Thread: [Jsdsi-users] Certificates and Trust
Status: Pre-Alpha
Brought to you by:
sajma
Menu
▾
▴
jsdsi-users
|
From: Somaya A. <som...@ya...> - 2005-10-25 10:08:11
|
Hi all, I am working on a project that is supposed to build trust management system. And I want to decide the type of certificate to work with. However Im a little bit confused as i don't have a strong background in PKI, I dont whether to use X.509v3 or SPKI certificates. So I would be really grateful if you answered my inquiries. First, in my system I need identity certificates, authorization certificates, and capability certificates. For Identity certificates, I need it not just to bind public keys to names, however I need it to bind the public key to more specific information (e.g. membership in a certain organization, age, student in a certain school, etc). For the capability certificate, I need it to bind the public key to a certain capability (e.g. providing a certain service) .. so which of them do u think is more appropriate in my case? Second, and incase of SPKI is more appropriate, do you think JSDSI would would be useful for me? I want a tool that let me create/generate spki certificates, delegate certificates, verify certificates and certification paths. Any further advice in this track is much appreciated. Thanks in advance Somaya __________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com |
|
From: Sameer A. <aj...@gm...> - 2005-10-25 13:30:26
|
SPKI should provide what you need. SPKI name certificates provide a very flexibly way to bind names to sets of keys and allows principals to delegate names, e.g.: K_MIT faculty -> K_MIT eecs_dept faculty This says MIT's name "faculty" includes the keys in MIT's EECS department's faculty. This name is resolved by resolving "K_MIT eecs_dept" to the EECS department key(s), then using that key to resolve faculty. And note that MIT can have another cert that adds more keys to its faculty set, e.g.: K_MIT faculty -> K_MIT physics_dept faculty For membership in a particular organization, you might represent this via names or via authorization certs; it depends on what you're trying to achieve. For example, name certs let you represent an organization as a set of public keys, e.g.: K_org_manager organization_members -> K_sameer This cert says the organization manager defines the groups "organization members" to include my public key. K_org_manager organization_members -> K_org_manager organization_members organization_members This cert says that organization members can further add more members via their own "organization_members" groups. But you can achieve some more flexibility with auth certificates. In particular, it's easies to express delegation of authority, and you can express more than just membership: K_org_manager (tag (* set member)) -> K_sameer K_org_manager (tag (* set member manager)) -> K_somaya These two certs delegate the "member" authorization to you and me, and also delegate the "manager" authorization to you. The *application* (i.e., access controller) for the group must interpret these authorization tags -- SPKI/SDSI doesn't interpret tags, it just knows how to combine them. Finally, note that the object of a certificate (the right-hand-side) need not be a key; it can be an "ObjectHash", i.e., an identifier for an arbitrary object. In particular, this ObjectHash could refer to a capability object that you define. But I think an auth certificate is a more direct way of representing a capability in SPKI/SDSI. S On 10/25/05, Somaya Aboulwafa <som...@ya...> wrote: > Hi all, > I am working on a project that is supposed to build > trust management system. And I want to decide the type > of certificate to work with. However I'm a little bit > confused as i don't have a strong background in PKI, I > don't whether to use X.509v3 or SPKI certificates. So > I would be really grateful if you answered my > inquiries. > > First, in my system I need identity certificates, > authorization certificates, and capability > certificates. For Identity certificates, I need it not > just to bind public keys to names, however I need it > to bind the public key to more specific information > (e.g. membership in a certain organization, age, > student in a certain school, etc). For the capability > certificate, I need it to bind the public key to a > certain capability (e.g. providing a certain service) > .. so which of them do u think is more appropriate in > my case? > > Second, and incase of SPKI is more appropriate, do you > think JSDSI would would be useful for me? I want a > tool that let me create/generate spki certificates, > delegate certificates, verify certificates and > certification paths. > > Any further advice in this track is much appreciated. > Thanks in advance > Somaya > > > > __________________________________ > Yahoo! FareChase: Search multiple travel sites in one click. > http://farechase.yahoo.com > > > ------------------------------------------------------- > This SF.Net email is sponsored by the JBoss Inc. > Get Certified Today * Register for a JBoss Training Course > Free Certification Exam for All Training Attendees Through End of 2005 > Visit http://www.jboss.com/services/certification for more information > _______________________________________________ > Jsdsi-users mailing list > Jsd...@li... > https://lists.sourceforge.net/lists/listinfo/jsdsi-users > > -- Sameer http://ajmani.net |
