jsdsi-users Mailing List for JSDSI (Page 4)
Status: Pre-Alpha
Brought to you by:
sajma
Menu
▾
▴
jsdsi-users — JSDSI Users
You can subscribe to this list here.
| 2004 |
Jan
|
Feb
(5) |
Mar
(10) |
Apr
(20) |
May
(26) |
Jun
(7) |
Jul
(10) |
Aug
(25) |
Sep
(1) |
Oct
|
Nov
(1) |
Dec
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 2005 |
Jan
|
Feb
|
Mar
|
Apr
|
May
|
Jun
(4) |
Jul
|
Aug
|
Sep
|
Oct
(6) |
Nov
(6) |
Dec
|
| 2006 |
Jan
(20) |
Feb
|
Mar
|
Apr
|
May
|
Jun
|
Jul
|
Aug
|
Sep
|
Oct
|
Nov
|
Dec
|
| 2007 |
Jan
|
Feb
(2) |
Mar
|
Apr
|
May
|
Jun
(2) |
Jul
|
Aug
|
Sep
|
Oct
(1) |
Nov
|
Dec
|
|
From: Sameer A. <aj...@gm...> - 2004-07-01 12:41:30
|
There's no command-line interface, if that's what you're asking. If you want to write your own, why write it in C? It would make a lot more sense to write a tool in Java that uses the JSDSI library to parse, sign, and do closures. Check out jsdsi.S2X for parsing examples and the files in the test directory for other examples. Sameer On Thu, 1 Jul 2004 16:38:06 +0530 (IST), Sudhanshu <sud...@ec...> wrote: > hi, > > i took these certs and their signatures from the interface directly, > and didn't write any code in java (if that's what you mean). > The version i'm using is 0.5, the latest one. > > Anyway, the certs on which these signatures are , are: > > (cert > (issuer > (public-key > (rsa-pkcs1-md5 > (e #010001#) > (n > |ALksH8+TZhac+r6O4avdCje8JISHNX4dOQESwxD+v7fX7OaNNu1nPAtkXpU > hWS0JBGonGqfg7sNosa4/h/I/sNOZfqxggktIN+nC6faM1zqU1k76P1/4CQx > 76kYNihtvz2dK79GC6RFMi/HhwZzIqjGqlXHmacxsQgLu2oOjZlr5|)))) > (subject (name sandy)) > (tag can_play_at_apollo) > (valid > (not-before "2004-06-02_12:23:34") > (not-after "2005-06-02_12:23:34"))) > > (cert > (issuer > (name > (public-key > (rsa-pkcs1-md5 > (e #010001#) > (n > |AOqFMTA5dbJ48Cscmert0dPQa2te1i8S+2dbgS47SuHH/U2DsnoYE4OlS > cGzAZxs0Kta8ROeGuLnlRY1naPe9rmUztsK9TDCnT+ooLDVv9YQy6gRfEc > hfDzyKqcegnWiPdBRH1W6Huia477i3AzHqzTnk18aSZeRf6h73b1abhhb| > ))) > "football gang")) > (subject (name swarit)) > (valid > (not-before "2004-06-02_12:23:34") > (not-after "2005-06-02_12:23:34"))) > > I don't think the certs could have caused the code to write MD5/RSA/PKCS#1 > instead of rsa-pkcs1-md5. > > Also, can your code be used to directly work on a set of input files, > rather than working from the interface. I couldn't make that happen, > so i'm presently writing my own code in C, to parse certs, signatures, > and compute closures. > > thanx, > sudhanshu > > > > > On Wed, 30 Jun 2004, Sean Radford wrote: > > > Hi, > > > > As far as I'm aware we are adhering to > > draft-ietf-spki-cert-structure-06.txt at the url you mention. Your > > signature algorythm you have is not in 'spki' format. > > > > It should be: rsa-pkcs1-md5 > > > > I imagine that this has occurred from the way you created your > > signatures (you haven't done anything wrong as such, it is just JSDSI > > hasn't sorted out its handling of algorithm names yet - there is a > > prototype of it as a branch in cvs: branch-algo) > > > > Hmm... Just noticed that your public key algo is set to rsa-pkcs1-md5... > > > > Are you able to post snipets of the code you are using to generate your > > keys and signatures? > > > > Sean > > > > On Wed, 2004-06-30 at 11:02, Sudhanshu wrote: > > > Thanx, > > > i decoded the base64 script and it turned out to be > > > > > > (14:MD5/RSA/PKCS#1) > > > > > > But are you using the same standard as i mentioned earlier, > > > ie. the draft-spki.txt, or is there a separate list of grammer rules > > > which have been defined by you and which you are using in your java > > > implementation. > > > > > > > > > sudhanshu > > > > > > > > > On Tue, 29 Jun 2004, Sameer Ajmani wrote: > > > > > > > According to the grammar in http://theworld.com/~cme/spki.txt, that > > > > field is the <pub-sig-alg-id> (signature algorithm identifier). It's > > > > odd that it is base64-encoded in your example; this is probably > > > > because your algorithm name contains characters that are not > > > > considered SPKI token characters (such as '/'). > > > > > > > > Sameer > > > > > > > > On Tue, 29 Jun 2004 22:01:47 +0530 (IST), Sudhanshu > > > > <sud...@ec...> wrote: > > > > > > > > > > > > > > > The two signatures shown below were signed by different public keys > > > > > but this parameter (as pointed out ) in both of them remains the same, > > > > > - as given by the java interface for sdsi. > > > > > Could you tell me what does this parameters stand for . > > > > > > > > > > (signature > > > > > (hash md5 |82Ped/N2E6e1EEymDz85+A==|) > > > > > (public-key > > > > > (rsa-pkcs1-md5 > > > > > (e #010001#) > > > > > (n > > > > > |ALksH8+TZhac+r6O4avdCje8JISHNX4dOQESwxD+v7fX7OaNNu1nPAtkXpUhWS0 > > > > > JBGonGqfg7sNosa4/h/I/sNOZfqxggktIN+nC6faM1zqU1k76P1/4CQx76kYNiht > > > > > vz2dK79GC6RFMi/HhwZzIqjGqlXHmacxsQgLu2oOjZlr5|))) > > > > > ==> (|TUQ1L1JTQS9QS0NTIzE=| > > > > > |SG6zQ2EXKJsHpPQsicx9Djkv6e4rImgdO55O1QoX8vN51qCsMOtw4M22HQlIgD8VKG2 > > > > > sQLAj0BVRMcFTsSPi77f8yVuz9GrpmLqwN65M2rN8DlWmPMwcCIcKHb2lrTLpxNPXboJ > > > > > PgFg1XUGGPnj0Z18RfkjLRwGwrY70ZddAxCE=|)) > > > > > > > > > > (signature > > > > > (hash md5 |65x3g1fH6v9opEMqXC+LOA==|) > > > > > (public-key > > > > > (rsa-pkcs1-md5 > > > > > (e #010001#) > > > > > (n > > > > > |AOqFMTA5dbJ48Cscmert0dPQa2te1i8S+2dbgS47SuHH/U2DsnoYE4OlScGzAZx > > > > > s0Kta8ROeGuLnlRY1naPe9rmUztsK9TDCnT+ooLDVv9YQy6gRfEchfDzyKqcegnW > > > > > iPdBRH1W6Huia477i3AzHqzTnk18aSZeRf6h73b1abhhb|))) > > > > > ==> (|TUQ1L1JTQS9QS0NTIzE=| > > > > > |YhoeMF8ogGe7sZ2m4XisPAuoxMXT25t70gLXgF6OsA4959pJ51pRA8wjtJ0EP3J5OVz > > > > > 0sDhgTIGQZF8ZiuQ429OQAYmrJp0BK0+9YL/awCsgPIb9kQG9OdQBTXvc4OYoDMSfkMo > > > > > BVDjxnkQKRrA+QcinXusPxKns7cKf6c/bGlA=|)) > > > > > > > > > > Also, could you tell me if there is any standard being followed for the > > > > > current rules of sdsi, ie. the structure of the certs, signatures,etc. > > > > > for eg. as the definition of a standard has been attempted in the > > > > > draft-ietf-spki-cert-structure-06.txt. > > > > > > > > > > link for the draft is http://theworld.com/~cme/spki.txt > > > > > > > > > > Thanx, > > > > > sudhanshu > > > > > > > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > > This SF.Net email sponsored by Black Hat Briefings & Training. > > > > Attend Black Hat Briefings & Training, Las Vegas July 24-29 - > > > > digital self defense, top technical experts, no vendor pitches, > > > > unmatched networking opportunities. Visit www.blackhat.com > > > > _______________________________________________ > > > > Jsdsi-users mailing list > > > > Jsd...@li... > > > > https://lists.sourceforge.net/lists/listinfo/jsdsi-users > > > > > > > > > > > > > > > > ------------------------------------------------------- > > > This SF.Net email sponsored by Black Hat Briefings & Training. > > > Attend Black Hat Briefings & Training, Las Vegas July 24-29 - > > > digital self defense, top technical experts, no vendor pitches, > > > unmatched networking opportunities. Visit www.blackhat.com > > > _______________________________________________ > > > Jsdsi-users mailing list > > > Jsd...@li... > > > https://lists.sourceforge.net/lists/listinfo/jsdsi-users > > > > ------------------------------------------------------- > This SF.Net email sponsored by Black Hat Briefings & Training. > Attend Black Hat Briefings & Training, Las Vegas July 24-29 - > digital self defense, top technical experts, no vendor pitches, > unmatched networking opportunities. Visit www.blackhat.com > _______________________________________________ > Jsdsi-users mailing list > Jsd...@li... > https://lists.sourceforge.net/lists/listinfo/jsdsi-users > > |
|
From: Sudhanshu <sud...@ec...> - 2004-07-01 11:08:53
|
hi,
i took these certs and their signatures from the interface directly,
and didn't write any code in java (if that's what you mean).
The version i'm using is 0.5, the latest one.
Anyway, the certs on which these signatures are , are:
(cert
(issuer
(public-key
(rsa-pkcs1-md5
(e #010001#)
(n
|ALksH8+TZhac+r6O4avdCje8JISHNX4dOQESwxD+v7fX7OaNNu1nPAtkXpU
hWS0JBGonGqfg7sNosa4/h/I/sNOZfqxggktIN+nC6faM1zqU1k76P1/4CQx
76kYNihtvz2dK79GC6RFMi/HhwZzIqjGqlXHmacxsQgLu2oOjZlr5|))))
(subject (name sandy))
(tag can_play_at_apollo)
(valid
(not-before "2004-06-02_12:23:34")
(not-after "2005-06-02_12:23:34")))
(cert
(issuer
(name
(public-key
(rsa-pkcs1-md5
(e #010001#)
(n
|AOqFMTA5dbJ48Cscmert0dPQa2te1i8S+2dbgS47SuHH/U2DsnoYE4OlS
cGzAZxs0Kta8ROeGuLnlRY1naPe9rmUztsK9TDCnT+ooLDVv9YQy6gRfEc
hfDzyKqcegnWiPdBRH1W6Huia477i3AzHqzTnk18aSZeRf6h73b1abhhb|
)))
"football gang"))
(subject (name swarit))
(valid
(not-before "2004-06-02_12:23:34")
(not-after "2005-06-02_12:23:34")))
I don't think the certs could have caused the code to write MD5/RSA/PKCS#1
instead of rsa-pkcs1-md5.
Also, can your code be used to directly work on a set of input files,
rather than working from the interface. I couldn't make that happen,
so i'm presently writing my own code in C, to parse certs, signatures,
and compute closures.
thanx,
sudhanshu
On Wed, 30 Jun 2004, Sean Radford wrote:
> Hi,
>
> As far as I'm aware we are adhering to
> draft-ietf-spki-cert-structure-06.txt at the url you mention. Your
> signature algorythm you have is not in 'spki' format.
>
> It should be: rsa-pkcs1-md5
>
> I imagine that this has occurred from the way you created your
> signatures (you haven't done anything wrong as such, it is just JSDSI
> hasn't sorted out its handling of algorithm names yet - there is a
> prototype of it as a branch in cvs: branch-algo)
>
> Hmm... Just noticed that your public key algo is set to rsa-pkcs1-md5...
