jsdsi-users Mailing List for JSDSI (Page 3)
Status: Pre-Alpha
Brought to you by:
sajma
Menu
▾
▴
jsdsi-users — JSDSI Users
You can subscribe to this list here.
| 2004 |
Jan
|
Feb
(5) |
Mar
(10) |
Apr
(20) |
May
(26) |
Jun
(7) |
Jul
(10) |
Aug
(25) |
Sep
(1) |
Oct
|
Nov
(1) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2005 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(4) |
Jul
|
Aug
|
Sep
|
Oct
(6) |
Nov
(6) |
Dec
|
| 2006 |
Jan
(20) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2007 |
Jan
|
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
|
From: Sean R. <sra...@ae...> - 2004-08-20 07:41:07
|
Marek Lány wrote:
>Hi Luis,
>
>Still does not work. It always write this error after read KeyPair from
>file:
>Exception in thread "main" java.lang.NullPointerException
> at Certif1.main(Certif1.java:150)
>
>And line 150 is siple console command:
> System.out.println( gk.getPublic().toString() );
>
>I have feeling that on read KeyPair from file Java can't read correctly
>after that is KeyPair structure empty.Have you another idea?
>
> Marek Lany
>Basically to write out a certificate,
>
>
What is giving the NPE, the KeyPair or the public key of the KeyPair? I
guess the latter?
What implementation of KeyPair / Private Key are you using? Does that
support straight serialisation? I've noticed some odd things with the
standard sun RSA keys - I have a case where the PrivateKey does not
implement java.security.PrivateKey. Though I doubt something odd is
happening and it probably is your code.
Can you give me a clean list of your source?
Sean
>-----Original Message-----
>From: Sean Radford [mailto:sra...@ae...]
>Sent: Thursday, August 12, 2004 12:30 PM
>To: Luis Pedro
>Cc: mar...@or...; jsd...@li...
>Subject: Re: [Jsdsi-users] KeyPair
>
>
>Luis Pedro wrote:
>
>
>
>>Marek,
>>
>>It help if u send the exact error. But try this:
>> - If the error is "SPKI not found", then u have to load jsdsi
>>provider, i.e, jsdsi.Provider.install() and cryptix provider.
>>
>>But, if your problem is a ClassCastException then u have an error on
>>your code and u should change this(following your code):
>>
>> java.security.KeyPair gk =
>>
>>
>jsdsi.util.KeyPairFactory.create("RSA",
>
>
>>2048);
>> java.io.FileOutputStream fos = new
>>java.io.FileOutputStream("gde/tests/test.pub");
>> java.io.ObjectOutputStream oos = new
>>
>>
>java.io.ObjectOutputStream(fos);
>
>
>>// I have changed things here, tooked "toString()"
>> oos.writeObject(gk);
>>// Doesn't make sense writing an object like gk.toString()!!
>>// writeObject serializes the object. U can't cast from "String" to
>>"KeyPair"
>> oos.close();
>>
>> java.security.KeyPair gk;
>> java.io.FileInputStream fos = new
>>java.io.FileInputStream("gde/tests/test.pub");
>> java.io.ObjectInputStream oos = new
>>
>>
>java.io.ObjectInputStream(fos);
>
>
>> gk = (java.security.KeyPair)oos.readObject();
>> oos.close();
>>
>> -- Luís Pedro
>>
>>
>>_____________________
>>yahoo: lpv_pt
>> msn: lp...@ne...
>>
>>
>>
>>
>>
>>> -----Original Message-----
>>> From: jsd...@li...
>>> [mailto:jsd...@li...] On
>>> Behalf Of Marek Lány
>>> Sent: quarta-feira, 11 de Agosto de 2004 19:16
>>> To: jsd...@li...
>>> Subject: [Jsdsi-users] KeyPair
>>>
>>> Hi
>>>
>>> I will save and load a KeyPair, but i can't it. I trying
>>> with this:
>>> KeyPair gk =
>>>
>>>
>jsdsi.util.KeyPairFactory.create("RSA",2048);
>
>
>>> FileOutputStream fos = new FileOutputStream("gk.pub");
>>> ObjectOutputStream oos = new ObjectOutputStream(fos);
>>> oos.writeObject(gk.toString());
>>> oos.close();
>>>
>>> How can't I load this object and retype in a KeyPair?
>>> This code don't
>>> work:
>>>
>>> KeyPair gk;
>>> FileInputStream fos = new FileInputStream("gk.pub");
>>> ObjectInputStream oos = new ObjectInputStream(fos);
>>> gk = (KeyPair) oos.readObject();
>>> oos.close();
>>>
>>> Thanx.
>>>
>>> Marek Lany
>>>
>>>
>>>
>>> -------------------------------------------------------
>>> SF.Net email is sponsored by Shop4tech.com-Lowest price
>>> on Blank Media
>>> 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
>>> Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
>>> http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
>>> _______________________________________________
>>> Jsdsi-users mailing list
>>> Jsd...@li...
>>> https://lists.sourceforge.net/lists/listinfo/jsdsi-users
>>>
>>>
>>
>>-------------------------------------------------------
>>SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
>>100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33 Save
>>50% off Retail on Ink & Toner - Free Shipping and Free Gift.
>>http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
>>_______________________________________________
>>Jsdsi-users mailing list
>>Jsd...@li...
>>https://lists.sourceforge.net/lists/listinfo/jsdsi-users
>>
>>
>>
>>
>>
>>
>Marek, did Luis help you out?
>
>An alternative is to use jsdsi.sexp.ObjOutputStream and
>jsdsi.sexp.ObjInputStream instead of the java.io.ObjectXxxStream classes
>
>though both approaches should work (with Luis's suggestions).
>
>Sean
>
>
>
--
Dr. Sean Radford, MBBS, MSc
sra...@ae...