|
From: Somaya A. <som...@ya...> - 2005-10-27 13:47:01
|
Many thanks for your descriptive reply. I've downloaded JSDSI and tried to use it. But actually I felt that I miss some SPKI related basics and I need to further enhance my knowledge. So do u have any good resources about it to recommend other than the RFC2693 and RFC2692. Thanks again. Somaya --- Sameer Ajmani <aj...@gm...> wrote: > SPKI should provide what you need. SPKI name > certificates provide a > very flexibly way to bind names to sets of keys and > allows principals > to delegate names, e.g.: > K_MIT faculty -> K_MIT eecs_dept faculty > This says MIT's name "faculty" includes the keys in > MIT's EECS > department's faculty. This name is resolved by > resolving "K_MIT > eecs_dept" to the EECS department key(s), then using > that key to > resolve faculty. And note that MIT can have another > cert that adds > more keys to its faculty set, e.g.: > K_MIT faculty -> K_MIT physics_dept faculty > > For membership in a particular organization, you > might represent this > via names or via authorization certs; it depends on > what you're trying > to achieve. For example, name certs let you > represent an organization > as a set of public keys, e.g.: > K_org_manager organization_members -> K_sameer > This cert says the organization manager defines the > groups > "organization members" to include my public key. > K_org_manager organization_members -> > K_org_manager organization_members > organization_members > This cert says that organization members can further > add more members > via their own "organization_members" groups. > > But you can achieve some more flexibility with auth > certificates. In > particular, it's easies to express delegation of > authority, and you > can express more than just membership: > K_org_manager (tag (* set member)) -> K_sameer > K_org_manager (tag (* set member manager)) -> > K_somaya > > These two certs delegate the "member" authorization > to you and me, and > also delegate the "manager" authorization to you. > The *application* > (i.e., access controller) for the group must > interpret these > authorization tags -- SPKI/SDSI doesn't interpret > tags, it just knows > how to combine them. > > Finally, note that the object of a certificate (the > right-hand-side) > need not be a key; it can be an "ObjectHash", i.e., > an identifier for > an arbitrary object. In particular, this ObjectHash > could refer to a > capability object that you define. But I think an > auth certificate is > a more direct way of representing a capability in > SPKI/SDSI. > > S > > On 10/25/05, Somaya Aboulwafa > <som...@ya...> wrote: > > Hi all, > > I am working on a project that is supposed to > build > > trust management system. And I want to decide the > type > > of certificate to work with. However I'm a little > bit > > confused as i don't have a strong background in > PKI, I > > don't whether to use X.509v3 or SPKI certificates. > So > > I would be really grateful if you answered my > > inquiries. > > > > First, in my system I need identity certificates, > > authorization certificates, and capability > > certificates. For Identity certificates, I need it > not > > just to bind public keys to names, however I need > it > > to bind the public key to more specific > information > > (e.g. membership in a certain organization, age, > > student in a certain school, etc). For the > capability > > certificate, I need it to bind the public key to a > > certain capability (e.g. providing a certain > service) > > .. so which of them do u think is more appropriate > in > > my case? > > > > Second, and incase of SPKI is more appropriate, do > you > > think JSDSI would would be useful for me? I want a > > tool that let me create/generate spki > certificates, > > delegate certificates, verify certificates and > > certification paths. > > > > Any further advice in this track is much > appreciated. > > Thanks in advance > > Somaya > > > > > > > > __________________________________ > > Yahoo! FareChase: Search multiple travel sites in > one click. > > http://farechase.yahoo.com > > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by the JBoss Inc. > > Get Certified Today * Register for a JBoss > Training Course > > Free Certification Exam for All Training Attendees > Through End of 2005 > > Visit http://www.jboss.com/services/certification > for more information > > _______________________________________________ > > Jsdsi-users mailing list > > Jsd...@li... > > > https://lists.sourceforge.net/lists/listinfo/jsdsi-users > > > > > > > -- > Sameer > http://ajmani.net > > > ------------------------------------------------------- > This SF.Net email is sponsored by the JBoss Inc. > Get Certified Today * Register for a JBoss Training > Course > Free Certification Exam for All Training Attendees > Through End of 2005 > Visit http://www.jboss.com/services/certification > for more information > _______________________________________________ > Jsdsi-users mailing list > Jsd...@li... > https://lists.sourceforge.net/lists/listinfo/jsdsi-users > __________________________________ Yahoo! FareChase: Search multiple travel sites in one click. http://farechase.yahoo.com |
