Smart Cards PKCS11 64 bit windows
1,482 views
Skip to first unread message
Mylestro
Aug 6, 2013, 10:30:55 AM8/6/13
to zaprox...@googlegroups.com
Hi,
Anyone have any ideas about using a web proxy when a smart card and PKCS11 is being used on 64 bit windows. From the oracle docs it states that 64 bit windows is not supported at the moment, I'm about to start cutting some c# code to do the smart card connecting then il either pipe out to zap/burp or implement a simple http client to do some web app sec testing.
Thanks,
Mylestro
Simon Bennetts
Aug 6, 2013, 10:35:54 AM8/6/13
to zaprox...@googlegroups.com
Have you had a look at http://code.google.com/p/zaproxy/wiki/SmartCards
I've pinged Raul, who's leading the ZAP smart card support :)
Cheers,
Simon
I've pinged Raul, who's leading the ZAP smart card support :)
Cheers,
Simon
Raul Siles
Aug 6, 2013, 11:44:12 AM8/6/13
to zaprox...@googlegroups.com
Hi Mylestro,
Definitely you can use ZAP SmartCard capabilities in 64-bit Windows
systems. However, the issue is not with ZAP or the OS itself, but with
the Java VM.
Be sure you use the 32-bit version of Java (JRE or JDK) within your
64-bit version of Windows.
Cheers,
--
Raul Siles
> --
> You received this message because you are subscribed to the Google Groups
> "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to zaproxy-user...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
Definitely you can use ZAP SmartCard capabilities in 64-bit Windows
systems. However, the issue is not with ZAP or the OS itself, but with
the Java VM.
Be sure you use the 32-bit version of Java (JRE or JDK) within your
64-bit version of Windows.
Cheers,
--
Raul Siles
> You received this message because you are subscribed to the Google Groups
> "OWASP ZAP User Group" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to zaproxy-user...@googlegroups.com.
> For more options, visit https://groups.google.com/groups/opt_out.
>
>
Mylestro
Aug 6, 2013, 11:46:04 AM8/6/13
to zaprox...@googlegroups.com
Hi,
Yes, taken a look at that, the thing is that JCE PKCS#11 for Oracle Java 6/7 does not support 64-bit Windows.
From the oracle docs:
"The Sun PKCS#11 provider is supported on Solaris (SPARC and x86) and Linux (x86) in both 32-bit and 64-bit Java processes. It is also supported on 32-bit Windows (x86) but not currently on 64-bit Windows platforms due to the lack of suitable PKCS#11 libraries."
Was wondering if there was a little hack or something other PKCS11 provider I could use, not in a position to spin up a 32-bit VM or test from another platform.
Cool, thanks for pining Raul lets see what he says :)
M
Mylestro
Aug 6, 2013, 12:05:52 PM8/6/13
to zaprox...@googlegroups.com
Hi Raul,
Im using 32bit Java 7 on 64-bit Windows, when I use ZAP to set the PKCS11 smart card up, i get the following error (which is what I would suspect and same as Burp does):
"Error: The required Sun PKCS#11 provider is not available."
With a link to the Oracle docs for PKCS11 which I posted earlier:
With a link to the Oracle docs for PKCS11 which I posted earlier:
"The Sun PKCS#11 provider is supported on Solaris (SPARC and x86) and Linux (x86) in both 32-bit and 64-bit Java processes. It is also supported on 32-bit Windows (x86) but not currently on 64-bit Windows platforms due to the lack of suitable PKCS#11 libraries."
So either it doesn't work on 64bit windows at the moment or your not using the standard Java PKCS11 provider Either way I cant get ZAP working with it :( Thanks for the reply though, il look into it more tomorrow.
Raul Siles
Aug 6, 2013, 1:53:24 PM8/6/13
to zaprox...@googlegroups.com
Hi Mylestro,
What specific SmartCard type are you using within ZAP (from the "Tools
- Options" menu, within the "Certificate" category, and specifically,
on the "PCKS#11" tab)?
If you are using one different from the ones currently provided inside
ZAP, be sure you are adding the proper DLL reference, meaning that you
must point to the one that has been developed for 64-bit Windows
systems.
As you can see in the previous Wiki reference provided by Simon, most
providers typically offer you two different DLLs, one for 32-bit and
one for 64-bit systems. In both cases you must use a 32-bit Java VM.
Cheers,
--
Raul Siles
What specific SmartCard type are you using within ZAP (from the "Tools
- Options" menu, within the "Certificate" category, and specifically,
on the "PCKS#11" tab)?
If you are using one different from the ones currently provided inside
ZAP, be sure you are adding the proper DLL reference, meaning that you
must point to the one that has been developed for 64-bit Windows
systems.
As you can see in the previous Wiki reference provided by Simon, most
providers typically offer you two different DLLs, one for 32-bit and
one for 64-bit systems. In both cases you must use a 32-bit Java VM.
Cheers,
--
Raul Siles
Mylestro
Aug 7, 2013, 5:59:11 AM8/7/13
to zaprox...@googlegroups.com
Hi Raul,
Thanks - your right. 32bit JVM (7u25 in my case) running on 64bit windows, pointed the drivers.xml to my 64-bit driver and it works fine.
Thanks - your right. 32bit JVM (7u25 in my case) running on 64bit windows, pointed the drivers.xml to my 64-bit driver and it works fine.
Thanks again, I have a beer token with your name on it here in London :)
Raul Siles
Aug 7, 2013, 9:50:50 AM8/7/13
to zaprox...@googlegroups.com
Hi Mylestro,
Good to hear it worked!
I'm looking forward to getting that London beer :-)
--
Raul Siles
Good to hear it worked!
I'm looking forward to getting that London beer :-)
--
Raul Siles
Reply all
Reply to author
Forward
0 new messages