http://www.aegeus-technology.com/
|
|
From: Sean R. <sra...@ae...> - 2004-08-20 07:30:27
|
Dav Coleman wrote: >On Thu, 19 Aug 2004 11:16:21 +0100, Sean Radford ><sra...@ae...> wrote: > > >>Dav Coleman wrote: >> >> >> >>>Is there any reason why CertStore is not Serializable, and why >>>IssuerCertSelector is unsupported? >>> >>> >>> >>(Sorry for the delay in a response - very busy at my end) >> >>CertStore is not Serializable as it follows the JCE, is not remoteable, >>and if it was then all the certificates that it contains would be >>serialized... not a good thing with loads of certificates. Why would you >>like it so? >> >>It does not currently support IssuerCertSelector, purely as this >>selector was an afterthought (from my recollection) and so has not been >>implemented as yet. Am I correct Sameer? >> >> >> > >Well I'm still trying to figure out a way to store the keystore and >certstore to the filesystem between application sessions. What I've >done right now is make MyCertStore that is basically jsdsi.CertStore >but Serializable and I'm storing the KeyPairs in a HashMap. Which is >fine for now, I have 80% of the rest of a demo app to work on. > >I tried using the Sexp* writeReadable() stuff for the CertStore but I >could figure out how to write out a certificate in that manner and >then read it back in properly. I was getting bogged down in trying to >figure that out and just gave up in order to actually get something >working. > > > Have you looked at jsdsi.SexpMarshallingTest? That may help you. Basically though, all you need is the jsdsi.sexp.ObjInputStream and the corresponding ObjOutputStream. That works for all jsdsi.Obj classes, so then its just a matter of dealing with the private key. Regards, Sean -- Dr. Sean Radford, MBBS, MSc sra...@ae... http://www.aegeus-technology.com/ |
|
From: Dav C. <dav...@gm...> - 2004-08-19 15:07:10
|
On Thu, 19 Aug 2004 11:16:21 +0100, Sean Radford <sra...@ae...> wrote: > Dav Coleman wrote: > > >Is there any reason why CertStore is not Serializable, and why > >IssuerCertSelector is unsupported? > > > (Sorry for the delay in a response - very busy at my end) > > CertStore is not Serializable as it follows the JCE, is not remoteable, > and if it was then all the certificates that it contains would be > serialized... not a good thing with loads of certificates. Why would you > like it so? > > It does not currently support IssuerCertSelector, purely as this > selector was an afterthought (from my recollection) and so has not been > implemented as yet. Am I correct Sameer? > Well I'm still trying to figure out a way to store the keystore and certstore to the filesystem between application sessions. What I've done right now is make MyCertStore that is basically jsdsi.CertStore but Serializable and I'm storing the KeyPairs in a HashMap. Which is fine for now, I have 80% of the rest of a demo app to work on. I tried using the Sexp* writeReadable() stuff for the CertStore but I could figure out how to write out a certificate in that manner and then read it back in properly. I was getting bogged down in trying to figure that out and just gave up in order to actually get something working. -- Dav Coleman http://AkuAku.org/ |
|
From: Sean R. <sra...@ae...> - 2004-08-19 10:19:19
|
Dav Coleman wrote: >Is there any reason why CertStore is not Serializable, and why >IssuerCertSelector is unsupported? > > > (Sorry for the delay in a response - very busy at my end) CertStore is not Serializable as it follows the JCE, is not remoteable, and if it was then all the certificates that it contains would be serialized... not a good thing with loads of certificates. Why would you like it so? It does not currently support IssuerCertSelector, purely as this selector was an afterthought (from my recollection) and so has not been implemented as yet. Am I correct Sameer? Regards, Sean -- Dr. Sean Radford, MBBS, MSc sra...@ae... http://www.aegeus-technology.com/ |
|
From: Dav C. <dav...@gm...> - 2004-08-17 22:35:43
|
Is there any reason why CertStore is not Serializable, and why IssuerCertSelector is unsupported? -- Dav Coleman http://AkuAku.org/ |
|
From: Sean R. <sra...@ae...> - 2004-08-14 15:32:36
|
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
<title></title>
</head>
<body bgcolor="#ffffff" text="#000000">
Dav Coleman wrote:
<blockquote cite="mid...@ma..."
type="cite">
<pre wrap="">
OK, well for now I suppose I can just save/load my keypairs as java
object sreams without a passphrase until I figure out a way to do it
securely. I think I'm starting to get a better mental picture of how
this should look. The application should have
1) some sort of file system storage for the user's personal key pairs
2) some sort of file system storage for the name certificates that
bind public keys to the user's local names
3) some sort of file system storage for auth certificates which define
access to the user's resources
- ideally #1 should be encrypted with a pass phrase, since that's the
only thing with private keys
- I thought I could use a sun java.security.KeyStore for #1 (in memory
and fs), but I can't, and there is no equivalent as of yet in jsdsi
- #2 and #3 don't need any encryption on the file system
- in memory, #2 and #3 can both be in jsdsi.CertStores
- #2 and #3 could actually be in the same jsdsi.CertStore
- there's no defined methods to store/load a CertStore to the fs
</pre>
</blockquote>
#2 and #3 should be combined to just be a single Certificate Store. As
you rightly have seen jsdsi.CertStore (as it folows the JCE and
implements java.security.CertStore) has no methods for certificate
storagre. Paryly because of this, I have played around with how I think
the CertStore stuff should be refactored. It is in a branch called
'branch-jdbc' (as the aim is to produce a JDBC enabled CertStore). It
is still a branch for 2 reasons: 1. I haven't finished it! and 2. The
other developers need to vet it (esp. Sameer).<br>
<br>
<blockquote cite="mid...@ma..."
type="cite">
<pre wrap="">Assuming all the above is correct, my main conceptual confusion now is
with how best to reference the user's keypairs when he needs to use
them (for signing new name certificates or whatever). Let's say I have
two keypairs, one for signing things as 'Dav the private person' and
one for signing things as 'Dav the employee'. I could bind each in a
name certificate (as "me-private" and "me-work" perhaps) and place
them in my own cert store, but when I need to access them that means I
could get the public key from the cert store easily, but the private
key is stored in another collection. Is the standard method to do this
and then search my keypairs for the pubkey match? That would work I'm
sure, but I don't want to reinvent the wheel (badly) if there is a
better way already implemented somewhere.
</pre>
</blockquote>
A 'standard' KeyStore allows you to store your private keys indexed by
a name (i.e. 'work' or 'personal) along with the public key as a
certificate. I would take this approach, with the certificate being
stored an Auto Certificate - that is a self signed Auth Certificate,
probably with some simple info as String Tags, e.g. name and email
address.<br>
<br>
I'll try and hunt down my bouncycastle keystore that works for jsdsi in
the next couple of days.<br>
<blockquote cite="mid...@ma..."
type="cite">
<pre wrap="">
For that matter, am I correct in assuming that a user would have two
keys like that, or is it more in line with the SPKI/SDSI vision that
I'd have one keypair and it would be granted permission to sign things
under differnt roles? I think I read something about that somewhere,
but I can't find it at the moment.
</pre>
</blockquote>
yep, most likely to have 1 keypair per identity/persona.<br>
<br>
<blockquote cite="mid...@ma..."
type="cite">
<pre wrap="">
</pre>
<blockquote type="cite">
<pre wrap="">Stick with SPKI! ;-) (I'm probably biased) Seriously though, I should
imagine that the A&A stuff in SPKI is what you need, and correct me if
I'm wrong, but PGP doesn't really support authorisation?