|
From: Sameer A. <aj...@gm...> - 2005-10-28 23:18:31
|
http://world.std.com/~cme/html/spki.html has a bunch of links. The RFCs are probably the best resource, though. S On 10/27/05, Somaya Aboulwafa <som...@ya...> wrote: > > Many thanks for your descriptive reply. > I've downloaded JSDSI and tried to use it. But > actually I felt that I miss some SPKI related basics > and I need to further enhance my knowledge. So do u > have any good resources about it to recommend other > than the RFC2693 and RFC2692. > Thanks again. > Somaya > > --- Sameer Ajmani <aj...@gm...> wrote: > > > SPKI should provide what you need. SPKI name > > certificates provide a > > very flexibly way to bind names to sets of keys and > > allows principals > > to delegate names, e.g.: > > K_MIT faculty -> K_MIT eecs_dept faculty > > This says MIT's name "faculty" includes the keys in > > MIT's EECS > > department's faculty. This name is resolved by > > resolving "K_MIT > > eecs_dept" to the EECS department key(s), then using > > that key to > > resolve faculty. And note that MIT can have another > > cert that adds > > more keys to its faculty set, e.g.: > > K_MIT faculty -> K_MIT physics_dept faculty > > > > For membership in a particular organization, you > > might represent this > > via names or via authorization certs; it depends on > > what you're trying > > to achieve. For example, name certs let you > > represent an organization > > as a set of public keys, e.g.: > > K_org_manager organization_members -> K_sameer > > This cert says the organization manager defines the > > groups > > "organization members" to include my public key. > > K_org_manager organization_members -> > > K_org_manager organization_members > > organization_members > > This cert says that organization members can further > > add more members > > via their own "organization_members" groups. > > > > But you can achieve some more flexibility with auth > > certificates. In > > particular, it's easies to express delegation of > > authority, and you > > can express more than just membership: > > K_org_manager (tag (* set member)) -> K_sameer > > K_org_manager (tag (* set member manager)) -> > > K_somaya > > > > These two certs delegate the "member" authorization > > to you and me, and > > also delegate the "manager" authorization to you. > > The *application* > > (i.e., access controller) for the group must > > interpret these > > authorization tags -- SPKI/SDSI doesn't interpret > > tags, it just knows > > how to combine them. > > > > Finally, note that the object of a certificate (the > > right-hand-side) > > need not be a key; it can be an "ObjectHash", i.e., > > an identifier for > > an arbitrary object. In particular, this ObjectHash > > could refer to a > > capability object that you define. But I think an > > auth certificate is > > a more direct way of representing a capability in > > SPKI/SDSI. > > > > S > > > > On 10/25/05, Somaya Aboulwafa > > <som...@ya...> wrote: > > > Hi all, > > > I am working on a project that is supposed to > > build > > > trust management system. And I want to decide the > > type > > > of certificate to work with. However I'm a little > > bit > > > confused as i don't have a strong background in > > PKI, I > > > don't whether to use X.509v3 or SPKI certificates. > > So > > > I would be really grateful if you answered my > > > inquiries. > > > > > > First, in my system I need identity certificates, > > > authorization certificates, and capability > > > certificates. For Identity certificates, I need it > > not > > > just to bind public keys to names, however I need > > it > > > to bind the public key to more specific > > information > > > (e.g. membership in a certain organization, age, > > > student in a certain school, etc). For the > > capability > > > certificate, I need it to bind the public key to a > > > certain capability (e.g. providing a certain > > service) > > > .. so which of them do u think is more appropriate > > in > > > my case? > > > > > > Second, and incase of SPKI is more appropriate, do > > you > > > think JSDSI would would be useful for me? I want a > > > tool that let me create/generate spki > > certificates, > > > delegate certificates, verify certificates and > > > certification paths. > > > > > > Any further advice in this track is much > > appreciated. > > > Thanks in advance > > > Somaya > > > > > > > > > > > > __________________________________ > > > Yahoo! FareChase: Search multiple travel sites in > > one click. > > > http://farechase.yahoo.com > > > > > > > > > > > > ------------------------------------------------------- > > > This SF.Net email is sponsored by the JBoss Inc. > > > Get Certified Today * Register for a JBoss > > Training Course > > > Free Certification Exam for All Training Attendees > > Through End of 2005 > > > Visit http://www.jboss.com/services/certification > > for more information > > > _______________________________________________ > > > Jsdsi-users mailing list > > > Jsd...