>
> Are you able to post snipets of the code you are using to generate your
> keys and signatures?
>
> Sean
>
> On Wed, 2004-06-30 at 11:02, Sudhanshu wrote:
> > Thanx,
> > i decoded the base64 script and it turned out to be
> >
> > (14:MD5/RSA/PKCS#1)
> >
> > But are you using the same standard as i mentioned earlier,
> > ie. the draft-spki.txt, or is there a separate list of grammer rules
> > which have been defined by you and which you are using in your java
> > implementation.
> >
> >
> > sudhanshu
> >
> >
> > On Tue, 29 Jun 2004, Sameer Ajmani wrote:
> >
> > > According to the grammar in http://theworld.com/~cme/spki.txt, that
> > > field is the <pub-sig-alg-id> (signature algorithm identifier). It's
> > > odd that it is base64-encoded in your example; this is probably
> > > because your algorithm name contains characters that are not
> > > considered SPKI token characters (such as '/').
> > >
> > > Sameer
> > >
> > > On Tue, 29 Jun 2004 22:01:47 +0530 (IST), Sudhanshu
> > > <sud...@ec...> wrote:
> > > >
> > > >
> > > > The two signatures shown below were signed by different public keys
> > > > but this parameter (as pointed out ) in both of them remains the same,
> > > > - as given by the java interface for sdsi.
> > > > Could you tell me what does this parameters stand for .
> > > >
> > > > (signature
> > > > (hash md5 |82Ped/N2E6e1EEymDz85+A==|)
> > > > (public-key
> > > > (rsa-pkcs1-md5
> > > > (e #010001#)
> > > > (n
> > > > |ALksH8+TZhac+r6O4avdCje8JISHNX4dOQESwxD+v7fX7OaNNu1nPAtkXpUhWS0
> > > > JBGonGqfg7sNosa4/h/I/sNOZfqxggktIN+nC6faM1zqU1k76P1/4CQx76kYNiht
> > > > vz2dK79GC6RFMi/HhwZzIqjGqlXHmacxsQgLu2oOjZlr5|)))
> > > > ==> (|TUQ1L1JTQS9QS0NTIzE=|
> > > > |SG6zQ2EXKJsHpPQsicx9Djkv6e4rImgdO55O1QoX8vN51qCsMOtw4M22HQlIgD8VKG2
> > > > sQLAj0BVRMcFTsSPi77f8yVuz9GrpmLqwN65M2rN8DlWmPMwcCIcKHb2lrTLpxNPXboJ
> > > > PgFg1XUGGPnj0Z18RfkjLRwGwrY70ZddAxCE=|))
> > > >
> > > > (signature
> > > > (hash md5 |65x3g1fH6v9opEMqXC+LOA==|)
> > > > (public-key
> > > > (rsa-pkcs1-md5
> > > > (e #010001#)
> > > > (n
> > > > |AOqFMTA5dbJ48Cscmert0dPQa2te1i8S+2dbgS47SuHH/U2DsnoYE4OlScGzAZx
> > > > s0Kta8ROeGuLnlRY1naPe9rmUztsK9TDCnT+ooLDVv9YQy6gRfEchfDzyKqcegnW
> > > > iPdBRH1W6Huia477i3AzHqzTnk18aSZeRf6h73b1abhhb|)))
> > > > ==> (|TUQ1L1JTQS9QS0NTIzE=|
> > > > |YhoeMF8ogGe7sZ2m4XisPAuoxMXT25t70gLXgF6OsA4959pJ51pRA8wjtJ0EP3J5OVz
> > > > 0sDhgTIGQZF8ZiuQ429OQAYmrJp0BK0+9YL/awCsgPIb9kQG9OdQBTXvc4OYoDMSfkMo
> > > > BVDjxnkQKRrA+QcinXusPxKns7cKf6c/bGlA=|))
> > > >
> > > > Also, could you tell me if there is any standard being followed for the
> > > > current rules of sdsi, ie. the structure of the certs, signatures,etc.
> > > > for eg. as the definition of a standard has been attempted in the
> > > > draft-ietf-spki-cert-structure-06.txt.
> > > >
> > > > link for the draft is http://theworld.com/~cme/spki.txt
> > > >
> > > > Thanx,
> > > > sudhanshu
> > > >
> > > >
> > >
> > >
> > > -------------------------------------------------------
> > > This SF.Net email sponsored by Black Hat Briefings & Training.
> > > Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> > > digital self defense, top technical experts, no vendor pitches,
> > > unmatched networking opportunities. Visit www.blackhat.com
> > > _______________________________________________
> > > Jsdsi-users mailing list
> > > Jsd...@li...
> > > https://lists.sourceforge.net/lists/listinfo/jsdsi-users
> > >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.Net email sponsored by Black Hat Briefings & Training.
> > Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
> > digital self defense, top technical experts, no vendor pitches,
> > unmatched networking opportunities. Visit www.blackhat.com
> > _______________________________________________
> > Jsdsi-users mailing list
> > Jsd...@li...
> > https://lists.sourceforge.net/lists/listinfo/jsdsi-users
>
|
|
From: Sean R. <sra...@ae...> - 2004-06-30 10:26:42
|
Hi, As far as I'm aware we are adhering to draft-ietf-spki-cert-structure-06.txt at the url you mention. Your signature algorythm you have is not in 'spki' format. It should be: rsa-pkcs1-md5 I imagine that this has occurred from the way you created your signatures (you haven't done anything wrong as such, it is just JSDSI hasn't sorted out its handling of algorithm names yet - there is a prototype of it as a branch in cvs: branch-algo) Hmm... Just noticed that your public key algo is set to rsa-pkcs1-md5... Are you able to post snipets of the code you are using to generate your keys and signatures? Sean On Wed, 2004-06-30 at 11:02, Sudhanshu wrote: > Thanx, > i decoded the base64 script and it turned out to be > > (14:MD5/RSA/PKCS#1) > > But are you using the same standard as i mentioned earlier, > ie. the draft-spki.txt, or is there a separate list of grammer rules > which have been defined by you and which you are using in your java > implementation. > > > sudhanshu > > > On Tue, 29 Jun 2004, Sameer Ajmani wrote: > > > According to the grammar in http://theworld.com/~cme/spki.txt, that > > field is the <pub-sig-alg-id> (signature algorithm identifier). It's > > odd that it is base64-encoded in your example; this is probably > > because your algorithm name contains characters that are not > > considered SPKI token characters (such as '/'). > > > > Sameer > > > > On Tue, 29 Jun 2004 22:01:47 +0530 (IST), Sudhanshu > > <sud...@ec...> wrote: > > > > > > > > > The two signatures shown below were signed by different public keys > > > but this parameter (as pointed out ) in both of them remains the same, > > > - as given by the java interface for sdsi. > > > Could you tell me what does this parameters stand for . > > > > > > (signature > > > (hash md5 |82Ped/N2E6e1EEymDz85+A==|) > > > (public-key > > > (rsa-pkcs1-md5 > > > (e #010001#) > > > (n > > > |ALksH8+TZhac+r6O4avdCje8JISHNX4dOQESwxD+v7fX7OaNNu1nPAtkXpUhWS0 > > > JBGonGqfg7sNosa4/h/I/sNOZfqxggktIN+nC6faM1zqU1k76P1/4CQx76kYNiht > > > vz2dK79GC6RFMi/HhwZzIqjGqlXHmacxsQgLu2oOjZlr5|))) > > > ==> (|TUQ1L1JTQS9QS0NTIzE=| > > > |SG6zQ2EXKJsHpPQsicx9Djkv6e4rImgdO55O1QoX8vN51qCsMOtw4M22HQlIgD8VKG2 > > > sQLAj0BVRMcFTsSPi77f8yVuz9GrpmLqwN65M2rN8DlWmPMwcCIcKHb2lrTLpxNPXboJ > > > PgFg1XUGGPnj0Z18RfkjLRwGwrY70ZddAxCE=|)) > > > > > > (signature > > > (hash md5 |65x3g1fH6v9opEMqXC+LOA==|) > > > (public-key > > > (rsa-pkcs1-md5 > > > (e #010001#) > > > (n > > > |AOqFMTA5dbJ48Cscmert0dPQa2te1i8S+2dbgS47SuHH/U2DsnoYE4OlScGzAZx > > > s0Kta8ROeGuLnlRY1naPe9rmUztsK9TDCnT+ooLDVv9YQy6gRfEchfDzyKqcegnW > > > iPdBRH1W6Huia477i3AzHqzTnk18aSZeRf6h73b1abhhb|))) > > > ==> (|TUQ1L1JTQS9QS0NTIzE=| > > > |YhoeMF8ogGe7sZ2m4XisPAuoxMXT25t70gLXgF6OsA4959pJ51pRA8wjtJ0EP3J5OVz > > > 0sDhgTIGQZF8ZiuQ429OQAYmrJp0BK0+9YL/awCsgPIb9kQG9OdQBTXvc4OYoDMSfkMo > > > BVDjxnkQKRrA+QcinXusPxKns7cKf6c/bGlA=|)) > > > > > > Also, could you tell me if there is any standard being followed for the > > > current rules of sdsi, ie. the structure of the certs, signatures,etc. > > > for eg. as the definition of a standard has been attempted in the > > > draft-ietf-spki-cert-structure-06.txt. > > > > > > link for the draft is http://theworld.com/~cme/spki.txt > > > > > > Thanx, > > > sudhanshu > > > > > > > > > > > > ------------------------------------------------------- > > This SF.Net email sponsored by Black Hat Briefings & Training. > > Attend Black Hat Briefings & Training, Las Vegas July 24-29 - > > digital self defense, top technical experts, no vendor pitches, > > unmatched networking opportunities. Visit www.blackhat.com > > _______________________________________________ > > Jsdsi-users mailing list > > Jsd...@li... > > https://lists.sourceforge.net/lists/listinfo/jsdsi-users > > > > > > ------------------------------------------------------- > This SF.Net email sponsored by Black Hat Briefings & Training. > Attend Black Hat Briefings & Training, Las Vegas July 24-29 - > digital self defense, top technical experts, no vendor pitches, > unmatched networking opportunities. Visit www.blackhat.com > _______________________________________________ > Jsdsi-users mailing list > Jsd...@li... > https://lists.sourceforge.net/lists/listinfo/jsdsi-users -- Dr. Sean Radford, MBBS, MSc sra...@ae... http://www.aegeus-technology.com |
|
From: Sudhanshu <sud...@ec...> - 2004-06-30 10:02:25
|
Thanx, i decoded the base64 script and it turned out to be (14:MD5/RSA/PKCS#1) But are you using the same standard as i mentioned earlier, ie. the draft-spki.txt, or is there a separate list of grammer rules which have been defined by you and which you are using in your java implementation. sudhanshu On Tue, 29 Jun 2004, Sameer Ajmani wrote: > According to the grammar in http://theworld.com/~cme/spki.txt, that > field is the <pub-sig-alg-id> (signature algorithm identifier). It's > odd that it is base64-encoded in your example; this is probably > because your algorithm name contains characters that are not > considered SPKI token characters (such as '/'). > > Sameer > > On Tue, 29 Jun 2004 22:01:47 +0530 (IST), Sudhanshu > <sud...@ec...> wrote: > > > > > > The two signatures shown below were signed by different public keys > > but this parameter (as pointed out ) in both of them remains the same, > > - as given by the java interface for sdsi. > > Could you tell me what does this parameters stand for . > > > > (signature > > (hash md5 |82Ped/N2E6e1EEymDz85+A==|) > > (public-key > > (rsa-pkcs1-md5 > > (e #010001#) > > (n > > |ALksH8+TZhac+r6O4avdCje8JISHNX4dOQESwxD+v7fX7OaNNu1nPAtkXpUhWS0 > > JBGonGqfg7sNosa4/h/I/sNOZfqxggktIN+nC6faM1zqU1k76P1/4CQx76kYNiht > > vz2dK79GC6RFMi/HhwZzIqjGqlXHmacxsQgLu2oOjZlr5|))) > > ==> (|TUQ1L1JTQS9QS0NTIzE=| > > |SG6zQ2EXKJsHpPQsicx9Djkv6e4rImgdO55O1QoX8vN51qCsMOtw4M22HQlIgD8VKG2 > > sQLAj0BVRMcFTsSPi77f8yVuz9GrpmLqwN65M2rN8DlWmPMwcCIcKHb2lrTLpxNPXboJ > > PgFg1XUGGPnj0Z18RfkjLRwGwrY70ZddAxCE=|)) > > > > (signature > > (hash md5 |65x3g1fH6v9opEMqXC+LOA==|) > > (public-key > > (rsa-pkcs1-md5 > > (e #010001#) > > (n > > |AOqFMTA5dbJ48Cscmert0dPQa2te1i8S+2dbgS47SuHH/U2DsnoYE4OlScGzAZx > > s0Kta8ROeGuLnlRY1naPe9rmUztsK9TDCnT+ooLDVv9YQy6gRfEchfDzyKqcegnW > > iPdBRH1W6Huia477i3AzHqzTnk18aSZeRf6h73b1abhhb|))) > > ==> (|TUQ1L1JTQS9QS0NTIzE=| > > |YhoeMF8ogGe7sZ2m4XisPAuoxMXT25t70gLXgF6OsA4959pJ51pRA8wjtJ0EP3J5OVz > > 0sDhgTIGQZF8ZiuQ429OQAYmrJp0BK0+9YL/awCsgPIb9kQG9OdQBTXvc4OYoDMSfkMo > > BVDjxnkQKRrA+QcinXusPxKns7cKf6c/bGlA=|)) > > > > Also, could you tell me if there is any standard being followed for the > > current rules of sdsi, ie. the structure of the certs, signatures,etc. > > for eg. as the definition of a standard has been attempted in the > > draft-ietf-spki-cert-structure-06.txt. > > > > link for the draft is http://theworld.com/~cme/spki.txt > > > > Thanx, > > sudhanshu > > > > > > > ------------------------------------------------------- > This SF.Net email sponsored by Black Hat Briefings & Training. > Attend Black Hat Briefings & Training, Las Vegas July 24-29 - > digital self defense, top technical experts, no vendor pitches, > unmatched networking opportunities. Visit www.blackhat.com > _______________________________________________ > Jsdsi-users mailing list > Jsd...@li... > https://lists.sourceforge.net/lists/listinfo/jsdsi-users > |
|
From: Sameer A. <aj...@gm...> - 2004-06-30 03:36:57
|