</pre>
</blockquote>
<pre wrap=""><!---->
I'm sure you're not wrong, I can barely keep my head straight about
all the PGP/X509/SPKI/SDSI stuff I've been reading :)
</pre>
</blockquote>
<br>
<br>
<pre class="moz-signature" cols="72">--
Dr. Sean Radford, MBBS, MSc
<a class="moz-txt-link-abbreviated" href="mailto:sra...@ae...">sra...@ae...</a>
<a class="moz-txt-link-freetext" href="http://www.aegeus-technology.com/">http://www.aegeus-technology.com/</a>
</pre>
</body>
</html>
|
|
From: Dav C. <dav...@gm...> - 2004-08-13 16:56:23
|
On Fri, 13 Aug 2004 00:49:24 +0100, Sean Radford <sra...@ae...> wrote: > Saving a KeyPair to file.... For this I think we really need an > implementation of a KeyStore that supports JSDSI objects (well > SExpressions really). If I remember correctly the Sun and BouncyCastle > ones do not work (you can save but they have trouble loading). I did > have a modified BouncyCastle keystore a long time back that worked(I > took the original source and added about 3 lines of code) - not sure > where it is now but could hunt down I guess... > > To store other peoples public keys one would create NameCertificates for > them and store them in a CertStore. If there is a limited number of > proof searching using a jsdsi.Prover is not required I guess you could > use a KeyStore? OK, well for now I suppose I can just save/load my keypairs as java object sreams without a passphrase until I figure out a way to do it securely. I think I'm starting to get a better mental picture of how this should look. The application should have 1) some sort of file system storage for the user's personal key pairs 2) some sort of file system storage for the name certificates that bind public keys to the user's local names 3) some sort of file system storage for auth certificates which define access to the user's resources - ideally #1 should be encrypted with a pass phrase, since that's the only thing with private keys - I thought I could use a sun java.security.KeyStore for #1 (in memory and fs), but I can't, and there is no equivalent as of yet in jsdsi - #2 and #3 don't need any encryption on the file system - in memory, #2 and #3 can both be in jsdsi.CertStores - #2 and #3 could actually be in the same jsdsi.CertStore - there's no defined methods to store/load a CertStore to the fs Assuming all the above is correct, my main conceptual confusion now is with how best to reference the user's keypairs when he needs to use them (for signing new name certificates or whatever). Let's say I have two keypairs, one for signing things as 'Dav the private person' and one for signing things as 'Dav the employee'. I could bind each in a name certificate (as "me-private" and "me-work" perhaps) and place them in my own cert store, but when I need to access them that means I could get the public key from the cert store easily, but the private key is stored in another collection. Is the standard method to do this and then search my keypairs for the pubkey match? That would work I'm sure, but I don't want to reinvent the wheel (badly) if there is a better way already implemented somewhere. For that matter, am I correct in assuming that a user would have two keys like that, or is it more in line with the SPKI/SDSI vision that I'd have one keypair and it would be granted permission to sign things under differnt roles? I think I read something about that somewhere, but I can't find it at the moment. > Stick with SPKI! ;-) (I'm probably biased) Seriously though, I should > imagine that the A&A stuff in SPKI is what you need, and correct me if > I'm wrong, but PGP doesn't really support authorisation? I'm sure you're not wrong, I can barely keep my head straight about all the PGP/X509/SPKI/SDSI stuff I've been reading :) -- Dav Coleman http://AkuAku.org/ |
|
From: Dav C. <dav...@gm...> - 2004-08-13 16:22:20
|
On Thu, 12 Aug 2004 20:06:49 -0400, Sameer Ajmani <aj...@gm...> wrote: > fyi, Loader is purely for testing. It creates fake certificates, not > real ones! You're aboslutely right that real certificates would be > stored as S-expressions. Sorry for the confusion. > > Developers: could one of you add a *** big *** warning on Loader that > it's just for testing purposes? Thanks! Yeah I realized that after I took a look at the java docs for Loader. It already explains it explicitly, I just failed to check the docs before registering my confusion. -- Dav Coleman http://AkuAku.org/ |
|
From: Sameer A. <aj...@gm...> - 2004-08-13 00:06:56
|
Dav,
fyi, Loader is purely for testing. It creates fake certificates, not
real ones! You're aboslutely right that real certificates would be
stored as S-expressions. Sorry for the confusion.
Developers: could one of you add a *** big *** warning on Loader that
it's just for testing purposes? Thanks!
Sameer
On Fri, 13 Aug 2004 00:49:24 +0100, Sean Radford
<sra...@ae...> wrote:
> Dav Coleman wrote:
>
> >On Thu, 12 Aug 2004 11:23:22 +0100, Sean Radford
> ><sra...@ae...> wrote:
> >
> >
> >Hi Sean,
> >
> >I have to admit I'm still a little confused. I took a look at the
> >CertPathTest and it uses Loader to load some plain text files with
> >certificate representations, but they aren't a text format I was
> >expecting (the sexp lisp-like stuff), and it's not clear how you would
> >create them (there's no Saver class that I found). The
> >SexpMarshallingTest source was good for showing me a simpler way of
> >creating Name/Auth certs however.
> >
> >
> Don't worry about being confused. It does take some time I'm afraid,
> mainly because there is currently very little / no help or getting
> started documentation.
>
> >What is the standard/best/accepted way of creating "your own" keypairs
> >(Prinicpals) and saving them to the file system between application
> >invocations? And what about storing other people's public keys in your
> >name space? I assume in X.509 all this was done in a single KeyStore
> >(which comes with load/save methods), but apparently that's not
> >correct for a SPKI system?
> >
> >
> Creating KeyPairs: jsdsi.util.KeyPairFactory.create("RSA", 512);
>
> Saving a KeyPair to file.... For this I think we really need an
> implementation of a KeyStore that supports JSDSI objects (well
> SExpressions really). If I remember correctly the Sun and BouncyCastle
> ones do not work (you can save but they have trouble loading). I did
> have a modified BouncyCastle keystore a long time back that worked(I
> took the original source and added about 3 lines of code) - not sure
> where it is now but could hunt down I guess...
>
> To store other peoples public keys one would create NameCertificates for
> them and store them in a CertStore. If there is a limited number of
> proof searching using a jsdsi.Prover is not required I guess you could
> use a KeyStore?
>
> >The FOO Camp is the one at O'Reilly headquarters in Sebastapol, CA.
> >It's in mid september so I figure my chances of finishing this in time
> >aren't great (especially with 10 days at Burning Man between now and
> >then), but I'm seriously going to try. I have friends going to the
> >European one, although I'm not sure when/where that is exactly. If I
> >had it done in time they could possibly do a short demo for me there.
> >
> >
> >
> The one in Europe I think is at the end of this month. Somewhere in
> Scandanavia I think. I'll hunt down my modified bouncastle keystore if
> that will help you get going?
>
> >The system I'm trying to build is a trusted brokered p2p network (and
> >eventually, a trusted brokered p2p darknet) that uses SPKI/SDSI to
> >control authentication/authorization in a way that maps to social
> >network concepts. It's just a general concept at the moment, but I
> >need to get something to play with to flesh it out. I'm comfortable
> >with the network and application programming, but I'm new to PKI
> >programming. I've been a PGP user for years but the concepts I've
> >learned from that are probably hurting as much as helping.
> >
> >
> >
> >
> Stick with SPKI! ;-) (I'm probably biased) Seriously though, I should
> imagine that the A&A stuff in SPKI is what you need, and correct me if
> I'm wrong, but PGP doesn't really support authorisation?
>
>
>
> Regards,
>
> Sean
>
> --
> Dr. Sean Radford, MBBS, MSc
> sra...@ae...
> http://www.aegeus-technology.com/
>
> -------------------------------------------------------
> SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
> 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
> Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
> http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
> _______________________________________________
> Jsdsi-users mailing list
> Jsd...@li...
