mon Sep 17 00:00:00 2001
From: Hans-Christoph Steiner <h...@eds.org>
Date: Mon, 9 Jun 2014 14:51:45 -0400
Subject: [PATCH 1/1] add config file for using OpenSC with Java

This config file configures a Java security provider based on OpenSC.
---
 debian/opensc-java.cfg | 15 +++++++++++++++
 debian/rules           |  2 ++
 2 files changed, 17 insertions(+)
 create mode 100644 debian/opensc-java.cfg

diff --git a/debian/opensc-java.cfg b/debian/opensc-java.cfg
new file mode 100644
index 0000000..390d97b
--- /dev/null
+++ b/debian/opensc-java.cfg
@@ -0,0 +1,15 @@
+# This config file configures a Java security provider based on OpenSC.  Load
+# this file in Java code, or in command line options in keytool and jarsigner.
+# Or add this to the Java config by adding a line to
+# /etc/java-7-openjdk/security/java.security:
+#
+#  security.provider.10=sun.security.pkcs11.SunPKCS11 /etc/opensc/opensc-java.cfg
+#
+# For more info:
+# https://guardianproject.info/2014/03/28/security-in-a-thumb-drive-the-promise-and-pain-of-hardware-security-modules-take-one/
+name = OpenSC
+description = SunPKCS11 w/ OpenSC Smart card Framework
+library = /usr/lib/opensc-pkcs11.so
+# you can find your slots by running:
+#  pkcs11-tool --module /usr/lib/opensc-pkcs11.so --list-slots
+slotListIndex = 1 # I think this is the same as --auth-id in opensc
diff --git a/debian/rules b/debian/rules
index a3e3707..52adab4 100755
--- a/debian/rules
+++ b/debian/rules
@@ -14,6 +14,8 @@ override_dh_auto_configure:
 
 override_dh_auto_install:
 	dh_auto_install --destdir=debian/tmp
+	sed 's,/usr/lib,/usr/lib/$(DEB_HOST_MULTIARCH),g' debian/opensc-java.cfg \
+		> debian/tmp/etc/opensc/opensc-java.cfg
 
 override_dh_installdocs:
 	dh_installdocs -A README NEWS
-- 
1.9.1

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to