According to the grammar in http://theworld.com/~cme/spki.txt, that field is the <pub-sig-alg-id> (signature algorithm identifier). It's odd that it is base64-encoded in your example; this is probably because your algorithm name contains characters that are not considered SPKI token characters (such as '/'). Sameer On Tue, 29 Jun 2004 22:01:47 +0530 (IST), Sudhanshu <sud...@ec...> wrote: > > > The two signatures shown below were signed by different public keys > but this parameter (as pointed out ) in both of them remains the same, > - as given by the java interface for sdsi. > Could you tell me what does this parameters stand for . > > (signature > (hash md5 |82Ped/N2E6e1EEymDz85+A==|) > (public-key > (rsa-pkcs1-md5 > (e #010001#) > (n > |ALksH8+TZhac+r6O4avdCje8JISHNX4dOQESwxD+v7fX7OaNNu1nPAtkXpUhWS0 > JBGonGqfg7sNosa4/h/I/sNOZfqxggktIN+nC6faM1zqU1k76P1/4CQx76kYNiht > vz2dK79GC6RFMi/HhwZzIqjGqlXHmacxsQgLu2oOjZlr5|))) > ==> (|TUQ1L1JTQS9QS0NTIzE=| > |SG6zQ2EXKJsHpPQsicx9Djkv6e4rImgdO55O1QoX8vN51qCsMOtw4M22HQlIgD8VKG2 > sQLAj0BVRMcFTsSPi77f8yVuz9GrpmLqwN65M2rN8DlWmPMwcCIcKHb2lrTLpxNPXboJ > PgFg1XUGGPnj0Z18RfkjLRwGwrY70ZddAxCE=|)) > > (signature > (hash md5 |65x3g1fH6v9opEMqXC+LOA==|) > (public-key > (rsa-pkcs1-md5 > (e #010001#) > (n > |AOqFMTA5dbJ48Cscmert0dPQa2te1i8S+2dbgS47SuHH/U2DsnoYE4OlScGzAZx > s0Kta8ROeGuLnlRY1naPe9rmUztsK9TDCnT+ooLDVv9YQy6gRfEchfDzyKqcegnW > iPdBRH1W6Huia477i3AzHqzTnk18aSZeRf6h73b1abhhb|))) > ==> (|TUQ1L1JTQS9QS0NTIzE=| > |YhoeMF8ogGe7sZ2m4XisPAuoxMXT25t70gLXgF6OsA4959pJ51pRA8wjtJ0EP3J5OVz > 0sDhgTIGQZF8ZiuQ429OQAYmrJp0BK0+9YL/awCsgPIb9kQG9OdQBTXvc4OYoDMSfkMo > BVDjxnkQKRrA+QcinXusPxKns7cKf6c/bGlA=|)) > > Also, could you tell me if there is any standard being followed for the > current rules of sdsi, ie. the structure of the certs, signatures,etc. > for eg. as the definition of a standard has been attempted in the > draft-ietf-spki-cert-structure-06.txt. > > link for the draft is http://theworld.com/~cme/spki.txt > > Thanx, > sudhanshu > > |
|
From: Sean R. <sra...@ae...> - 2004-06-28 16:42:59
|
Here's how I have implemented a solution to this problem (I'll illustrate with a user creating a document): 1. A user creates a document. 2. The document is signed (jsdsi.Signature) using the user's private key and the signature stored with the document. 3. A log entry is then created with the following details: - the user - the date - the document signature value calculated in 2 - the id of a reference log entry - the hash of the data values in the reference log entry 4. The log entry is then signed and the signature stored with it. In this way you can verify the integrity of the document by examining its signature and then tracking back through the signatures of the log entries (as far back as deemed appropriate). Hope that gives you some food for thought. Sean On Mon, 2004-06-28 at 17:13, Sameer Ajmani wrote: > Luis, > > This is an interesting idea. You're essentially proposing that each > user sign a statement that says that they did some task (such as > create a document, in your example). This serves as a signed audit > trail that can later be used to check whether people are doing their > jobs and (possibly) track down security problems. But it's not clear > whether signed logs really help, since if someone breaks into my > account and gains access to my private key, they can sign logs saying > whatever they want. But let's assume for now that we want signed > logs... > > One way to model this in SPKI/SDSI is with a cert whose subject is an > ObjectHash of the object that was created / modified (e.g., the > document). But it doesn't make much sense for this to be an AuthCert > (you're not authorizing the document) or a NameCert (you're not naming > the document), so you need some other way to make the statement (e.g., > a LogCert). I can see why you used a "tag" here---tags provide a > generic way to make any statement---but I don't think they're really > approprate (what does a SetTag or PrefixTag mean for a LogCert?) So > it seems like we need some other way to express what happened. > > Perhaps a Cert is the wrong model altogether. You're not really > certifying anything. But what you might want is for each log entry to > include a hash of the log entries that preceded it. This would be > cryptographic evidence of causal order, i.e., if my log entry "sold > some stock" includes the hash of your entry "discovered fundamental > flaw in business model," then people might question whether I had just > engaged in soem insider trading :) Of course, you would need a system > that forced me to include the hash of the most recent log entry for > this to work. > > I can't say more on this right now, but it's an inetresting topic. > I'm CC'ing jsdsi-users. > > Sameer > > > On Mon, 28 Jun 2004 16:54:04 +0100, Luis Pedro <lp...@ne...> wrote: > > > > Sameer, > > > > With all the work and the latest errors on jsdsi :), i forgot to ask you > > your opnion about one thing. > > > > Some guys here, proposed that after the certificates had been proved and the > > operation performed some register should be keeped of that operation and > > stored with the information of who done it, to prevent repudiation. > > > > Of every ideias that they gave i personally didn't like none and i had the > > ideia of making a LogCertificate basead on s-exps. The LogCertificate serves > > only to keep information of the user that performed the operation, it's not > > to be used on an kind o proving. The result was a certificate like this(just > > with issuer, tag, date and signed): > > > > (sequence > > (cert > > (issuer > > (public-key > > (rsa > > (e #010001#) > > (n > > > > |AL7JF0DGsaHbXU3q1Ev1cTvc47E0AzFmvQq61B2hOO8QBMux7ePfW5ilF63ZDgxUKnQLOuY1uUP > > Y0Ix1laylkbEmgO/ > > > > m4/MikVxvd7xUVKQHSe0AhlkdaBmttLoc7vTcab13Bs8OBWHNSFgAeKqBSB7FKTQto8fLqZ/yHPd > > 5gBuj|)))) > > (tag "criar documento") > > (date "2004-06-27_15:05:32")) > > (signature > > (hash md5 |T09AkMhiysUE6HHxKEMbcQ==|) > > (public-key > > (rsa > > (e #010001#) > > (n > > > > |AL7JF0DGsaHbXU3q1Ev1cTvc47E0AzFmvQq61B2hOO8QBMux7ePfW5ilF63ZDgxUKnQLOuY1uUP > > Y0Ix1laylkbEmgO/m4/ > > > > MikVxvd7xUVKQHSe0AhlkdaBmttLoc7vTcab13Bs8OBWHNSFgAeKqBSB7FKTQto8fLqZ/yHPd5gB > > uj|))) > > (MD5withRSA > > > > |AdlEIhnXmQMpzonnQsL4Htp9ACzQtAYTNoS0y1XfA3qLTd7qJ2CYJ0b8YsFpY31pkSNYpS8iYWP > > BNrfn68yKCu5Xs2aQR > > > > CQTGplUPeWGtk627XdFZJN2N6NgD5e423tn0OwxIZ1sLR0rpIkcNTh9z/J9VXoJoyfgcGGXa5wZZ > > v4=|))) > > > > What i want to ask u is if exist another way or even better way of storing > > this kind of information about the operation performed by a user? > > > > Thanks, > > > > -- Luis Pedro > > > > > > > ------------------------------------------------------- > This SF.Net email sponsored by Black Hat Briefings & Training. > Attend Black Hat Briefings & Training, Las Vegas July 24-29 - > digital self defense, top technical experts, no vendor pitches, > unmatched networking opportunities. Visit www.blackhat.com > _______________________________________________ > Jsdsi-users mailing list > Jsd...@li... > https://lists.sourceforge.net/lists/listinfo/jsdsi-users -- Dr. Sean Radford, MBBS, MSc sra...@ae... http://www.aegeus-technology.com |
|
From: Sameer A. <aj...@gm...> - 2004-06-28 16:13:34
|
Luis, This is an interesting idea. You're essentially proposing that each user sign a statement that says that they did some task (such as create a document, in your example). This serves as a signed audit trail that can later be used to check whether people are doing their jobs and (possibly) track down security problems. But it's not clear whether signed logs really help, since if someone breaks into my account and gains access to my private key, they can sign logs saying whatever they want. But let's assume for now that we want signed logs... One way to model this in SPKI/SDSI is with a cert whose subject is an ObjectHash of the object that was created / modified (e.g., the document). But it doesn't make much sense for this to be an AuthCert (you're not authorizing the document) or a NameCert (you're not naming the document), so you need some other way to make the statement (e.g., a LogCert). I can see why you used a "tag" here---tags provide a generic way to make any statement---but I don't think they're really approprate (what does a SetTag or PrefixTag mean for a LogCert?) So it seems like we need some other way to express what happened. Perhaps a Cert is the wrong model altogether. You're not really certifying anything. But what you might want is for each log entry to include a hash of the log entries that preceded it. This would be cryptographic evidence of causal order, i.e., if my log entry "sold some stock" includes the hash of your entry "discovered fundamental flaw in business model," then people might question whether I had just engaged in soem insider trading :) Of course, you would need a system that forced me to include the hash of the most recent log entry for this to work. I can't say more on this right now, but it's an inetresting topic. I'm CC'ing jsdsi-users. Sameer On Mon, 28 Jun 2004 16:54:04 +0100, Luis Pedro <lp...@ne...> wrote: > > Sameer, > > With all the work and the latest errors on jsdsi :), i forgot to ask you > your opnion about one thing. > > Some guys here, proposed that after the certificates had been proved and the > operation performed some register should be keeped of that operation and > stored with the information of who done it, to prevent repudiation. > > Of every ideias that they gave i personally didn't like none and i had the > ideia of making a LogCertificate basead on s-exps. The LogCertificate serves > only to keep information of the user that performed the operation, it's not > to be used on an kind o proving. The result was a certificate like this(just > with issuer, tag, date and signed): > > (sequence > (cert > (issuer > (public-key > (rsa > (e #010001#) > (n > > |AL7JF0DGsaHbXU3q1Ev1cTvc47E0AzFmvQq61B2hOO8QBMux7ePfW5ilF63ZDgxUKnQLOuY1uUP > Y0Ix1laylkbEmgO/ > > m4/MikVxvd7xUVKQHSe0AhlkdaBmttLoc7vTcab13Bs8OBWHNSFgAeKqBSB7FKTQto8fLqZ/yHPd > 5gBuj|)))) > (tag "criar documento") > (date "2004-06-27_15:05:32")) > (signature > (hash md5 |T09AkMhiysUE6HHxKEMbcQ==|) > (public-key > (rsa > (e #010001#) > (n > > |AL7JF0DGsaHbXU3q1Ev1cTvc47E0AzFmvQq61B2hOO8QBMux7ePfW5ilF63ZDgxUKnQLOuY1uUP > Y0Ix1laylkbEmgO/m4/ > > MikVxvd7xUVKQHSe0AhlkdaBmttLoc7vTcab13Bs8OBWHNSFgAeKqBSB7FKTQto8fLqZ/yHPd5gB > uj|))) > (MD5withRSA > > |AdlEIhnXmQMpzonnQsL4Htp9ACzQtAYTNoS0y1XfA3qLTd7qJ2CYJ0b8YsFpY31pkSNYpS8iYWP > BNrfn68yKCu5Xs2aQR > > CQTGplUPeWGtk627XdFZJN2N6NgD5e423tn0OwxIZ1sLR0rpIkcNTh9z/J9VXoJoyfgcGGXa5wZZ > v4=|))) > > What i want to ask u is if exist another way or even better way of storing > this kind of information about the operation performed by a user? > > Thanks, > > -- Luis Pedro > > |
|
From: Sean R. <sra...@ae...> - 2004-06-24 15:16:26
|