> https://lists.sourceforge.net/lists/listinfo/jsdsi-users
>
>
--
Sameer Ajmani
http://ajmani.net
|
|
From: Sean R. <sra...@ae...> - 2004-08-12 23:52:06
|
Dav Coleman wrote:
>On Thu, 12 Aug 2004 11:23:22 +0100, Sean Radford
><sra...@ae...> wrote:
>
>
>Hi Sean,
>
>I have to admit I'm still a little confused. I took a look at the
>CertPathTest and it uses Loader to load some plain text files with
>certificate representations, but they aren't a text format I was
>expecting (the sexp lisp-like stuff), and it's not clear how you would
>create them (there's no Saver class that I found). The
>SexpMarshallingTest source was good for showing me a simpler way of
>creating Name/Auth certs however.
>
>
Don't worry about being confused. It does take some time I'm afraid,
mainly because there is currently very little / no help or getting
started documentation.
>What is the standard/best/accepted way of creating "your own" keypairs
>(Prinicpals) and saving them to the file system between application
>invocations? And what about storing other people's public keys in your
>name space? I assume in X.509 all this was done in a single KeyStore
>(which comes with load/save methods), but apparently that's not
>correct for a SPKI system?
>
>
Creating KeyPairs: jsdsi.util.KeyPairFactory.create("RSA", 512);
Saving a KeyPair to file.... For this I think we really need an
implementation of a KeyStore that supports JSDSI objects (well
SExpressions really). If I remember correctly the Sun and BouncyCastle
ones do not work (you can save but they have trouble loading). I did
have a modified BouncyCastle keystore a long time back that worked(I
took the original source and added about 3 lines of code) - not sure
where it is now but could hunt down I guess...
To store other peoples public keys one would create NameCertificates for
them and store them in a CertStore. If there is a limited number of
proof searching using a jsdsi.Prover is not required I guess you could
use a KeyStore?
>The FOO Camp is the one at O'Reilly headquarters in Sebastapol, CA.
>It's in mid september so I figure my chances of finishing this in time
>aren't great (especially with 10 days at Burning Man between now and
>then), but I'm seriously going to try. I have friends going to the
>European one, although I'm not sure when/where that is exactly. If I
>had it done in time they could possibly do a short demo for me there.
>
>
>
The one in Europe I think is at the end of this month. Somewhere in
Scandanavia I think. I'll hunt down my modified bouncastle keystore if
that will help you get going?
>The system I'm trying to build is a trusted brokered p2p network (and
>eventually, a trusted brokered p2p darknet) that uses SPKI/SDSI to
>control authentication/authorization in a way that maps to social
>network concepts. It's just a general concept at the moment, but I
>need to get something to play with to flesh it out. I'm comfortable
>with the network and application programming, but I'm new to PKI
>programming. I've been a PGP user for years but the concepts I've
>learned from that are probably hurting as much as helping.
>
>
>
>
Stick with SPKI! ;-) (I'm probably biased) Seriously though, I should
imagine that the A&A stuff in SPKI is what you need, and correct me if
I'm wrong, but PGP doesn't really support authorisation?
Regards,
Sean
--
Dr. Sean Radford, MBBS, MSc
sra...@ae...
http://www.aegeus-technology.com/
|
|
From: Sean R. <sra...@ae...> - 2004-08-12 10:32:30
|
Luis Pedro wrote:
>Marek,
>
>It help if u send the exact error. But try this:
> - If the error is "SPKI not found", then u have to load jsdsi
>provider, i.e, jsdsi.Provider.install() and cryptix provider.
>
>But, if your problem is a ClassCastException then u have an error on your
>code and u should change this(following your code):
>
> java.security.KeyPair gk = jsdsi.util.KeyPairFactory.create("RSA",
>2048);
> java.io.FileOutputStream fos = new
>java.io.FileOutputStream("gde/tests/test.pub");
> java.io.ObjectOutputStream oos = new
>java.io.ObjectOutputStream(fos);
>// I have changed things here, tooked "toString()"
> oos.writeObject(gk);
>// Doesn't make sense writing an object like gk.toString()!!
>// writeObject serializes the object. U can't cast from "String" to
>"KeyPair"
> oos.close();
>
> java.security.KeyPair gk;
> java.io.FileInputStream fos = new
>java.io.FileInputStream("gde/tests/test.pub");
> java.io.ObjectInputStream oos = new java.io.ObjectInputStream(fos);
> gk = (java.security.KeyPair)oos.readObject();
> oos.close();
>
> -- Luís Pedro
>
>
>_____________________
>yahoo: lpv_pt
> msn: lp...@ne...
>
>
>
>» -----Original Message-----
>» From: jsd...@li...
>» [mailto:jsd...@li...] On
>» Behalf Of Marek Lány
>» Sent: quarta-feira, 11 de Agosto de 2004 19:16
>» To: jsd...@li...
>» Subject: [Jsdsi-users] KeyPair
>»
>» Hi
>»
>» I will save and load a KeyPair, but i can't it. I trying
>» with this:
>» KeyPair gk = jsdsi.util.KeyPairFactory.create("RSA",2048);
>» FileOutputStream fos = new FileOutputStream("gk.pub");
>» ObjectOutputStream oos = new ObjectOutputStream(fos);
>» oos.writeObject(gk.toString());
>» oos.close();
>»
>» How can't I load this object and retype in a KeyPair?
>» This code don't
>» work:
>»
>» KeyPair gk;
>» FileInputStream fos = new FileInputStream("gk.pub");
>» ObjectInputStream oos = new ObjectInputStream(fos);
>» gk = (KeyPair) oos.readObject();
>» oos.close();
>»
>» Thanx.
>»
>» Marek Lany
>»
>»
>»
>» -------------------------------------------------------
>» SF.Net email is sponsored by Shop4tech.com-Lowest price
>» on Blank Media
>» 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
>» Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
>» http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
>» _______________________________________________
>» Jsdsi-users mailing list
>» Jsd...@li...
>» https://lists.sourceforge.net/lists/listinfo/jsdsi-users
>
>
>
>-------------------------------------------------------
>SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
>100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
>Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
>http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
>_______________________________________________
>Jsdsi-users mailing list
>Jsd...@li...
>https://lists.sourceforge.net/lists/listinfo/jsdsi-users
>
>
>
>
Marek, did Luis help you out?
An alternative is to use jsdsi.sexp.ObjOutputStream and
jsdsi.sexp.ObjInputStream instead of the java.io.ObjectXxxStream classes
though both approaches should work (with Luis's suggestions).
Sean
--
Dr. Sean Radford, MBBS, MSc
sra...@ae...
http://www.aegeus-technology.com/
|
|
From: Sean R. <sra...@ae...> - 2004-08-12 10:26:06
|
Dav Coleman wrote: >oops, missed the list > >---------- Forwarded message ---------- >Subject: Re: [Jsdsi-users] KeyStore >To: Luis Pedro <lp...@ne...> > >Hi, thanks for the Provider.install(), that worked (with the addition >of cryptix32.jar to the classpath). I didn't expect to need to do >anything more to read the keystore than I needed to create it! > >You're probably right about not needing certificate chains. I'm >writing this utility so I can try to understand how to use SPKI/SDSI, >but at the same time I'm working with the java.security package for >the first time so I'm not sure which parts of it to ignore. All I want >to do now is create some kind of store so that I can create a >principal keypair and save it to the filesystem in one invocation, >unlock it and load it back into memory in another invocation and then >use it to create a NameCert (sign another user's principal pubkey and >assign it a local name) and store the NameCert somewhere too. If I can >get all that working, I'll move on to the ACL stuff :) > >Incidentally, if I can get this simple example utility working I'd be >happy to make the source of it publically available for others as a >resource. I'm hoping to get something together to demo at FOO Camp >this year, so I'll be working on this a lot over the next month or so. > > > Sorry guys but I have been offline on business. Dav, are you still having problems. If so, let me know and I should be around for the next few days and will do my best to help. Any example code you can make available will be *much* appreciated. I'd also be keen (time permitting of course) to help you get your stuff done for the FOO Camp. Which FOO camp is this for? Regards, Sean -- Dr. Sean Radford, MBBS, MSc sra...@ae... http://www.aegeus-technology.com/ |
|
From: Luis P. <lp...@ne...> - 2004-08-11 19:22:15
|
Marek,
It help if u send the exact error. But try this:
- If the error is "SPKI not found", then u have to load jsdsi
provider, i.e, jsdsi.Provider.install() and cryptix provider.