@li... > > > > > > https://lists.sourceforge.net/lists/listinfo/jsdsi-users > > > > > > > > > > > > -- > > Sameer > > http://ajmani.net > > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by the JBoss Inc. > > Get Certified Today * Register for a JBoss Training > > Course > > Free Certification Exam for All Training Attendees > > Through End of 2005 > > Visit http://www.jboss.com/services/certification > > for more information > > _______________________________________________ > > Jsdsi-users mailing list > > Jsd...@li... > > > https://lists.sourceforge.net/lists/listinfo/jsdsi-users > > > > > > > __________________________________ > Yahoo! FareChase: Search multiple travel sites in one click. > http://farechase.yahoo.com > -- Sameer http://ajmani.net |
|
From: Somaya A. <som...@ya...> - 2005-10-31 14:08:10
|
Hi Sameer, I just want to know how could I have an offline version of the latest JSDSI Javadoc that is found @ http://jsdsi.sourceforge.net/apidocs/index.html. I have dowloaded stuff from the CVS, however the downloaded javadoc from the cvs is not up-to-date. Many Thanks, Somaya __________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com |
|
From: Sameer A. <aj...@gm...> - 2005-10-31 15:50:21
|
The easiest way will be for you to download the source and generate it yourself -- I don't have any simpler way to do it myself. S On 10/31/05, Somaya Aboulwafa <som...@ya...> wrote: > Hi Sameer, > > I just want to know how could I have an offline > version of the latest JSDSI Javadoc that is found @ > http://jsdsi.sourceforge.net/apidocs/index.html. > I have dowloaded stuff from the CVS, however the > downloaded javadoc from the cvs is not up-to-date. > > Many Thanks, > Somaya > > > > > > > __________________________________ > Yahoo! Mail - PC Magazine Editors' Choice 2005 > http://mail.yahoo.com > > > ------------------------------------------------------- > This SF.Net email is sponsored by the JBoss Inc. > Get Certified Today * Register for a JBoss Training Course > Free Certification Exam for All Training Attendees Through End of 2005 > Visit http://www.jboss.com/services/certification for more information > _______________________________________________ > Jsdsi-users mailing list > Jsd...@li... > https://lists.sourceforge.net/lists/listinfo/jsdsi-users > > -- Sameer http://ajmani.net |
|
From: Somaya A. <som...@ya...> - 2005-11-01 13:20:35
|
Hi,
I am trying to create a new keypair as follows:
KeyPair signer = KeyPairFactory.create(KeyEnum.RSA);
but I got the following Runtime Exception:
jsdsi.JsdsiRuntimeException:
java.security.NoSuchAlgorithmException: SPKI/RSA
KeyPairGenerator not available
at
jsdsi.util.KeyPairFactory.createKeyPairGenerator(KeyPairFactory.java:155)
at
jsdsi.util.KeyPairFactory.getKeyPairGenerator(KeyPairFactory.java:120)
at
jsdsi.util.KeyPairFactory.create(KeyPairFactory.java:102)
at
jsdsi.util.KeyPairFactory.create(KeyPairFactory.java:59)
So any idea about why is this happening and how to
overcome this?
Thanks,
Somaya
__________________________________
Start your day with Yahoo! - Make it your home page!
http://www.yahoo.com/r/hs
|
|
From: Sameer A. <aj...@gm...> - 2005-11-01 15:12:39
|
Sean, can you answer this? Looks like you wrote this code.
This like is somewhat suspect:
153 kpg =3D KeyPairGenerator.getInstance("SPKI/" + keyEnum.jdkN=
ame())
There's no KeyPairGenerator registered as "SPKI/RSA". If you remove
the "SPKI/", this should work (I think the Java RSA library is simply
"RSA"), but this is just a hack for now. Hopefully Sean has an idea
of how this was supposed to work :)
S
On 11/1/05, Somaya Aboulwafa <som...@ya...> wrote:
> Hi,
> I am trying to create a new keypair as follows:
>
> KeyPair signer =3D KeyPairFactory.create(KeyEnum.RSA);
>
> but I got the following Runtime Exception:
>
> jsdsi.JsdsiRuntimeException:
> java.security.NoSuchAlgorithmException: SPKI/RSA
> KeyPairGenerator not available
> at
> jsdsi.util.KeyPairFactory.createKeyPairGenerator(KeyPairFactory.java:155)
> at
> jsdsi.util.KeyPairFactory.getKeyPairGenerator(KeyPairFactory.java:120)
> at
> jsdsi.util.KeyPairFactory.create(KeyPairFactory.java:102)
> at
> jsdsi.util.KeyPairFactory.create(KeyPairFactory.java:59)
>
> So any idea about why is this happening and how to
> overcome this?