On Thu, 2004-06-24 at 12:01, Luis Pedro wrote: > Sean, >=20 > I'm using LDAPCertStore but i'm sure that the problem isn't from the > CertStore. Because LDAPCertStore class is almost equal to CertStore(use= s > jsdsi CertSelectors) the difference is that make connections to an LDAP. > I'll try to explain better. Yes, I agree there should be no difference. My only thinking is that I believe that jsdsi.CertStore does not allow certificates that result in a circular reference to be inserted, whereas I'm sure LDAPCertStore does - though as you correctly point out below: the tags are different so how could a circular reference be the problem. >=20 > Case(certs on the certstore): > 1. (key1 key2 (* set write save) (prop)) > 2. (key2 key3 (* set write save) (prop)) > 3. (key1 key3 (* set open send) (prop)) > 4. (key3 key2 (* set open send) (prop)) >=20 > Trying to prove (key1 key3 (save) (prop)) fails but if i try (key1 key2 > (open) (prop)) the prove succeds. If i delete cert n.=BA 4 and then mak= e the > prove (key1 key3 (save) (prop)), the prove succeds!! so prove (key1 key2 (open) (prop)) gives Proof with Cert3->Cert4 ? but prove (key1 key3 (save) (prop)) gives no proof found? when it should give Proof with Cert1->Cert2 then you delete Cert4 and prove (key1 key3 (save) (prop)) gives proof with Cert1->Cert2? Hmm... well if LDAPCertStore is retrieving Certificates correctly this suggest a problem with the Prover? (I'm in the process of developing a JDBC Cert Store - I'll test your scenario with that as soon as it is capable... won't be till Sunday I reckon) > I asked u because, i have seen some mails about the circular references= . In > all tests that i've done the problem is always when a case (key2 key3) = and > (key3 key2) ocurr. This can be seen has a circular reference(based on t= he > keys). What i don't understand is if this happens but the tags are diff= erent > how can this be seen has a circular reference. Is almost like i give u = a > permission to read file "abc.txt" and u can't give permission to read f= ile > "xpto.txt"!! >=20 > Thanks, >=20 > -- Luis Pedro =20 >=20 > =BB -----Original Message----- > =BB From: Sean Radford [mailto:sra...@ae...]=20 > =BB Sent: quinta-feira, 24 de Junho de 2004 1:25 > =BB To: Luis Pedro > =BB Cc: users jsdsi > =BB Subject: Re: Certificates proof > =BB =20 > =BB On Wed, 2004-06-23 at 18:18, Luis Pedro wrote: > =BB > Hi Sean, > =BB >=20 > =BB > I'm having a problem or maybe i'm understanding things wrong! > =BB >=20 > =BB > Imagine that i've three keys(key1, key2 and key3) > =BB >=20 > =BB > Now i make this certs: > =BB >=20 > =BB > (key1 key2 (*set write save) (prop)) > =BB > (key2 key3 (*set write save) (prop)) > =BB >=20 > =BB > And store them on a certstore. I make some proofs and=20 > =BB everything goes write. > =BB What proofs are you asking? > =BB I presume that you are using your LDAP CertStore? (if so,=20 > =BB have you tried > =BB with the 'normal' jsdsi in-memory CertStore (jsdsi.CertStore)? > =BB =20 > =BB > Now i make two more certs: > =BB >=20 > =BB > (key1 key3 (*set open send) (prop)) > =BB > (key3 key2 (*set open send) (prop)) > =BB >=20 > =BB > And store then on the same certstore. > =BB >=20 > =BB > When i try to make proofs with the last two certs all=20 > =BB goes right, but with > =BB > the first ones when i try to make a proof all goes=20 > =BB wrong and this didn't > =BB > happen before i insert the last ones on the certstore!!=20 > =BB What exactly happens when it goes wrong? > =BB Maybe something to do with the circular reference in the=20 > =BB certificate structure? > =BB Though I asked Sameer about 3 months ago regarding=20 > =BB circular references and he was > =BB confident that he had made steps to prevent this - though=20 > =BB that might have been only > =BB when using jsdsi.CertStore. > =BB =20 > =BB =20 > =BB Sean > =BB =20 > =BB > Can u explain me why this happens? The keys are the=20 > =BB same but the tags aren't > =BB > not the same. What can be happen? > =BB >=20 > =BB > Thanks, > =BB >=20 > =BB > -- Luis Pedro > =BB --=20 > =BB Dr. Sean Radford, MBBS, MSc > =BB sra...@ae... > =BB http://www.aegeus-technology.com > =BB =20 --=20 Dr. Sean Radford, MBBS, MSc sra...@ae... http://www.aegeus-technology.com |
|
From: Sean R. <sra...@ae...> - 2004-06-24 00:27:39
|
On Wed, 2004-06-23 at 18:18, Luis Pedro wrote: > Hi Sean, > > I'm having a problem or maybe i'm understanding things wrong! > > Imagine that i've three keys(key1, key2 and key3) > > Now i make this certs: > > (key1 key2 (*set write save) (prop)) > (key2 key3 (*set write save) (prop)) > > And store them on a certstore. I make some proofs and everything goes write. What proofs are you asking? I presume that you are using your LDAP CertStore? (if so, have you tried with the 'normal' jsdsi in-memory CertStore (jsdsi.CertStore)? > Now i make two more certs: > > (key1 key3 (*set open send) (prop)) > (key3 key2 (*set open send) (prop)) > > And store then on the same certstore. > > When i try to make proofs with the last two certs all goes right, but with > the first ones when i try to make a proof all goes wrong and this didn't > happen before i insert the last ones on the certstore!! What exactly happens when it goes wrong? Maybe something to do with the circular reference in the certificate structure? Though I asked Sameer about 3 months ago regarding circular references and he was confident that he had made steps to prevent this - though that might have been only when using jsdsi.CertStore. Sean > Can u explain me why this happens? The keys are the same but the tags aren't > not the same. What can be happen? > > Thanks, > > -- Luis Pedro -- Dr. Sean Radford, MBBS, MSc sra...@ae... http://www.aegeus-technology.com |
|
From: <ben...@id...> - 2004-05-25 09:40:40
|
Dear Open Source developer I am doing a research project on "Fun and Software Development" in which I kindly invite you to participate. You will find the online survey under http://fasd.ethz.ch/qsf/. The questionnaire consists of 53 questions and you will need about 15 minutes to complete it. With the FASD project (Fun and Software Development) we want to define the motivational significance of fun when software developers decide to engage in Open Source projects. What is special about our research project is that a similar survey is planned with software developers in commercial firms. This procedure allows the immediate comparison between the involved individuals and the conditions of production of these two development models. Thus we hope to obtain substantial new insights to the phenomenon of Open Source Development. With many thanks for your participation, Benno Luthiger PS: The results of the survey will be published under http://www.isu.unizh.ch/fuehrung/blprojects/FASD/. We have set up the mailing list fa...@we... for this study. Please see http://fasd.ethz.ch/qsf/mailinglist_en.html for registration to this mailing list. _______________________________________________________________________ Benno Luthiger Swiss Federal Institute of Technology Zurich 8092 Zurich Mail: benno.luthiger(at)id.ethz.ch _______________________________________________________________________ |
|
From: Sean R. <sra...@ae...> - 2004-05-17 16:28:32
|
Luis, Does that mean that you have got your Serializers working, or are you short-cutting for now and just going via Strings? Sean On Mon, 2004-05-17 at 16:27, Sameer Ajmani wrote: > Yes--convert it to a Sexp and use the writeTransport method to write it in > transport form (base64-encoded). You can do this with any Obj, in fact. > If you want the string to be readable, use writeReadable instead (it's > less compact, though). On the receiving end, just read the Sexp from a > stream and use Tag.parseTag (or Obj.parseObj and cast it to Tag). > > > Sameer, > > > > Is there a way of passing a Tag as String and put it back on as Tag? I > > need this to pass tags trough soap. > > > > -- Luis Pedro > > > http://ajmani.net > > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: SourceForge.net Broadband > Sign-up now for SourceForge Broadband and get the fastest > 6.0/768 connection for only $19.95/mo for the first 3 months! > http://ads.osdn.com/?ad_id=2562&alloc_id=6184&op=click > _______________________________________________ > Jsdsi-users mailing list > Jsd...@li... > https://lists.sourceforge.net/lists/listinfo/jsdsi-users -- Dr. Sean Radford, MBBS, MSc sra...@ae... http://www.aegeus-technology.com |
|
From: Sameer A. <aj...@cs...> - 2004-05-17 15:27:51
|
Yes--convert it to a Sexp and use the writeTransport method to write it in transport form (base64-encoded). You can do this with any Obj, in fact. If you want the string to be readable, use writeReadable instead (it's less compact, though). On the receiving end, just read the Sexp from a stream and use Tag.parseTag (or Obj.parseObj and cast it to Tag). > Sameer, > > Is there a way of passing a Tag as String and put it back on as Tag? I > need this to pass tags trough soap. > > -- Luis Pedro http://ajmani.net |
|
From: Sean R. <sra...@ae...> - 2004-05-13 08:45:39
|
Hmm... The jsdsi mailing list should be being archived. I see that there are some for jsdsi-dev for Apr. Anything to do with the SF problem of keeping project stats up to date? Sean On Wed, 2004-05-12 at 20:39, Carla Marceau wrote: > I would think these messages would be being saved and posted automatically > from https://lists.sourceforge.net/lists/listinfo/jsdsi-users. However, I > don't any messages posted there from April or May. > > -----Original Message----- > From: Sameer Ajmani [mailto:aj...@cs...] > Sent: Wednesday, May 12, 2004 3:30 PM > To: gna...@ab... > Cc: jsd...@li... > Subject: Re: [Jsdsi-users] Specific Tag > > > I have these messages saved in my personal mail folders. Would it be sueful > to post them online somewhere? Does anyone know an easy way to extract > messages into HTML from mbox format? > > Sameer > > >>> Thanks, I couldn't find any hash chains or validation trees > >>> references in the archives at a first search. I'll try to look at > >>> them closer. > >> Just to clarify... Sameer is talking of the SPKI mailing list, not > >> JSDSI. > > > > Thanks, that's what I though. I searched: > > > > http://www.sandelman.ottawa.on.ca/spki/ > > http://groups.yahoo.com/group/spki/messages > > > > guillermo > > > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by Sleepycat Software > > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to > > deliver higher performing products faster, at low TCO. > > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 > > _______________________________________________ > > Jsdsi-users mailing list > > Jsd...@li... > > https://lists.sourceforge.net/lists/listinfo/jsdsi-users > > > http://ajmani.net > > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by Sleepycat Software > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to > deliver higher performing products faster, at low TCO. > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 > _______________________________________________ > Jsdsi-users mailing list > Jsd...@li... > https://lists.sourceforge.net/lists/listinfo/jsdsi-users > > > ------------------------------------------------------- > This SF.Net email is sponsored by Sleepycat Software > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to > deliver higher performing products faster, at low TCO. > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 > _______________________________________________ > Jsdsi-users mailing list > Jsd...@li... > https://lists.sourceforge.net/lists/listinfo/jsdsi-users -- Dr. Sean Radford, MBBS, MSc sra...@ae... http://www.aegeus-technology.com |
|
From: Carla M. <ca...@at...> - 2004-05-12 19:39:46
|
I would think these messages would be being saved and posted automatically from https://lists.sourceforge.net/lists/listinfo/jsdsi-users. However, I don't any messages posted there from April or May. -----Original Message----- From: Sameer Ajmani [mailto:aj...@cs...] Sent: Wednesday, May 12, 2004 3:30 PM To: gna...@ab... Cc: jsd...@li... Subject: Re: [Jsdsi-users] Specific Tag I have these messages saved in my personal mail folders. Would it be sueful to post them online somewhere? Does anyone know an easy way to extract messages into HTML from mbox format? Sameer >>> Thanks, I couldn't find any hash chains or validation trees >>> references in the archives at a first search. I'll try to look at >>> them closer. >> Just to clarify... Sameer is talking of the SPKI mailing list, not >> JSDSI. > > Thanks, that's what I though. I searched: > > http://www.sandelman.ottawa.on.ca/spki/ > http://groups.yahoo.com/group/spki/messages > > guillermo > > > > ------------------------------------------------------- > This SF.Net email is sponsored by Sleepycat Software > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to > deliver higher performing products faster, at low TCO. > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 > _______________________________________________ > Jsdsi-users mailing list > Jsd...@li... > https://lists.sourceforge.net/lists/listinfo/jsdsi-users http://ajmani.net ------------------------------------------------------- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 _______________________________________________ Jsdsi-users mailing list Jsd...@li... https://lists.sourceforge.net/lists/listinfo/jsdsi-users |