But, if your problem is a ClassCastException then u have an error on =
your
code and u should change this(following your code):
java.security.KeyPair gk =3D jsdsi.util.KeyPairFactory.create("RSA",
2048);
java.io.FileOutputStream fos =3D new
java.io.FileOutputStream("gde/tests/test.pub");
java.io.ObjectOutputStream oos =3D new
java.io.ObjectOutputStream(fos);
// I have changed things here, tooked "toString()"=09
oos.writeObject(gk);
// Doesn't make sense writing an object like gk.toString()!!
// writeObject serializes the object. U can't cast from "String" to
"KeyPair"=20
oos.close();
java.security.KeyPair gk;
java.io.FileInputStream fos =3D new
java.io.FileInputStream("gde/tests/test.pub");
java.io.ObjectInputStream oos =3D new java.io.ObjectInputStream(fos);
gk =3D (java.security.KeyPair)oos.readObject();
oos.close();
=09
-- Lu=EDs Pedro
_____________________
yahoo: lpv_pt
msn: lp...@ne...
=20
=BB -----Original Message-----
=BB From: jsd...@li...=20
=BB [mailto:jsd...@li...] On=20
=BB Behalf Of Marek L=E1ny
=BB Sent: quarta-feira, 11 de Agosto de 2004 19:16
=BB To: jsd...@li...
=BB Subject: [Jsdsi-users] KeyPair
=BB =20
=BB Hi
=BB =20
=BB I will save and load a KeyPair, but i can't it. I trying=20
=BB with this:
=BB KeyPair gk =3D =
jsdsi.util.KeyPairFactory.create("RSA",2048);
=BB FileOutputStream fos =3D new FileOutputStream("gk.pub");
=BB ObjectOutputStream oos =3D new ObjectOutputStream(fos);
=BB oos.writeObject(gk.toString());
=BB oos.close();
=BB =20
=BB How can't I load this object and retype in a KeyPair?=20
=BB This code don't
=BB work:
=BB =20
=BB KeyPair gk;
=BB FileInputStream fos =3D new FileInputStream("gk.pub");
=BB ObjectInputStream oos =3D new ObjectInputStream(fos);
=BB gk =3D (KeyPair) oos.readObject();
=BB oos.close();
=BB =20
=BB Thanx.
=BB =20
=BB Marek Lany
=BB =20
=BB =20
=BB =20
=BB -------------------------------------------------------
=BB SF.Net email is sponsored by Shop4tech.com-Lowest price=20
=BB on Blank Media
=BB 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only =
$33
=BB Save 50% off Retail on Ink & Toner - Free Shipping and Free =
Gift.
=BB http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
=BB _______________________________________________
=BB Jsdsi-users mailing list
=BB Jsd...@li...
=BB https://lists.sourceforge.net/lists/listinfo/jsdsi-users
|
|
From: <mar...@or...> - 2004-08-11 18:16:17
|
Hi
I will save and load a KeyPair, but i can't it. I trying with this:
KeyPair gk = jsdsi.util.KeyPairFactory.create("RSA",2048);
FileOutputStream fos = new FileOutputStream("gk.pub");
ObjectOutputStream oos = new ObjectOutputStream(fos);
oos.writeObject(gk.toString());
oos.close();
How can't I load this object and retype in a KeyPair? This code don't
work:
KeyPair gk;
FileInputStream fos = new FileInputStream("gk.pub");
ObjectInputStream oos = new ObjectInputStream(fos);
gk = (KeyPair) oos.readObject();
oos.close();
Thanx.
Marek Lany
|
|
From: Dav C. <dav...@gm...> - 2004-08-11 15:13:49
|
oops, missed the list
---------- Forwarded message ----------
Subject: Re: [Jsdsi-users] KeyStore
To: Luis Pedro <lp...@ne...>
Hi, thanks for the Provider.install(), that worked (with the addition
of cryptix32.jar to the classpath). I didn't expect to need to do
anything more to read the keystore than I needed to create it!
You're probably right about not needing certificate chains. I'm
writing this utility so I can try to understand how to use SPKI/SDSI,
but at the same time I'm working with the java.security package for
the first time so I'm not sure which parts of it to ignore. All I want
to do now is create some kind of store so that I can create a
principal keypair and save it to the filesystem in one invocation,
unlock it and load it back into memory in another invocation and then
use it to create a NameCert (sign another user's principal pubkey and
assign it a local name) and store the NameCert somewhere too. If I can
get all that working, I'll move on to the ACL stuff :)
Incidentally, if I can get this simple example utility working I'd be
happy to make the source of it publically available for others as a
resource. I'm hoping to get something together to demo at FOO Camp
this year, so I'll be working on this a lot over the next month or so.
On Wed, 11 Aug 2004 11:34:47 +0100, Luis Pedro <lp...@ne...> wrote:
> Hi (again) Dav,
>
> I've been looking better your example, and really don't understand why u
> want to create certifcate chains(spki is not like x509). U don't need to
> create certs chains, instead u have to proof your spki/sdsi certs. The id=
eia
> is to have "CertStore's" which contain spki/sdsi certs, with this CertSto=
re
> u i'll be able to make proofs of u certs. Take a better look at tests
> examples, like "CertPathTest".
>
>
>
> -- Lu=EDs Pedro
>
> _____________________
> yahoo: lpv_pt
> msn: lp...@ne...
>
> =BB -----Original Message-----
> =BB From: jsd...@li...
> =BB [mailto:jsd...@li...] On
> =BB Behalf Of Dav Coleman
> =BB Sent: quarta-feira, 11 de Agosto de 2004 6:00
> =BB To: jsd...@li...
> =BB Subject: [Jsdsi-users] KeyStore
> =BB
> =BB Hi,
> =BB
> =BB I'm trying to save a Private Key and Certificate to a KeyStore an=
d
> =BB then load it back. I'm able to create the keystore on the
> =BB file system
> =BB without throwing any exceptions, but when I try to load it I get
> =BB
> =BB java.security.cert.CertificateException: SPKI not found
> =BB at
> =BB java.security.cert.CertificateFactory.getInstance(Certific
> =BB ateFactory.java:191)
> =BB at
> =BB sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore
> =BB .java:670)
> =BB at java.security.KeyStore.load(KeyStore.java:652)
> =BB at com.s0ciety.demo.CLI.loadKeyStore(CLI.java:129)
> =BB
> =BB Any ideas on what would cause that?