>
> Thanks,
> Somaya
>
>
>
> __________________________________
> Start your day with Yahoo! - Make it your home page!
> http://www.yahoo.com/r/hs
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by the JBoss Inc.
> Get Certified Today * Register for a JBoss Training Course
> Free Certification Exam for All Training Attendees Through End of 2005
> Visit http://www.jboss.com/services/certification for more information
> _______________________________________________
> Jsdsi-users mailing list
> Jsd...@li...
> https://lists.sourceforge.net/lists/listinfo/jsdsi-users
>
>
--
Sameer
http://ajmani.net
|
|
From: Somaya A. <som...@ya...> - 2005-11-02 10:02:02
|
Hi Sameer,
This is weird, as most of the test cases classes use
this way to create KeyPairs.
What is the difference between those 2 keyPair Objects
signer1 and signer2:
KeyPair signer1=jsdsi.RSAPublicKey.create();
KeyPair signer2 = KeyPairFactory.create(KeyEnum.RSA);
I have two other questions:
1- Is there any other ways to create KeyPair Objects??
2- How could I test whether two keys are identical or
not? Shall I use the equal method or it is not
overridden to test on the value rather than the
reference? .. Same question for signatures?
Thanks,
Somaya
--- Sameer Ajmani <aj...@gm...> wrote:
> Sean, can you answer this? Looks like you wrote
> this code.
>
> This like is somewhat suspect:
> 153 kpg =
> KeyPairGenerator.getInstance("SPKI/" +
> keyEnum.jdkName())
>
> There's no KeyPairGenerator registered as
> "SPKI/RSA". If you remove
> the "SPKI/", this should work (I think the Java RSA
> library is simply
> "RSA"), but this is just a hack for now. Hopefully
> Sean has an idea
> of how this was supposed to work :)
>
> S
>
> On 11/1/05, Somaya Aboulwafa
> <som...@ya...> wrote:
> > Hi,
> > I am trying to create a new keypair as follows:
> >
> > KeyPair signer =
> KeyPairFactory.create(KeyEnum.RSA);
> >
> > but I got the following Runtime Exception:
> >
> > jsdsi.JsdsiRuntimeException:
> > java.security.NoSuchAlgorithmException: SPKI/RSA
> > KeyPairGenerator not available
> > at
> >
>
jsdsi.util.KeyPairFactory.createKeyPairGenerator(KeyPairFactory.java:155)
> > at
> >
>
jsdsi.util.KeyPairFactory.getKeyPairGenerator(KeyPairFactory.java:120)
> > at
> >
>
jsdsi.util.KeyPairFactory.create(KeyPairFactory.java:102)
> > at
> >
>
jsdsi.util.KeyPairFactory.create(KeyPairFactory.java:59)
> >
> > So any idea about why is this happening and how to
> > overcome this?
> >
> > Thanks,
> > Somaya
> >
> >
> >
> > __________________________________
> > Start your day with Yahoo! - Make it your home
> page!
> > http://www.yahoo.com/r/hs
> >
> >
> >
>
-------------------------------------------------------
> > This SF.Net email is sponsored by the JBoss Inc.
> > Get Certified Today * Register for a JBoss
> Training Course
> > Free Certification Exam for All Training Attendees
> Through End of 2005
> > Visit http://www.jboss.com/services/certification
> for more information
> > _______________________________________________
> > Jsdsi-users mailing list
> > Jsd...@li...
> >
>
https://lists.sourceforge.net/lists/listinfo/jsdsi-users
> >
> >
>
>
> --
> Sameer
> http://ajmani.net
>
__________________________________
Yahoo! FareChase: Search multiple travel sites in one click.
http://farechase.yahoo.com
|
|
From: Sameer A. <aj...@gm...> - 2005-11-02 14:30:53
|
On 11/2/05, Somaya Aboulwafa <som...@ya...> wrote:
> Hi Sameer,
>
> This is weird, as most of the test cases classes use
> this way to create KeyPairs.
Ahhh -- I bet the problem is that you have not installed the Jsdsi
Provider. Try calling jsdsi.Provider.install() in your main.
>
> What is the difference between those 2 keyPair Objects
> signer1 and signer2:
> KeyPair signer1=3Djsdsi.RSAPublicKey.create();
> KeyPair signer2 =3D KeyPairFactory.create(KeyEnum.RSA);
>
> I have two other questions:
> 1- Is there any other ways to create KeyPair Objects??