|
From: Sameer A. <aj...@cs...> - 2004-05-12 19:29:41
|
I have these messages saved in my personal mail folders. Would it be sueful to post them online somewhere? Does anyone know an easy way to extract messages into HTML from mbox format? Sameer >>> Thanks, I couldn't find any hash chains or validation trees >>> references in the archives at a first search. I'll try to look at >>> them closer. >> Just to clarify... Sameer is talking of the SPKI mailing list, not >> JSDSI. > > Thanks, that's what I though. I searched: > > http://www.sandelman.ottawa.on.ca/spki/ > http://groups.yahoo.com/group/spki/messages > > guillermo > > > > ------------------------------------------------------- > This SF.Net email is sponsored by Sleepycat Software > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to > deliver higher performing products faster, at low TCO. > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 > _______________________________________________ > Jsdsi-users mailing list > Jsd...@li... > https://lists.sourceforge.net/lists/listinfo/jsdsi-users http://ajmani.net |
|
From: Guillermo N. <gna...@cc...> - 2004-05-12 19:20:03
|
Sean Radford <sra...@ae...> writes: >> -(by the way, is there any way that I can put the hash >> into the "tag" so it is ignored by the intersection algorithm?) > Nope. I think that putting them in the comment is perfectly allowable > though. Ok, thanks. >> > Hash chains are useful to create certificate revocation and validation >> > lists and trees, and JSDSI currently has no support for them. A long time >> > ago I proposed a format for hash chains to the SPKI mailing list; perhaps >> > I should dig that up. You might search the SPKI mailing list archives for >> > mention of hash chains or validation trees. >> >> Thanks, I couldn't find any hash chains or validation trees references >> in the archives at a first search. I'll try to look at them closer. > Just to clarify... Sameer is talking of the SPKI mailing list, not > JSDSI. Thanks, that's what I though. I searched: http://www.sandelman.ottawa.on.ca/spki/ http://groups.yahoo.com/group/spki/messages guillermo |
|
From: Sean R. <sra...@ae...> - 2004-05-12 18:34:53
|
On Wed, 2004-05-12 at 17:27, Luis Pedro wrote: > Hi jsdsi users, > > Has anyone tryed to use jsdsi with soap? I'm interested to know if someone > tryed to pass sdsi certificates via soap? > > If yes, i would like to know how it used the serializers? Made new ones that > implemented org.apache.soap.util.xml or used the predifined ones like > BeanSerializer? > I started to do so about a year ago. Hit the serializer issue and never had time to implement anything, so no... :-( Sean > Thanks; > > -- Luis Pedro > > > > > ------------------------------------------------------- > This SF.Net email is sponsored by Sleepycat Software > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to > deliver higher performing products faster, at low TCO. > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 > _______________________________________________ > Jsdsi-users mailing list > Jsd...@li... > https://lists.sourceforge.net/lists/listinfo/jsdsi-users -- Dr. Sean Radford, MBBS, MSc sra...@ae... http://www.aegeus-technology.com |
|
From: Sean R. <sra...@ae...> - 2004-05-12 18:33:40
|
On Wed, 2004-05-12 at 17:51, Guillermo Navarro wrote: > Sameer Ajmani <aj...@cs...> writes: > > I think checking the hash chain somewhere else makes sense. The ID is > > enough to uniquely identify a hash chain, and the index ensures proper > > ordering, so together they are enough for the Prover to build the > > certificate chain. Assuming the certificates were created correctly, then > > the hash chain should also be correct. Of course, the Verifier will need > > to check that this is in fact true! > > > > Also, I don't think "h2 = h(h1)" is really in the spirit of tag > > "intersection" -- contrast with the intersection rules for sets, ranges, > > prefixes, etc, which are more intuitive. > > yes, that's true, it is by no means intuitive :) I am currently doing > what you outline. I put the hash value into the comment of the > certificate - > -(by the way, is there any way that I can put the hash > into the "tag" so it is ignored by the intersection algorithm?) Nope. I think that putting them in the comment is perfectly allowable though. > --, and > the verifier stores all the hashes in order to check them later. > > I use the hash as some sort of authorization token I just though it > may be easier if the intersection could ensure the validity of the > hash. But, in fact, is not that "nconfortable to check it later. > > > I actually think hash chains ought to be a separate primitive in JSDSI. > > Hash chains are useful to create certificate revocation and validation > > lists and trees, and JSDSI currently has no support for them. A long time > > ago I proposed a format for hash chains to the SPKI mailing list; perhaps > > I should dig that up. You might search the SPKI mailing list archives for > > mention of hash chains or validation trees. > > Thanks, I couldn't find any hash chains or validation trees references > in the archives at a first search. I'll try to look at them closer. Just to clarify... Sameer is talking of the SPKI mailing list, not JSDSI. > Thanks for the advice. > > Guillermo > > > > ------------------------------------------------------- > This SF.Net email is sponsored by Sleepycat Software > Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to > deliver higher performing products faster, at low TCO. > http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 > _______________________________________________ > Jsdsi-users mailing list > Jsd...@li... > https://lists.sourceforge.net/lists/listinfo/jsdsi-users -- Dr. Sean Radford, MBBS, MSc sra...@ae... http://www.aegeus-technology.com |
|
From: Guillermo N. <gna...@cc...> - 2004-05-12 16:58:20
|
Sameer Ajmani <aj...@cs...> writes: > I think checking the hash chain somewhere else makes sense. The ID is > enough to uniquely identify a hash chain, and the index ensures proper > ordering, so together they are enough for the Prover to build the > certificate chain. Assuming the certificates were created correctly, then > the hash chain should also be correct. Of course, the Verifier will need > to check that this is in fact true! > > Also, I don't think "h2 = h(h1)" is really in the spirit of tag > "intersection" -- contrast with the intersection rules for sets, ranges, > prefixes, etc, which are more intuitive. yes, that's true, it is by no means intuitive :) I am currently doing what you outline. I put the hash value into the comment of the certificate --(by the way, is there any way that I can put the hash into the "tag" so it is ignored by the intersection algorithm?)--, and the verifier stores all the hashes in order to check them later. I use the hash as some sort of authorization token I just though it may be easier if the intersection could ensure the validity of the hash. But, in fact, is not that "nconfortable to check it later. > I actually think hash chains ought to be a separate primitive in JSDSI. > Hash chains are useful to create certificate revocation and validation > lists and trees, and JSDSI currently has no support for them. A long time > ago I proposed a format for hash chains to the SPKI mailing list; perhaps > I should dig that up. You might search the SPKI mailing list archives for > mention of hash chains or validation trees. Thanks, I couldn't find any hash chains or validation trees references in the archives at a first search. I'll try to look at them closer. Thanks for the advice. Guillermo |
|
From: Luis P. <lp...@ne...> - 2004-05-12 16:27:08
|
Hi jsdsi users, Has anyone tryed to use jsdsi with soap? I'm interested to know if someone tryed to pass sdsi certificates via soap? If yes, i would like to know how it used the serializers? Made new ones that implemented org.apache.soap.util.xml or used the predifined ones like BeanSerializer? Thanks; -- Luis Pedro |
|
From: Sameer A. <aj...@cs...> - 2004-05-10 00:50:24
|
> As you told me I can achieve points 1 and 2 using existing jsdsi tags, > but I think that for point three I need to redefine the intersection > function. That is why I first though about extending > jsdsi.Tag. Another possibility is to avoid evaluating point 3 in the > intersection, but then the hash verification has to be done somewhere > else. I think checking the hash chain somewhere else makes sense. The ID is enough to uniquely identify a hash chain, and the index ensures proper ordering, so together they are enough for the Prover to build the certificate chain. Assuming the certificates were created correctly, then the hash chain should also be correct. Of course, the Verifier will need to check that this is in fact true! Also, I don't think "h2 = h(h1)" is really in the spirit of tag "intersection" -- contrast with the intersection rules for sets, ranges, prefixes, etc, which are more intuitive. I actually think hash chains ought to be a separate primitive in JSDSI. Hash chains are useful to create certificate revocation and validation lists and trees, and JSDSI currently has no support for them. A long time ago I proposed a format for hash chains to the SPKI mailing list; perhaps I should dig that up. You might search the SPKI mailing list archives for mention of hash chains or validation trees. Sameer |
|
From: Guillermo N. <gna...@cc...> - 2004-05-08 19:10:42
|
Hi, apologies for not writing before I've been very busy these weeks. First of all thanks to all of you for your answers and suggestions. I will try to explain a little bit more the tag I am using and the meaning of the hash. The main idea comes from micropayments as hashed chains. Were we may have a hash chain like this: h^n(m),...,h^1(m),h^0(m) What I do is to consider each element of the chain as an authorization, thus a tag. I consider each element as: (id, index, val): (id,n,h^n(m)),...,(id,1,h^1(m)), (id,0,h^0(m)). To intersect them, imagine I have (id, 2, h^2(m)) and (id, 3, h^3(m)). The intersection should be (id,3,h^3(m)), because: 1- id's are iqual. 2- 3 is greater or equal to 2 3- and h^3(m)=h(h^2(m)) As you told me I can achieve points 1 and 2 using existing jsdsi tags, but I think that for point three I need to redefine the intersection function. That is why I first though about extending jsdsi.Tag. Another possibility is to avoid evaluating point 3 in the intersection, but then the hash verification has to be done somewhere else. I am sorry I've my previous post were not very clear, and thanks again for your interest. As I told you I've been quite busy, if I get something out of this I will let you now. Guillermo |
|
From: Sean R. <sra...@ae...> - 2004-05-07 13:15:00
|
Hi,
I've been playing around with your problem this morning and have created
a class which I hope illustrates what you are trying to do.