> =BB
> =BB Here is the (I hope) relevant code snippets
> =BB
> =BB create and save keystore:
> =BB
> =BB pair =3D jsdsi.RSAPublicKey.create();
> =BB java.security.PrivateKey privKey =3D pair.getPrivate();
> =BB java.security.PublicKey pubKey =3D pair.getPublic();
> =BB
> =BB jsdsi.RSAPublicKey jsdsiPubKey =3D
> =BB (jsdsi.RSAPublicKey)pair.getPublic();
> =BB Date expire =3D new Date(now.getTime() + (86400 * 30));
> =BB jsdsi.Validity validity =3D new jsdsi.Validity(now, expire);
> =BB jsdsi.Cert cert =3D new jsdsi.NameCert(jsdsiPubKey,
> =BB jsdsiPubKey,
> =BB validity, "display hint", "blah... comment field", "my
> =BB jsdsi pubkey");
> =BB jsdsi.Hash hash =3D new jsdsi.Hash("MD5", cert.toByteArray(=
));
> =BB jsdsi.Signature signature =3D null;
> =BB jsdsi.Principal principal =3D (jsdsi.Principal)
> =BB pair.getPublic();
> =BB signature =3D jsdsi.Signature.create(pair, cert,
> =BB "MD5withRSA");
> =BB jsdsi.Certificate certificate =3D new
> =BB jsdsi.Certificate(cert, signature);
> =BB jsdsi.Certificate[] certificate_chain =3D new
> =BB jsdsi.Certificate[]
> =BB { certificate };
> =BB // Create an empty keystore object
> =BB keystore =3D KeyStore.getInstance(KeyStore.getDefaultType()=
);
> =BB keystore.load(null, password.toCharArray()); // null input
> =BB stream to create empty keystore
> =BB keystore.setKeyEntry("myalias", privKey,
> =BB password.toCharArray(),
> =BB certificate_chain);
> =BB // Save the new keystore contents
> =BB FileOutputStream out =3D new FileOutputStream(keystoreFile)=
;
> =BB keystore.store(out, password.toCharArray());
> =BB out.close();
> =BB
> =BB load keystore:
> =BB
> =BB FileInputStream fis =3D new FileInputStream(file);
> =BB keystore =3D KeyStore.getInstance(KeyStore.getDefaultType()=
);
> =BB keystore.load(fis, password.toCharArray());
> =BB fis.close();
> =BB System.out.println("- keystore loaded");
> =BB System.out.println("- contains "+keyStore.size()+"
> =BB entries");
> =BB
> =BB
> =BB Are there any code examples available for integrating
> =BB JSDSI into an
> =BB application? I've read a lot of docs and published papers
> =BB online and I
> =BB think I have a basic understanding of SPKI/SDSI
> =BB capabilities, but I'm
> =BB completely new to PKI application development so I feel a
> =BB little lost.
> =BB
> =BB --
> =BB Dav Coleman
> =BB http://AkuAku.org/
> =BB
> =BB
> =BB -------------------------------------------------------
> =BB SF.Net email is sponsored by Shop4tech.com-Lowest price
> =BB on Blank Media
> =BB 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
> =BB Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
> =BB http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
> =BB _______________________________________________
> =BB Jsdsi-users mailing list
> =BB Jsd...@li...
> =BB https://lists.sourceforge.net/lists/listinfo/jsdsi-users
>
>
--
Dav Coleman
http://AkuAku.org/
--=20
Dav Coleman
http://AkuAku.org/
|
|
From: Sameer A. <aj...@gm...> - 2004-08-11 12:15:31
|
Dav,
My guess is that the KeyStore is attempting to unmarshal the public
key and can't find the code to do it. Make sure the JSDSI Provider is
loaded when you load from the KeyStore. If that doesn't fix it, you
might look through the KeyStore docs to determine hwo to register new
key types with it. Its possible we need to provide a new class to
make this work.
Sameer
On Tue, 10 Aug 2004 21:59:38 -0700, Dav Coleman <dav...@gm...> wrote:
> Hi,
>
> I'm trying to save a Private Key and Certificate to a KeyStore and
> then load it back. I'm able to create the keystore on the file system
> without throwing any exceptions, but when I try to load it I get
>
> java.security.cert.CertificateException: SPKI not found
> at java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:191)
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:670)
> at java.security.KeyStore.load(KeyStore.java:652)
> at com.s0ciety.demo.CLI.loadKeyStore(CLI.java:129)
>
> Any ideas on what would cause that?
>
> Here is the (I hope) relevant code snippets
>
> create and save keystore:
>
> pair = jsdsi.RSAPublicKey.create();
> java.security.PrivateKey privKey = pair.getPrivate();
> java.security.PublicKey pubKey = pair.getPublic();
>
> jsdsi.RSAPublicKey jsdsiPubKey = (jsdsi.RSAPublicKey)pair.getPublic();
> Date expire = new Date(now.getTime() + (86400 * 30));
> jsdsi.Validity validity = new jsdsi.Validity(now, expire);
> jsdsi.Cert cert = new jsdsi.NameCert(jsdsiPubKey, jsdsiPubKey,
> validity, "display hint", "blah... comment field", "my jsdsi pubkey");
> jsdsi.Hash hash = new jsdsi.Hash("MD5", cert.toByteArray());
> jsdsi.Signature signature = null;
> jsdsi.Principal principal = (jsdsi.Principal) pair.getPublic();
> signature = jsdsi.Signature.create(pair, cert, "MD5withRSA");
> jsdsi.Certificate certificate = new jsdsi.Certificate(cert, signature);
> jsdsi.Certificate[] certificate_chain = new jsdsi.Certificate[]
> { certificate };
> // Create an empty keystore object
> keystore = KeyStore.getInstance(KeyStore.getDefaultType());
> keystore.load(null, password.toCharArray()); // null input
> stream to create empty keystore
> keystore.setKeyEntry("myalias", privKey, password.toCharArray(),
> certificate_chain);
> // Save the new keystore contents
> FileOutputStream out = new FileOutputStream(keystoreFile);
> keystore.store(out, password.toCharArray());
> out.close();
>
> load keystore:
>
> FileInputStream fis = new FileInputStream(file);
> keystore = KeyStore.getInstance(KeyStore.getDefaultType());
> keystore.load(fis, password.toCharArray());
> fis.close();
> System.out.println("- keystore loaded");
> System.out.println("- contains "+keyStore.size()+" entries");
>
> Are there any code examples available for integrating JSDSI into an
> application? I've read a lot of docs and published papers online and I
> think I have a basic understanding of SPKI/SDSI capabilities, but I'm
> completely new to PKI application development so I feel a little lost.
>
> --
> Dav Coleman
> http://AkuAku.org/
>
> -------------------------------------------------------
> SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
> 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
> Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
> http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
> _______________________________________________
> Jsdsi-users mailing list
> Jsd...@li...