> 2- How could I test whether two keys are identical or
> not? Shall I use the equal method or it is not
> overridden to test on the value rather than the
> reference? .. Same question for signatures?
I'm really not sure -- I did not write these classes and am not
familiar with them. Sean could answer these, but till then, reading
the code is the best plan :)
That said, Signature does indeed override equals() to compare-by-value.
Note sure about KeyPair; perhaps just read the code for equals().
S
>
> Thanks,
> Somaya
>
>
> --- Sameer Ajmani <aj...@gm...> wrote:
>
> > Sean, can you answer this? Looks like you wrote
> > this code.
> >
> > This like is somewhat suspect:
> > 153 kpg =3D
> > KeyPairGenerator.getInstance("SPKI/" +
> > keyEnum.jdkName())
> >
> > There's no KeyPairGenerator registered as
> > "SPKI/RSA". If you remove
> > the "SPKI/", this should work (I think the Java RSA
> > library is simply
> > "RSA"), but this is just a hack for now. Hopefully
> > Sean has an idea
> > of how this was supposed to work :)
> >
> > S
> >
> > On 11/1/05, Somaya Aboulwafa
> > <som...@ya...> wrote:
> > > Hi,
> > > I am trying to create a new keypair as follows:
> > >
> > > KeyPair signer =3D
> > KeyPairFactory.create(KeyEnum.RSA);
> > >
> > > but I got the following Runtime Exception:
> > >
> > > jsdsi.JsdsiRuntimeException:
> > > java.security.NoSuchAlgorithmException: SPKI/RSA
> > > KeyPairGenerator not available
> > > at
> > >
> >
> jsdsi.util.KeyPairFactory.createKeyPairGenerator(KeyPairFactory.java:155)
> > > at
> > >
> >
> jsdsi.util.KeyPairFactory.getKeyPairGenerator(KeyPairFactory.java:120)
> > > at
> > >
> >
> jsdsi.util.KeyPairFactory.create(KeyPairFactory.java:102)
> > > at
> > >
> >
> jsdsi.util.KeyPairFactory.create(KeyPairFactory.java:59)
> > >
> > > So any idea about why is this happening and how to
> > > overcome this?
> > >
> > > Thanks,
> > > Somaya
> > >
> > >
> > >
> > > __________________________________
> > > Start your day with Yahoo! - Make it your home
> > page!
> > > http://www.yahoo.com/r/hs
> > >
> > >
> > >
> >
> -------------------------------------------------------
> > > This SF.Net email is sponsored by the JBoss Inc.
> > > Get Certified Today * Register for a JBoss
> > Training Course
> > > Free Certification Exam for All Training Attendees
> > Through End of 2005
> > > Visit http://www.jboss.com/services/certification
> > for more information
> > > _______________________________________________
> > > Jsdsi-users mailing list
> > > Jsd...@li...
> > >
> >
> https://lists.sourceforge.net/lists/listinfo/jsdsi-users
> > >
> > >
> >
> >
> > --
> > Sameer
> > http://ajmani.net
> >
>
>
>
>
> __________________________________
> Yahoo! FareChase: Search multiple travel sites in one click.
> http://farechase.yahoo.com
>
--
Sameer
http://ajmani.net
|
|
From: Somaya A. <som...@ya...> - 2005-11-03 18:56:32
|
Thanks. But what does jsdsi.Provider.install() actually do ?
Sameer Ajmani <aj...@gm...> wrote:
On 11/2/05, Somaya Aboulwafa wrote:
> Hi Sameer,
>
> This is weird, as most of the test cases classes use
> this way to create KeyPairs.
Ahhh -- I bet the problem is that you have not installed the Jsdsi
Provider. Try calling jsdsi.Provider.install() in your main.
>
> What is the difference between those 2 keyPair Objects
> signer1 and signer2:
> KeyPair signer1=jsdsi.RSAPublicKey.create();
> KeyPair signer2 = KeyPairFactory.create(KeyEnum.RSA);
>
> I have two other questions:
> 1- Is there any other ways to create KeyPair Objects??
> 2- How could I test whether two keys are identical or
> not? Shall I use the equal method or it is not
> overridden to test on the value rather than the
> reference? .. Same question for signatures?
I'm really not sure -- I did not write these classes and am not
familiar with them. Sean could answer these, but till then, reading
the code is the best plan :)
That said, Signature does indeed override equals() to compare-by-value.
Note sure about KeyPair; perhaps just read the code for equals().
S
>
> Thanks,
> Somaya
>
>
> --- Sameer Ajmani wrote:
>
> > Sean, can you answer this? Looks like you wrote
> > this code.