- In doing so I fixed some (not necessarily related issues to your
problem) and so you'll need the current snapshot build of jsdsi.
Regards,
Sean
On Thu, 2004-05-06 at 00:45, Feng-Shuo wrote:
> Following up Mr. Ajmani's previous email, he suggested me to rewrite in
> following way:
> Client:
> FileOutputStream pd_file_out = new
> FileOutputStream("server_agent_queue.txt",
> true);
> jsdsi.sexp.ObjOutputStream pd_oos = new
> jsdsi.sexp.ObjOutputStream(pd_file_out);
> ==> pd_oos.writeCanonical(proof.getSequence());
> pd_file_out.close();
>
> Server:
> FileInputStream file_in = new FileInputStream("server_agent_queue.txt");
> jsdsi.sexp.ObjInputStream ois = new jsdsi.sexp.ObjInputStream(fis);
> while (true) {
> if (ois.available() > 0) {
> ==> jsdsi.Proof pf = new Proof (Certificate.fromSequence
> ((jsdsi.Sequence) ois.readObj()));
> break;
> }
> }
>
> Then, I tried this method, and come up the following questions and output:
> So the client's proof before send out is
> (proof
>
> Result cert ==>
> (cert
> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> (subject (public-key (rsa (e #03#) (n SCS_F)))))
>
> 5 Proof sequence ==>
> (sequence
> (cert
> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> (signature
> (hash md5 HASH-VALUE)
> (public-key (rsa (e #03#) (n MATT)))
> (rsa-pkcs1-md5 SIGNATURE-VALUE))
> ....
> (cert
> (issuer (name (public-key (rsa (e #03#) (n SCS))) scs_faculty))
> (subject (public-key (rsa (e #03#) (n SCS_F)))))
> (signature
> (hash md5 HASH-VALUE)
> (public-key (rsa (e #03#) (n SCS)))
> (rsa-pkcs1-md5 SIGNATURE-VALUE))))
>
> Then the result server get is:
> (proof
> (cert
> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> (sequence
> (cert
> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> (signature
> (hash md5 HASH-VALUE)
> (public-key (rsa (e #03#) (n MATT)))
> (rsa-pkcs1-md5 SIGNATURE-VALUE))))
>
> which is only one of original proof certificates and its resutl proof cert
> is changed also!
>
> Then my questions again are:
> 1. If my client side supplies a proof that actually composes of 5 proofs
> sequence certificates with 1 proof result cert in above fashion:
> However, by using Mr. Ajmani's previous method, I can only receive one
> proof which is the very first one and the result proof cert is changed too!
> So my questions are how to maintain result proof cert intact and how to
> compose serveral proofs into one proof
> (I tried the way that client ship certifcates one by one which is from
> proof.getCertificates() then server builds proofs by received certificates
> then server uses proof.compose(proof) to concatenate those 5 proof
> certificates to 1 proof but error is thrown when server try to compose and i
> don't think the result cert will retain in such way neither)
>
> 2. When run the CertPathValidator, which cert and certstore I should feed
> in CertPathParameters? (Is cert = (AclEntry which requests proofs)? Is
> certstore = (client/server certstore)? )
>
> Sorry about the confusion and thanks for your answering in advanced!
>
> Matt
>
> ----- Original Message -----
> From: "Sean Radford" <sra...@ae...>
> To: "Feng-Shuo" <fc...@an...>
> Cc: "Mr. Sameer Ajmani" <aj...@cs...>; "users jsdsi"
> <jsd...@li...>
> Sent: Wednesday, May 05, 2004 6:47 PM
> Subject: Re: <What's the correct way to send over Proof?>
>
>
> > Hi,
> >
> > Not entirely sure I follow what you mean, but do you mean that when you
> > read a file (called 'file-from-client.txt' for example) containing:
> >
> > (proof
> > (cert
> > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> > (subject (public-key (rsa (e #03#) (n SCS_F)))))
> > (sequence
> > (cert
> > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> > (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> > (signature
> > (hash md5 HASH-VALUE)
> > (public-key (rsa (e #03#) (n MATT)))
> > (rsa-pkcs1-md5 SIGNATURE-VALUE))
> > ... [3 cert/signature pairs not included for brevity] ...
> > (cert
> > (issuer (name (public-key (rsa (e #03#) (n SCS))) scs_faculty))
> > (subject (public-key (rsa (e #03#) (n SCS_F)))))
> > (signature
> > (hash md5 HASH-VALUE)
> > (public-key (rsa (e #03#) (n SCS)))
> > (rsa-pkcs1-md5 SIGNATURE-VALUE))))
> >
> >
> > using something like:
> >
> > FileInputStream fis = new FileInputStream("file-from-client.txt");
> > jsdsi.sexp.ObjInputStream ois = new
> > jsdsi.sexp.ObjInputStream(fis);
> > jsdsi.Proof proof = (jsdsi.Proof) ois.readObj();
> >
> > you get the Proof:
> >
> > (proof
> > (cert
> > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> > (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> > (sequence
> > (cert
> > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> > (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> > (signature
> > (hash md5 HASH-VALUE)
> > (public-key (rsa (e #03#) (n MATT)))
> > (rsa-pkcs1-md5 SIGNATURE-VALUE))))
> >
> > ?
> >
> >
> >
> > On Wed, 2004-05-05 at 22:54, Feng-Shuo wrote:
> > > Other questions about proof transmission:
> > > 1. If my client side supplies a proof that actually composes of 5 proofs
> > > sequence certificates with 1 proof result cert in following fashion:
> > > However, by using above method, I can only receive one proof which
> is
> > > the very first one and the result proof cert is changed too!
> > > So my questions are how to maintain result proof cert intact and how
> to
> > > compose serveral proofs into one proof
> > > (I tried the way that client ship proof.getCertificates one by one
> then
> > > server build proofs by certificates then I use proof.compose to
> concatenate
> > > those 5 proof certificates but error is thrown when compose! and i don't
> > > think the result cert will retain in such way neither)
> > >
> > > 2. When run the CertPathValidator, which cert and certstore I should
> feed
> > > in CertPathParameters? (Is cert = AclEntry which requestd proofs? Is
> > > certstore = client/server certstore? )
> > >
> > > Client:
> > > (proof
> > >
> > > Result cert ==>
> > > (cert
> > > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> > > (subject (public-key (rsa (e #03#) (n SCS_F)))))
> > >
> > > 5 Proof sequence ==>
> > > (sequence
> > > (cert
> > > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> > > (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> > > (signature
> > > (hash md5 HASH-VALUE)
> > > (public-key (rsa (e #03#) (n MATT)))
> > > (rsa-pkcs1-md5 SIGNATURE-VALUE))
> > > ....
> > > (cert
> > > (issuer (name (public-key (rsa (e #03#) (n SCS))) scs_faculty))
> > > (subject (public-key (rsa (e #03#) (n SCS_F)))))
> > > (signature
> > > (hash md5 HASH-VALUE)
> > > (public-key (rsa (e #03#) (n SCS)))
> > > (rsa-pkcs1-md5 SIGNATURE-VALUE))))
> > >
> > > Server:
> > > (proof
> > > (cert
> > > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> > > (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> > > (sequence
> > > (cert
> > > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> > > (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> > > (signature
> > > (hash md5 HASH-VALUE)
> > > (public-key (rsa (e #03#) (n MATT)))
> > > (rsa-pkcs1-md5 SIGNATURE-VALUE))))
> > >
> > >
> > >
> > > ----- Original Message -----
> > > From: "Sean Radford" <sra...@ae...>
> > > To: "Mr. Sameer Ajmani" <aj...@cs...>
> > > Cc: <fc...@an...>; "users jsdsi"
> > > <jsd...@li...>
> > > Sent: Wednesday, May 05, 2004 4:57 PM
> > > Subject: Re: <What's the correct way to send over Proof?>
> > >
> > >
> > > > On Wed, 2004-05-05 at 21:49, Sameer Ajmani wrote:
> > > > > Good idea. The site should also include a HOWTO for several common
>
> > > tasks:
> > > > > creating keys, certificates, signatures, proofs, writing and reading
> > > these
> > > > > from a file or the network, etc.
> > > > >
> > > > Another good idea... I'll try to make a start on that this w/e (the
> > > > HOWTO) - if the Proof stuff isn't done by then I'll try for that
> too....
> > > >
> > > >
> > > > Sean
> > > >
> > > > > Sameer
> > > > >
> > > > > > On Wed, 2004-05-05 at 12:16, Sameer Ajmani wrote:
> > > > > >> You can transfer a Proof as a Sequence (using proof.getSequence).
> > > But
> > > > > >> we should probably add support for transferring it just as a
> Proof.
> > > > > >> The reason I didn't in the firts place is because Proof isn't
> > > actually
> > > > > >> an official SPKI/SDSI datatype---it's specific to JSDSI.
> > > > > >>
> > > > > >
> > > > > > I'd vote for making Proof SExpression'able (and consequently
> implement
> > > > > > java.io.Serializable). Just seems sensible and thinking about
> it... I
> > > > > > hit the same problem (but never got round to raising the issue)
> about
> > > a
> > > > > > year ago!
> > > > > >
> > > > > > Guess we should be adding things like this to the 'Future Work'
> > > section
> > > > > > of the site (so we don't forget them) - until we get an issue
> tracking
> > > > > > application going...
> > > > > >
> > > > > > Regards,
> > > > > >
> > > > > > Sean
> > > > > >
> > > > > >> Sameer
> > > > > >>
> > > > > >> > Dear Sameer, Sean, and jsdsi experts,
> > > > > >> >
> > > > > >> > Orignial NameCert or AuthCert which are be embedded in
> Certifcate
> > > > > >> can be sent and receive well by using CertificateFactory Engine
> But
> > > > > >> now, after the client generates proof from certificate discovery,
> > > > > >> how should I send this over correctly? Currently, I try to use
> > > > > >> jsdsi.ObjOutputStream and jsdsi.ObjInputStream: Client:
> > > > > >> > FileOutputStream pd_file_out = new
> > > > > >> > FileOutputStream("server_agent_queue.txt", true);
> > > > > >> > jsdsi.sexp.ObjOutputStream pd_oos = new
> > > > > >> > jsdsi.sexp.ObjOutputStream(pd_file_out);
> > > > > >> > pd_oos.writeCanonical(proof);
> > > > > >> > pd_file_out.close();
> > > > > >> >
> > > > > >> > Server:
> > > > > >> > FileInputStream file_in = new
> > > > > >> > FileInputStream("server_agent_queue.txt");
> > > jsdsi.sexp.ObjInputStream
> > > > > >> ois = new jsdsi.sexp.ObjInputStream(fis); while (true) {
> > > > > >> > if (ois.available() > 0) {
> > > > > >> > ===> jsdsi.Proof pf = (jsdsi.Proof) ois.readObj();
> > > > > >> > break;
> > > > > >> > }
> > > > > >> > }
> > > > > >> >
> > > > > >> > But it occures following error on ===> line:
> > > > > >> > jsdsi.sexp.SexpParseException: unrecognized object type: proof
> > > > > >> >
> > > > > >> > Any idea, please? and Thanks for answer in advanced!
> > > > > >> >
> > > > > >> > Sincerely,
> > > > > >> >
> > > > > >> > Matt
> > > > > >>
> > > > > >>
> > > > > >> http://ajmani.net
> > > > > >>
> > > > > > --
> > > > > > Dr. Sean Radford, MBBS, MSc
> > > > > > sra...@ae...