> https://lists.sourceforge.net/lists/listinfo/jsdsi-users
>
>
--
Sameer Ajmani
http://ajmani.net
|
|
From: Dav C. <dav...@gm...> - 2004-08-11 04:59:40
|
Hi,
I'm trying to save a Private Key and Certificate to a KeyStore and
then load it back. I'm able to create the keystore on the file system
without throwing any exceptions, but when I try to load it I get
java.security.cert.CertificateException: SPKI not found
at java.security.cert.CertificateFactory.getInstance(CertificateFactory.java:191)
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:670)
at java.security.KeyStore.load(KeyStore.java:652)
at com.s0ciety.demo.CLI.loadKeyStore(CLI.java:129)
Any ideas on what would cause that?
Here is the (I hope) relevant code snippets
create and save keystore:
pair = jsdsi.RSAPublicKey.create();
java.security.PrivateKey privKey = pair.getPrivate();
java.security.PublicKey pubKey = pair.getPublic();
jsdsi.RSAPublicKey jsdsiPubKey = (jsdsi.RSAPublicKey)pair.getPublic();
Date expire = new Date(now.getTime() + (86400 * 30));
jsdsi.Validity validity = new jsdsi.Validity(now, expire);
jsdsi.Cert cert = new jsdsi.NameCert(jsdsiPubKey, jsdsiPubKey,
validity, "display hint", "blah... comment field", "my jsdsi pubkey");
jsdsi.Hash hash = new jsdsi.Hash("MD5", cert.toByteArray());
jsdsi.Signature signature = null;
jsdsi.Principal principal = (jsdsi.Principal) pair.getPublic();
signature = jsdsi.Signature.create(pair, cert, "MD5withRSA");
jsdsi.Certificate certificate = new jsdsi.Certificate(cert, signature);
jsdsi.Certificate[] certificate_chain = new jsdsi.Certificate[]
{ certificate };
// Create an empty keystore object
keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(null, password.toCharArray()); // null input
stream to create empty keystore
keystore.setKeyEntry("myalias", privKey, password.toCharArray(),
certificate_chain);
// Save the new keystore contents
FileOutputStream out = new FileOutputStream(keystoreFile);
keystore.store(out, password.toCharArray());
out.close();
load keystore:
FileInputStream fis = new FileInputStream(file);
keystore = KeyStore.getInstance(KeyStore.getDefaultType());
keystore.load(fis, password.toCharArray());
fis.close();
System.out.println("- keystore loaded");
System.out.println("- contains "+keyStore.size()+" entries");
Are there any code examples available for integrating JSDSI into an
application? I've read a lot of docs and published papers online and I
think I have a basic understanding of SPKI/SDSI capabilities, but I'm
completely new to PKI application development so I feel a little lost.
--
Dav Coleman
http://AkuAku.org/
|
|
From: Sameer A. <aj...@gm...> - 2004-07-08 18:37:24
|
Ladislav,
There's no direct method to convert a Sequence into a Proof that you
can then verify, but it's pretty straightforward:
static Proof fromSequence(Sequence seq) {
Iterator elems =3D Arrays.asList(seq.getElements()).iterator();
Proof p =3D new Proof(Certificate.fromElements(elems));
while (elems.hasNext()) {
p =3D p.compose(new Proof(Certificate.fromElements(elems)));
}
return p;
}
Now you can just check that p.getCert() equals the cert you're looking for.
Sameer
Developers: we should probably add fromSequence() to the Proof class.
On Thu, 08 Jul 2004 18:38:30 +0200, Ladislav Huraj <hu...@fp...> wrote=
:
> Sameer,
>=20
> thanks for your help.
>=20
> Could I have one question more?
>=20
> Is there any possibility to verify only sequence which I obtained
> from proof.getSequence() (e.g. all certificates in the sequence were
> signed in right order respectively) automatically or I have to do it
> myself. For example if I don't trust the intermediary's signature.
>=20
> Thanks,
>=20
> Ladislav
>=20
>=20
> At 21:12 7. 7. 2004, you wrote:
> >Ladislav,
> >
> >Here's an easy way to do this:
> >1) The original prover creates a Proof p that contains hundreds of
> >Certificates.
> >2) A trusted intermediary checks p using p.verify(). If it's okay,
> >the intermediarycreates a new proof that summarizes the original one
> >as follows:
> >Proof newProof =3D new Proof(
> >new Certificate(p.getCert(),
> >Signature.create(keys, p.getCert(), 'rsa')));
> >3) The intermediary can now pass newProof to other verifiers. Since
> >these other verifiers trust the intermediary's signature, they don't
> >need the original proof.
> >
> >Hope this helps!
> >Sameer
> >
> >----- Original Message -----
> >From: Ladislav Huraj <hu...@fp...>
> >Date: Wed, 07 Jul 2004 20:20:07 +0200
> >Subject: Re: Signed certificates
> >To: Sameer Ajmani <aj...@gm...>
> >
> >
> >
> > Sameer,
> >
> >
> >
> >Is the idea here just to save time
> >in verification, i.e., rather than
> >
> >verifying the signatures on eact certificate in the chain, I can
> >just
> >
> >check one signature on the whole chain?
> >
> >Yes, this is really the purpose.
> >
> >
> >
> >If this is what you want, it should
> >be easy. First, create your
> >
> >Sequence of Certificates (perhaps using a jsdsi.Proof). Then create
> >a
> >
> >Signature for this Sequence. Finally, pass a summary of the
> >Sequence
> >
> >(what it actually means, e.g., A is authorized by B to do C) and
> >the
> >
> >Signature to the verifier. I don't even think you need to keep
> >the
> >
> >original sequence, because your verifier trusts the signature on
> >the
> >
> >summary anyway.
> >
> >
> >Sameer
> >
> >It seems it works.
> >
> >I thought it is not possible to create Sequence of
> >(jsdsi.Certificate)s. But function getSequence in
> >jsdsi.Proof returns similar Sequence and it seems this will be
> >sufficed.
> >
> >
> >
> >I=EF=BF=BDll try work with this.
>=20
>=20
> >
> >
> >
> >Thank you.
> >
> >
> >
> >Ladislav
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >-----------------------------------------
> >
> >Ladislav Huraj
> >
> >Dept. of Computer Science
> >
> >Faculty of Natural Sciences
> >
> >University of Matej Bel
> >
> >Tajovskeho 40
> >
> >974 01 Banska Bystrica
> >
> >Slovakia
> >
> >phone: 048/413 45 41-6 ext. 126
> >e-mail: hu...@fp...
>=20
> -----------------------------------------
> Ladislav Huraj
> Dept. of Computer Science
> Faculty of Natural Sciences
> University of Matej Bel
> Tajovskeho 40
> 974 01 Banska Bystrica
> Slovakia
> phone: 048/413 45 41-6 ext. 126
> e-mail: hu...@fp...