> >
> > This like is somewhat suspect:
> > 153 kpg =
> > KeyPairGenerator.getInstance("SPKI/" +
> > keyEnum.jdkName())
> >
> > There's no KeyPairGenerator registered as
> > "SPKI/RSA". If you remove
> > the "SPKI/", this should work (I think the Java RSA
> > library is simply
> > "RSA"), but this is just a hack for now. Hopefully
> > Sean has an idea
> > of how this was supposed to work :)
> >
> > S
> >
> > On 11/1/05, Somaya Aboulwafa
> > wrote:
> > > Hi,
> > > I am trying to create a new keypair as follows:
> > >
> > > KeyPair signer =
> > KeyPairFactory.create(KeyEnum.RSA);
> > >
> > > but I got the following Runtime Exception:
> > >
> > > jsdsi.JsdsiRuntimeException:
> > > java.security.NoSuchAlgorithmException: SPKI/RSA
> > > KeyPairGenerator not available
> > > at
> > >
> >
> jsdsi.util.KeyPairFactory.createKeyPairGenerator(KeyPairFactory.java:155)
> > > at
> > >
> >
> jsdsi.util.KeyPairFactory.getKeyPairGenerator(KeyPairFactory.java:120)
> > > at
> > >
> >
> jsdsi.util.KeyPairFactory.create(KeyPairFactory.java:102)
> > > at
> > >
> >
> jsdsi.util.KeyPairFactory.create(KeyPairFactory.java:59)
> > >
> > > So any idea about why is this happening and how to
> > > overcome this?
> > >
> > > Thanks,
> > > Somaya
> > >
> > >
> > >
> > > __________________________________
> > > Start your day with Yahoo! - Make it your home
> > page!
> > > http://www.yahoo.com/r/hs
> > >
> > >
> > >
> >
> -------------------------------------------------------
> > > This SF.Net email is sponsored by the JBoss Inc.
> > > Get Certified Today * Register for a JBoss
> > Training Course
> > > Free Certification Exam for All Training Attendees
> > Through End of 2005
> > > Visit http://www.jboss.com/services/certification
> > for more information
> > > _______________________________________________
> > > Jsdsi-users mailing list
> > > Jsd...@li...
> > >
> >
> https://lists.sourceforge.net/lists/listinfo/jsdsi-users
> > >
> > >
> >
> >
> > --
> > Sameer
> > http://ajmani.net
> >
>
>
>
>
> __________________________________
> Yahoo! FareChase: Search multiple travel sites in one click.
> http://farechase.yahoo.com
>
--
Sameer
http://ajmani.net
-------------------------------------------------------
SF.Net email is sponsored by:
Tame your development challenges with Apache's Geronimo App Server. Download
it for free - -and be entered to win a 42" plasma tv or your very own
Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php
_______________________________________________
Jsdsi-users mailing list
Jsd...@li...