> > > > > > http://www.aegeus-technology.com
> > > > >
> > > > >
> > > > > http://ajmani.net
> > > > >
> > > > --
> > > > Dr. Sean Radford, MBBS, MSc
> > > > sra...@ae...
> > > > http://www.aegeus-technology.com
> > > >
> > > >
> > > >
> > --
> > Dr. Sean Radford, MBBS, MSc
> > sra...@ae...
> > http://www.aegeus-technology.com
> >
> >
> >
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by Sleepycat Software
> Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to
> deliver higher performing products faster, at low TCO.
> http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
> _______________________________________________
> Jsdsi-users mailing list
> Jsd...@li...
> https://lists.sourceforge.net/lists/listinfo/jsdsi-users
--
Dr. Sean Radford, MBBS, MSc
sra...@ae...
http://www.aegeus-technology.com
|
|
From: Sameer A. <aj...@cs...> - 2004-05-06 00:18:54
|
Okay,
I've checked in a change that allows Proofs to be parsed via Obj.parseObj
(or Proof.parseProof), which means you can use ObjInput/OutputStreams to
transfer them. I haven't tested this yet, though, so just let me know if
it's broken :)
Sameer
> Following up Mr. Ajmani's previous email, he suggested me to rewrite in
> following way:
> Client:
> FileOutputStream pd_file_out = new
> FileOutputStream("server_agent_queue.txt",
> true);
> jsdsi.sexp.ObjOutputStream pd_oos = new
> jsdsi.sexp.ObjOutputStream(pd_file_out);
> ==> pd_oos.writeCanonical(proof.getSequence());
> pd_file_out.close();
>
> Server:
> FileInputStream file_in = new
> FileInputStream("server_agent_queue.txt"); jsdsi.sexp.ObjInputStream
> ois = new jsdsi.sexp.ObjInputStream(fis); while (true) {
> if (ois.available() > 0) {
> ==> jsdsi.Proof pf = new Proof (Certificate.fromSequence
> ((jsdsi.Sequence) ois.readObj()));
> break;
> }
> }
>
> Then, I tried this method, and come up the following questions and
> output: So the client's proof before send out is
> (proof
>
> Result cert ==>
> (cert
> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> (subject (public-key (rsa (e #03#) (n SCS_F)))))
>
> 5 Proof sequence ==>
> (sequence
> (cert
> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> (signature
> (hash md5 HASH-VALUE)
> (public-key (rsa (e #03#) (n MATT)))
> (rsa-pkcs1-md5 SIGNATURE-VALUE))
> ....
> (cert
> (issuer (name (public-key (rsa (e #03#) (n SCS))) scs_faculty))
> (subject (public-key (rsa (e #03#) (n SCS_F)))))
> (signature
> (hash md5 HASH-VALUE)
> (public-key (rsa (e #03#) (n SCS)))
> (rsa-pkcs1-md5 SIGNATURE-VALUE))))
>
> Then the result server get is:
> (proof
> (cert
> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> (sequence
> (cert
> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> (signature
> (hash md5 HASH-VALUE)
> (public-key (rsa (e #03#) (n MATT)))
> (rsa-pkcs1-md5 SIGNATURE-VALUE))))
>
> which is only one of original proof certificates and its resutl proof
> cert is changed also!
>
> Then my questions again are:
> 1. If my client side supplies a proof that actually composes of 5 proofs
> sequence certificates with 1 proof result cert in above fashion:
> However, by using Mr. Ajmani's previous method, I can only receive
> one
> proof which is the very first one and the result proof cert is changed
> too!
> So my questions are how to maintain result proof cert intact and how
> to
> compose serveral proofs into one proof
> (I tried the way that client ship certifcates one by one which is
> from
> proof.getCertificates() then server builds proofs by received
> certificates then server uses proof.compose(proof) to concatenate those
> 5 proof certificates to 1 proof but error is thrown when server try to
> compose and i don't think the result cert will retain in such way
> neither)
>
> 2. When run the CertPathValidator, which cert and certstore I should
> feed
> in CertPathParameters? (Is cert = (AclEntry which requests proofs)? Is
> certstore = (client/server certstore)? )
>
> Sorry about the confusion and thanks for your answering in advanced!
>
> Matt
>
> ----- Original Message -----
> From: "Sean Radford" <sra...@ae...>
> To: "Feng-Shuo" <fc...@an...>
> Cc: "Mr. Sameer Ajmani" <aj...@cs...>; "users jsdsi"
> <jsd...@li...>
> Sent: Wednesday, May 05, 2004 6:47 PM
> Subject: Re: <What's the correct way to send over Proof?>
>
>
>> Hi,
>>
>> Not entirely sure I follow what you mean, but do you mean that when
>> you read a file (called 'file-from-client.txt' for example)
>> containing:
>>
>> (proof
>> (cert
>> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
>> (subject (public-key (rsa (e #03#) (n SCS_F)))))
>> (sequence
>> (cert
>> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
>> (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
>> (signature
>> (hash md5 HASH-VALUE)
>> (public-key (rsa (e #03#) (n MATT)))
>> (rsa-pkcs1-md5 SIGNATURE-VALUE))
>> ... [3 cert/signature pairs not included for brevity] ...
>> (cert
>> (issuer (name (public-key (rsa (e #03#) (n SCS))) scs_faculty))
>> (subject (public-key (rsa (e #03#) (n SCS_F)))))
>> (signature
>> (hash md5 HASH-VALUE)
>> (public-key (rsa (e #03#) (n SCS)))
>> (rsa-pkcs1-md5 SIGNATURE-VALUE))))
>>
>>
>> using something like:
>>
>> FileInputStream fis = new FileInputStream("file-from-client.txt");
>> jsdsi.sexp.ObjInputStream ois = new
>> jsdsi.sexp.ObjInputStream(fis);
>> jsdsi.Proof proof = (jsdsi.Proof) ois.readObj();
>>
>> you get the Proof:
>>
>> (proof
>> (cert
>> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
>> (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
>> (sequence
>> (cert
>> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
>> (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
>> (signature
>> (hash md5 HASH-VALUE)
>> (public-key (rsa (e #03#) (n MATT)))
>> (rsa-pkcs1-md5 SIGNATURE-VALUE))))
>>
>> ?
>>
>>
>>
>> On Wed, 2004-05-05 at 22:54, Feng-Shuo wrote:
>> > Other questions about proof transmission:
>> > 1. If my client side supplies a proof that actually composes of 5
>> proofs sequence certificates with 1 proof result cert in following
>> fashion:
>> > However, by using above method, I can only receive one proof
>> which
> is
>> > the very first one and the result proof cert is changed too!
>> > So my questions are how to maintain result proof cert intact and
>> how
> to
>> > compose serveral proofs into one proof
>> > (I tried the way that client ship proof.getCertificates one by
>> one
> then
>> > server build proofs by certificates then I use proof.compose to
> concatenate
>> > those 5 proof certificates but error is thrown when compose! and i
>> don't think the result cert will retain in such way neither)
>> >
>> > 2. When run the CertPathValidator, which cert and certstore I
>> should
> feed
>> > in CertPathParameters? (Is cert = AclEntry which requestd proofs? Is
>> certstore = client/server certstore? )
>> >
>> > Client:
>> > (proof
>> >
>> > Result cert ==>
>> > (cert
>> > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
>> (subject (public-key (rsa (e #03#) (n SCS_F)))))
>> >
>> > 5 Proof sequence ==>
>> > (sequence
>> > (cert
>> > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
>> (subject (name (public-key (rsa (e #03#) (n NORMAN)))
>> advisee)))
>> > (signature
>> > (hash md5 HASH-VALUE)
>> > (public-key (rsa (e #03#) (n MATT)))
>> > (rsa-pkcs1-md5 SIGNATURE-VALUE))
>> > ....
>> > (cert
>> > (issuer (name (public-key (rsa (e #03#) (n SCS)))
>> scs_faculty)) (subject (public-key (rsa (e #03#) (n SCS_F)))))
>> > (signature
>> > (hash md5 HASH-VALUE)
>> > (public-key (rsa (e #03#) (n SCS)))
>> > (rsa-pkcs1-md5 SIGNATURE-VALUE))))
>> >
>> > Server:
>> > (proof
>> > (cert
>> > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
>> (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
>> > (sequence
>> > (cert
>> > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
>> (subject (name (public-key (rsa (e #03#) (n NORMAN)))
>> advisee)))
>> > (signature
>> > (hash md5 HASH-VALUE)
>> > (public-key (rsa (e #03#) (n MATT)))
>> > (rsa-pkcs1-md5 SIGNATURE-VALUE))))
>> >
>> >
>> >
>> > ----- Original Message -----
>> > From: "Sean Radford" <sra...@ae...>
>> > To: "Mr. Sameer Ajmani" <aj...@cs...>
>> > Cc: <fc...@an...>; "users jsdsi"
>> > <jsd...@li...>
>> > Sent: Wednesday, May 05, 2004 4:57 PM
>> > Subject: Re: <What's the correct way to send over Proof?>
>> >
>> >
>> > > On Wed, 2004-05-05 at 21:49, Sameer Ajmani wrote:
>> > > > Good idea. The site should also include a HOWTO for several
>> common
>
>> > tasks:
>> > > > creating keys, certificates, signatures, proofs, writing and
>> reading
>> > these
>> > > > from a file or the network, etc.
>> > > >
>> > > Another good idea... I'll try to make a start on that this w/e
>> (the HOWTO) - if the Proof stuff isn't done by then I'll try for
>> that
> too....
>> > >
>> > >
>> > > Sean
>> > >
>> > > > Sameer
>> > > >
>> > > > > On Wed, 2004-05-05 at 12:16, Sameer Ajmani wrote:
>> > > > >> You can transfer a Proof as a Sequence (using
>> proof.getSequence).
>> > But
>> > > > >> we should probably add support for transferring it just as a
> Proof.
>> > > > >> The reason I didn't in the firts place is because Proof isn't
>> > actually
>> > > > >> an official SPKI/SDSI datatype---it's specific to JSDSI.
>> > > > >>
>> > > > >
>> > > > > I'd vote for making Proof SExpression'able (and consequently
> implement
>> > > > > java.io.Serializable). Just seems sensible and thinking about
> it... I
>> > > > > hit the same problem (but never got round to raising the
>> issue)
> about
>> > a
>> > > > > year ago!
>> > > > >
>> > > > > Guess we should be adding things like this to the 'Future
>> Work'
>> > section
>> > > > > of the site (so we don't forget them) - until we get an issue
> tracking
>> > > > > application going...
>> > > > >
>> > > > > Regards,
>> > > > >
>> > > > > Sean
>> > > > >
>> > > > >> Sameer
>> > > > >>
>> > > > >> > Dear Sameer, Sean, and jsdsi experts,
>> > > > >> >
>> > > > >> > Orignial NameCert or AuthCert which are be embedded in
> Certifcate
>> > > > >> can be sent and receive well by using CertificateFactory
>> Engine
> But
>> > > > >> now, after the client generates proof from certificate
>> discovery, how should I send this over correctly? Currently,
>> I try to use jsdsi.ObjOutputStream and jsdsi.ObjInputStream:
>> Client:
>> > > > >> > FileOutputStream pd_file_out = new
>> > > > >> > FileOutputStream("server_agent_queue.txt", true);
>> > > > >> > jsdsi.sexp.ObjOutputStream pd_oos = new
>> > > > >> > jsdsi.sexp.ObjOutputStream(pd_file_out);
>> > > > >> > pd_oos.writeCanonical(proof);
>> > > > >> > pd_file_out.close();
>> > > > >> >
>> > > > >> > Server:
>> > > > >> > FileInputStream file_in = new
>> > > > >> > FileInputStream("server_agent_queue.txt");
>> > jsdsi.sexp.ObjInputStream
>> > > > >> ois = new jsdsi.sexp.ObjInputStream(fis); while (true) {
>> > > > >> > if (ois.available() > 0) {
>> > > > >> > ===> jsdsi.Proof pf = (jsdsi.Proof)
>> ois.readObj();
>> > > > >> > break;
>> > > > >> > }
>> > > > >> > }
>> > > > >> >
>> > > > >> > But it occures following error on ===> line:
>> > > > >> > jsdsi.sexp.SexpParseException: unrecognized object type:
>> proof
>> > > > >> >
>> > > > >> > Any idea, please? and Thanks for answer in advanced!