>=20
>
|
|
From: Sameer A. <aj...@gm...> - 2004-07-07 14:02:30
|
The SPKI spec says a sequence can only contain these kinds of elements: Cert, Op, PublicKey, Signature (and maybe some others like online test results). But it cannot contain another Sequence. Why do you need a Sequence of Sequences? What do each of the three inner sequences mean? It sounds like you really want a new data structure that has three fields, each of which is a Sequence. Is this correct? If so, you can always define your own. Sameer ----- Original Message ----- From: Ladislav Huraj <hu...@fp...> Date: Wed, 07 Jul 2004 15:09:43 +0200 Subject: [Jsdsi-users] jsdsi.Sequence To: jsd...@li... Hi, is it possible to create the jsdsi.Sequence of sequences? I have got three sequences and I need a sequence of these three sequences. But the function concat is not the solution, because the result is NOT a sequence of 3 sequences, but one concatenated sequence of elements of these 3 sequences. Thank you very much. Ladislav Huraj |
|
From: Ladislav H. <hu...@fp...> - 2004-07-07 13:08:29
|
Hi, is it possible to create the jsdsi.Sequence of sequences? I have got three sequences and I need a sequence of these three sequences. But the function concat is not the solution, because the result is NOT a sequence of 3 sequences, but one concatenated sequence of elements of these 3 sequences. Thank you very much. Ladislav Huraj |
|
From: Sameer A. <aj...@gm...> - 2004-07-02 16:36:21
|
Whether you use SubjectCertPathParameters or IssuerCertPathParameters depends on how your CertStore is organized, and whether you want to search for certs issuer-to-subject or subject-to-issuer. A longer example is given at the end of this paper: http://ajmani.net/papers/sdsi-algos.ps Sameer On Fri, 02 Jul 2004 15:54:39 +0100, Sean Radford <sra...@ae...> wrote: > Something along the lines of: > > java.security.cert.CertPathBuilder builder = > java.security.cert.CertPathBuilder.getInstance("SPKI"); > > jsdsi.CertPathParameters params = new > SubjectCertPathParameters(CERT_TO_PROVE, CERT_STORE); > > jsdsi.CertPathBuilderResult bres = > (jsdsi.CertPathBuilderResult)builder.build(params); > > Regards, > > Sean > > On Fri, 2004-07-02 at 12:55, Ladislav Huraj wrote: > > Whats the correct way to create CertPath? > > > > > > I have got several certificates and I need one whole CertPath. > > > > I tried it through jsdsi.sexp.CertificateFactory method > > engineGenerateCertPath, but it does not work > > (Exception in thread "main" java.lang.UnsupportedOperationException at > > jsdsi.sexp.CertificateFactory.engineGenerateCertPath(CertificateFactory.java:117) > > Thanks. > > > > > > Regards, > > > > Ladislav Huraj > > > > ----------------------------------------- > > Ladislav Huraj > > Dept. of Computer Science > > Faculty of Natural Sciences > > University of Matej Bel > > Tajovskeho 40 > > 974 01 Banska Bystrica > > Slovakia > > phone: 048/413 45 41-6 ext. 126 > > e-mail: hu...@fp... > -- > Dr. Sean Radford, MBBS, MSc > sra...@ae... > http://www.aegeus-technology.com > > ------------------------------------------------------- > This SF.Net email sponsored by Black Hat Briefings & Training. > Attend Black Hat Briefings & Training, Las Vegas July 24-29 - > digital self defense, top technical experts, no vendor pitches, > unmatched networking opportunities. Visit www.blackhat.com > _______________________________________________ > Jsdsi-users mailing list > Jsd...@li... > https://lists.sourceforge.net/lists/listinfo/jsdsi-users > > |
|
From: Sean R. <sra...@ae...> - 2004-07-02 14:57:14
|
Something along the lines of:
java.security.cert.CertPathBuilder builder =
java.security.cert.CertPathBuilder.getInstance("SPKI");
jsdsi.CertPathParameters params = new
SubjectCertPathParameters(CERT_TO_PROVE, CERT_STORE);
jsdsi.CertPathBuilderResult bres =
(jsdsi.CertPathBuilderResult)builder.build(params);
Regards,
Sean
On Fri, 2004-07-02 at 12:55, Ladislav Huraj wrote:
> Whats the correct way to create CertPath?
>
> I have got several certificates and I need one whole CertPath.
>
> I tried it through jsdsi.sexp.CertificateFactory method
> engineGenerateCertPath, but it does not work
> (Exception in thread "main" java.lang.UnsupportedOperationException at
> jsdsi.sexp.CertificateFactory.engineGenerateCertPath(CertificateFactory.java:117)
> Thanks.
>
>
> Regards,
>
> Ladislav Huraj
>
> -----------------------------------------
> Ladislav Huraj
> Dept. of Computer Science
> Faculty of Natural Sciences
> University of Matej Bel
> Tajovskeho 40
> 974 01 Banska Bystrica
> Slovakia
> phone: 048/413 45 41-6 ext. 126
> e-mail: hu...@fp...
--
Dr. Sean Radford, MBBS, MSc
sra...@ae...
http://www.aegeus-technology.com
|
|
From: Luis P. <lp...@ne...> - 2004-07-02 12:01:28
|
You should take a look at "CertPathTest.java" in jsdsi "tests" =
directory.
=20
-- Luis Pedro
_____ =20
From: jsd...@li...
[mailto:jsd...@li...] On Behalf Of Ladislav =
Huraj
Sent: sexta-feira, 2 de Julho de 2004 12:55
To: jsd...@li...
Subject: [Jsdsi-users] CertPath
What=12s the correct way to create CertPath? =20
=20
I have got several certificates and I need one whole CertPath.
=20
I tried it through jsdsi.sexp.CertificateFactory method
engineGenerateCertPath, but it does not work=20
(Exception in thread "main" java.lang.UnsupportedOperationException at
jsdsi.sexp.CertificateFactory.engineGenerateCertPath(CertificateFactory.j=
ava
:117)
Thanks.
=20
Regards,
=20
Ladislav Huraj=20
-----------------------------------------
Ladislav Huraj
Dept. of Computer Science
Faculty of Natural Sciences
University of Matej Bel
Tajovskeho 40
974 01 Banska Bystrica
Slovakia
phone: 048/413 45 41-6 ext. 126
e-mail: hu...@fp...=20
|
|
From: Ladislav H. <hu...@fp...> - 2004-07-02 11:51:30
|
What's the correct way to create CertPath? I have got several certificates and I need one whole CertPath. I tried it through jsdsi.sexp.CertificateFactory method engineGenerateCertPath, but it does not work (Exception in thread "main" java.lang.UnsupportedOperationException at jsdsi.sexp.CertificateFactory.engineGenerateCertPath(CertificateFactory.java:117) Thanks. Regards, Ladislav Huraj ----------------------------------------- Ladislav Huraj Dept. of Computer Science Faculty of Natural Sciences University of Matej Bel Tajovskeho 40 974 01 Banska Bystrica Slovakia phone: 048/413 45 41-6 ext. 126 e-mail: hu...@fp... |
|
From: Sean R. <sra...@ae...> - 2004-07-01 23:16:41
|
>From your CVS tree you can use Maven: maven javadoc This creates it under the directory 'target/docs/apidocs' if memory serves me correctly. Sean On Thu, 2004-07-01 at 17:07, Luis Pedro wrote: > Hi Sean, > > What tool u use to create the javadoc documentation? > > Thanks, > > -- Luis Pedro > > ---------------------------------------------------------------------------- > - > PORTUGAL na final do euro 2004 -- Dr. Sean Radford, MBBS, MSc sra...@ae... http://www.aegeus-technology.com |
1 message has been excluded from this view by a project administrator.