>> > > > >> >
>> > > > >> > Sincerely,
>> > > > >> >
>> > > > >> > Matt
>> > > > >>
>> > > > >>
>> > > > >> http://ajmani.net
>> > > > >>
>> > > > > --
>> > > > > Dr. Sean Radford, MBBS, MSc
>> > > > > sra...@ae...
>> > > > > http://www.aegeus-technology.com
>> > > >
>> > > >
>> > > > http://ajmani.net
>> > > >
>> > > --
>> > > Dr. Sean Radford, MBBS, MSc
>> > > sra...@ae...
>> > > http://www.aegeus-technology.com
>> > >
>> > >
>> > >
>> --
>> Dr. Sean Radford, MBBS, MSc
>> sra...@ae...
>> http://www.aegeus-technology.com
http://ajmani.net
|
|
From: Feng-Shuo <fc...@an...> - 2004-05-05 23:43:29
|
Following up Mr. Ajmani's previous email, he suggested me to rewrite in
following way:
Client:
FileOutputStream pd_file_out = new
FileOutputStream("server_agent_queue.txt",
true);
jsdsi.sexp.ObjOutputStream pd_oos = new
jsdsi.sexp.ObjOutputStream(pd_file_out);
==> pd_oos.writeCanonical(proof.getSequence());
pd_file_out.close();
Server:
FileInputStream file_in = new FileInputStream("server_agent_queue.txt");
jsdsi.sexp.ObjInputStream ois = new jsdsi.sexp.ObjInputStream(fis);
while (true) {
if (ois.available() > 0) {
==> jsdsi.Proof pf = new Proof (Certificate.fromSequence
((jsdsi.Sequence) ois.readObj()));
break;
}
}
Then, I tried this method, and come up the following questions and output:
So the client's proof before send out is
(proof
Result cert ==>
(cert
(issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
(subject (public-key (rsa (e #03#) (n SCS_F)))))
5 Proof sequence ==>
(sequence
(cert
(issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
(subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
(signature
(hash md5 HASH-VALUE)
(public-key (rsa (e #03#) (n MATT)))
(rsa-pkcs1-md5 SIGNATURE-VALUE))
....
(cert
(issuer (name (public-key (rsa (e #03#) (n SCS))) scs_faculty))
(subject (public-key (rsa (e #03#) (n SCS_F)))))
(signature
(hash md5 HASH-VALUE)
(public-key (rsa (e #03#) (n SCS)))
(rsa-pkcs1-md5 SIGNATURE-VALUE))))
Then the result server get is:
(proof
(cert
(issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
(subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
(sequence
(cert
(issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
(subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
(signature
(hash md5 HASH-VALUE)
(public-key (rsa (e #03#) (n MATT)))
(rsa-pkcs1-md5 SIGNATURE-VALUE))))
which is only one of original proof certificates and its resutl proof cert
is changed also!
Then my questions again are:
1. If my client side supplies a proof that actually composes of 5 proofs
sequence certificates with 1 proof result cert in above fashion:
However, by using Mr. Ajmani's previous method, I can only receive one
proof which is the very first one and the result proof cert is changed too!
So my questions are how to maintain result proof cert intact and how to
compose serveral proofs into one proof
(I tried the way that client ship certifcates one by one which is from
proof.getCertificates() then server builds proofs by received certificates
then server uses proof.compose(proof) to concatenate those 5 proof
certificates to 1 proof but error is thrown when server try to compose and i
don't think the result cert will retain in such way neither)
2. When run the CertPathValidator, which cert and certstore I should feed
in CertPathParameters? (Is cert = (AclEntry which requests proofs)? Is
certstore = (client/server certstore)? )
Sorry about the confusion and thanks for your answering in advanced!
Matt
----- Original Message -----
From: "Sean Radford" <sra...@ae...>
To: "Feng-Shuo" <fc...@an...>
Cc: "Mr. Sameer Ajmani" <aj...@cs...>; "users jsdsi"
<jsd...@li...>
Sent: Wednesday, May 05, 2004 6:47 PM
Subject: Re: <What's the correct way to send over Proof?>
> Hi,
>
> Not entirely sure I follow what you mean, but do you mean that when you
> read a file (called 'file-from-client.txt' for example) containing:
>
> (proof
> (cert
> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> (subject (public-key (rsa (e #03#) (n SCS_F)))))
> (sequence
> (cert
> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> (signature
> (hash md5 HASH-VALUE)
> (public-key (rsa (e #03#) (n MATT)))
> (rsa-pkcs1-md5 SIGNATURE-VALUE))
> ... [3 cert/signature pairs not included for brevity] ...
> (cert
> (issuer (name (public-key (rsa (e #03#) (n SCS))) scs_faculty))
> (subject (public-key (rsa (e #03#) (n SCS_F)))))
> (signature
> (hash md5 HASH-VALUE)
> (public-key (rsa (e #03#) (n SCS)))
> (rsa-pkcs1-md5 SIGNATURE-VALUE))))
>
>
> using something like:
>
> FileInputStream fis = new FileInputStream("file-from-client.txt");
> jsdsi.sexp.ObjInputStream ois = new
> jsdsi.sexp.ObjInputStream(fis);
> jsdsi.Proof proof = (jsdsi.Proof) ois.readObj();
>
> you get the Proof:
>
> (proof
> (cert
> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> (sequence
> (cert
> (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> (signature
> (hash md5 HASH-VALUE)
> (public-key (rsa (e #03#) (n MATT)))
> (rsa-pkcs1-md5 SIGNATURE-VALUE))))
>
> ?
>
>
>
> On Wed, 2004-05-05 at 22:54, Feng-Shuo wrote:
> > Other questions about proof transmission:
> > 1. If my client side supplies a proof that actually composes of 5 proofs
> > sequence certificates with 1 proof result cert in following fashion:
> > However, by using above method, I can only receive one proof which
is
> > the very first one and the result proof cert is changed too!
> > So my questions are how to maintain result proof cert intact and how
to
> > compose serveral proofs into one proof
> > (I tried the way that client ship proof.getCertificates one by one
then
> > server build proofs by certificates then I use proof.compose to
concatenate
> > those 5 proof certificates but error is thrown when compose! and i don't
> > think the result cert will retain in such way neither)
> >
> > 2. When run the CertPathValidator, which cert and certstore I should
feed
> > in CertPathParameters? (Is cert = AclEntry which requestd proofs? Is
> > certstore = client/server certstore? )
> >
> > Client:
> > (proof
> >
> > Result cert ==>
> > (cert
> > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> > (subject (public-key (rsa (e #03#) (n SCS_F)))))
> >
> > 5 Proof sequence ==>
> > (sequence
> > (cert
> > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> > (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> > (signature
> > (hash md5 HASH-VALUE)
> > (public-key (rsa (e #03#) (n MATT)))
> > (rsa-pkcs1-md5 SIGNATURE-VALUE))
> > ....
> > (cert
> > (issuer (name (public-key (rsa (e #03#) (n SCS))) scs_faculty))
> > (subject (public-key (rsa (e #03#) (n SCS_F)))))
> > (signature
> > (hash md5 HASH-VALUE)
> > (public-key (rsa (e #03#) (n SCS)))
> > (rsa-pkcs1-md5 SIGNATURE-VALUE))))
> >
> > Server:
> > (proof
> > (cert
> > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> > (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> > (sequence
> > (cert
> > (issuer (name (public-key (rsa (e #03#) (n MATT))) advisor))
> > (subject (name (public-key (rsa (e #03#) (n NORMAN))) advisee)))
> > (signature
> > (hash md5 HASH-VALUE)
> > (public-key (rsa (e #03#) (n MATT)))
> > (rsa-pkcs1-md5 SIGNATURE-VALUE))))
> >
> >
> >
> > ----- Original Message -----
> > From: "Sean Radford" <sra...@ae...>
> > To: "Mr. Sameer Ajmani" <aj...@cs...>
> > Cc: <fc...@an...>; "users jsdsi"
> > <jsd...@li...>
> > Sent: Wednesday, May 05, 2004 4:57 PM
> > Subject: Re: <What's the correct way to send over Proof?>
> >
> >
> > > On Wed, 2004-05-05 at 21:49, Sameer Ajmani wrote:
> > > > Good idea. The site should also include a HOWTO for several common
> > tasks:
> > > > creating keys, certificates, signatures, proofs, writing and reading
> > these
> > > > from a file or the network, etc.
> > > >
> > > Another good idea... I'll try to make a start on that this w/e (the
> > > HOWTO) - if the Proof stuff isn't done by then I'll try for that
too....
> > >
> > >
> > > Sean
> > >
> > > > Sameer
> > > >
> > > > > On Wed, 2004-05-05 at 12:16, Sameer Ajmani wrote:
> > > > >> You can transfer a Proof as a Sequence (using proof.getSequence).
> > But
> > > > >> we should probably add support for transferring it just as a
Proof.
> > > > >> The reason I didn't in the firts place is because Proof isn't
> > actually
> > > > >> an official SPKI/SDSI datatype---it's specific to JSDSI.
> > > > >>
> > > > >
> > > > > I'd vote for making Proof SExpression'able (and consequently
implement
> > > > > java.io.Serializable). Just seems sensible and thinking about
it... I
> > > > > hit the same problem (but never got round to raising the issue)
about
> > a
> > > > > year ago!
> > > > >
> > > > > Guess we should be adding things like this to the 'Future Work'
> > section
> > > > > of the site (so we don't forget them) - until we get an issue
tracking
> > > > > application going...
> > > > >
> > > > > Regards,
> > > > >
> > > > > Sean
> > > > >
> > > > >> Sameer
> > > > >>
> > > > >> > Dear Sameer, Sean, and jsdsi experts,
> > > > >> >
> > > > >> > Orignial NameCert or AuthCert which are be embedded in
Certifcate
> > > > >> can be sent and receive well by using CertificateFactory Engine
But
> > > > >> now, after the client generates proof from certificate discovery,
> > > > >> how should I send this over correctly? Currently, I try to use
> > > > >> jsdsi.ObjOutputStream and jsdsi.ObjInputStream: Client:
> > > > >> > FileOutputStream pd_file_out = new
> > > > >> > FileOutputStream("server_agent_queue.txt", true);
> > > > >> > jsdsi.sexp.ObjOutputStream pd_oos = new
> > > > >> > jsdsi.sexp.ObjOutputStream(pd_file_out);
> > > > >> > pd_oos.writeCanonical(proof);
> > > > >> > pd_file_out.close();
> > > > >> >
> > > > >> > Server:
> > > > >> > FileInputStream file_in = new
> > > > >> > FileInputStream("server_agent_queue.txt");
> > jsdsi.sexp.ObjInputStream
> > > > >> ois = new jsdsi.sexp.ObjInputStream(fis); while (true) {
> > > > >> > if (ois.available() > 0) {
> > > > >> > ===> jsdsi.Proof pf = (jsdsi.Proof) ois.readObj();
> > > > >> > break;
> > > > >> > }
> > > > >> > }
> > > > >> >
> > > > >> > But it occures following error on ===> line:
> > > > >> > jsdsi.sexp.SexpParseException: unrecognized object type: proof
> > > > >> >
> > > > >> > Any idea, please? and Thanks for answer in advanced!
> > > > >> >
> > > > >> > Sincerely,
> > > > >> >
> > > > >> > Matt
> > > > >>
> > > > >>
> > > > >> http://ajmani.net
> > > > >>
> > > > > --
> > > > > Dr. Sean Radford, MBBS, MSc
> > > > > sra...@ae...
> > > > > http://www.aegeus-technology.com
> > > >
> > > >
> > > > http://ajmani.net
> > > >
> > > --
> > > Dr. Sean Radford, MBBS, MSc
> > > sra...@ae...
> > > http://www.aegeus-technology.com
> > >
> > >
> > >
> --
> Dr. Sean Radford, MBBS, MSc
> sra...@ae...
> http://www.aegeus-technology.com
>
>
>
|
1 message has been excluded from this view by a project administrator.