https://lists.sourceforge.net/lists/listinfo/jsdsi-users
"æóáóäóÈúáõæóäøóßõãú ÈöÔóíúÁò ãøöäó ÇáúÎóæÝú æóÇáúÌõæÚö æóäóÞúÕò ãøöäó ÇáÃóãóæóÇáö æóÇáÃäÝõÓö æóÇáËøóãóÑóÇÊö æóÈóÔøöÑö ÇáÕøóÇÈöÑöíä ÇáøóÐöíäó ÅöÐóÇ ÃóÕóÇÈóÊúåõã ãøõÕöíÈóÉñ ÞóÇáõæÇú ÅöäøóÇ áöáøåö æóÅöäøóÜÇ Åöáóíúåö ÑóÇÌöÚæäó ÃõæáóÜÆößó Úóáóíúåöãú ÕóáóæóÇÊñ ãøöä ÑøóÈøöåöãú æóÑóÍúãóÉñ æóÃõæáóÜÆößó åõãõ ÇáúãõåúÊóÏõæä" ÇáÈÞÑÉ 155- 157
---------------------------------
Yahoo! FareChase - Search multiple travel sites in one click. |
|
From: Sameer A. <aj...@gm...> - 2005-11-05 03:43:28
|
SXQgcmVnaXN0ZXJzIHRoZSBTUEtJIGNyeXB0b2dyYXBoaWMgcHJvdmlkZXIgd2l0aCB0aGUgSmF2 YSBydW50aW1lLiAKVGhlIEtleVBhaXJGYWN0b3J5IGNyZWF0aW9uIG1ldGhvZCB1c2VzIHRoZSBw cm92aWRlciB0byBmaW5kIHRoZQpjbGFzc2VzIGl0IG5lZWRzLgoKUwoKT24gMTEvMy8wNSwgU29t YXlhIEFib3Vsd2FmYSA8c29tYXlhX2FobWFkQHlhaG9vLmNvbT4gd3JvdGU6Cj4gVGhhbmtzLiBC dXQgd2hhdCBkb2VzICBqc2RzaS5Qcm92aWRlci5pbnN0YWxsKCkgYWN0dWFsbHkgZG8gPwo+Cj4g U2FtZWVyIEFqbWFuaSA8YWptYW5pQGdtYWlsLmNvbT4gd3JvdGU6Cj4gT24gMTEvMi8wNSwgU29t YXlhIEFib3Vsd2FmYSB3cm90ZToKPiA+IEhpIFNhbWVlciwKPiA+Cj4gPiBUaGlzIGlzIHdlaXJk LCBhcyBtb3N0IG9mIHRoZSB0ZXN0IGNhc2VzIGNsYXNzZXMgdXNlCj4gPiB0aGlzIHdheSB0byBj cmVhdGUgS2V5UGFpcnMuCj4KPiBBaGhoIC0tIEkgYmV0IHRoZSBwcm9ibGVtIGlzIHRoYXQgeW91 IGhhdmUgbm90IGluc3RhbGxlZCB0aGUgSnNkc2kKPiBQcm92aWRlci4gVHJ5IGNhbGxpbmcganNk c2kuUHJvdmlkZXIuaW5zdGFsbCgpIGluIHlvdXIgbWFpbi4KPgo+ID4KPiA+IFdoYXQgaXMgdGhl IGRpZmZlcmVuY2UgYmV0d2VlbiB0aG9zZSAyIGtleVBhaXIgT2JqZWN0cwo+ID4gc2lnbmVyMSBh bmQgc2lnbmVyMjoKPiA+IEtleVBhaXIgc2lnbmVyMT1qc2RzaS5SU0FQdWJsaWNLZXkuY3JlYXRl KCk7Cj4gPiBLZXlQYWlyIHNpZ25lcjIgPSBLZXlQYWlyRmFjdG9yeS5jcmVhdGUoS2V5RW51bS5S U0EpOwo+ID4KPiA+IEkgaGF2ZSB0d28gb3RoZXIgcXVlc3Rpb25zOgo+ID4gMS0gSXMgdGhlcmUg YW55IG90aGVyIHdheXMgdG8gY3JlYXRlIEtleVBhaXIgT2JqZWN0cz8/Cj4gPiAyLSBIb3cgY291 bGQgSSB0ZXN0IHdoZXRoZXIgdHdvIGtleXMgYXJlIGlkZW50aWNhbCBvcgo+ID4gbm90PyBTaGFs bCBJIHVzZSB0aGUgZXF1YWwgbWV0aG9kIG9yIGl0IGlzIG5vdAo+ID4gb3ZlcnJpZGRlbiB0byB0 ZXN0IG9uIHRoZSB2YWx1ZSByYXRoZXIgdGhhbiB0aGUKPiA+IHJlZmVyZW5jZT8gLi4gU2FtZSBx dWVzdGlvbiBmb3Igc2lnbmF0dXJlcz8KPgo+IEknbSByZWFsbHkgbm90IHN1cmUgLS0gSSBkaWQg bm90IHdyaXRlIHRoZXNlIGNsYXNzZXMgYW5kIGFtIG5vdAo+IGZhbWlsaWFyIHdpdGggdGhlbS4g U2VhbiBjb3VsZCBhbnN3ZXIgdGhlc2UsIGJ1dCB0aWxsIHRoZW4sIHJlYWRpbmcKPiB0aGUgY29k ZSBpcyB0aGUgYmVzdCBwbGFuIDopCj4KPiBUaGF0IHNhaWQsIFNpZ25hdHVyZSBkb2VzIGluZGVl ZCBvdmVycmlkZSBlcXVhbHMoKSB0byBjb21wYXJlLWJ5LXZhbHVlLgo+Cj4gTm90ZSBzdXJlIGFi b3V0IEtleVBhaXI7IHBlcmhhcHMganVzdCByZWFkIHRoZSBjb2RlIGZvciBlcXVhbHMoKS4KPiBT Cj4KPiA+Cj4gPiBUaGFua3MsCj4gPiBTb21heWEKPiA+Cj4gPgo+ID4gLS0tIFNhbWVlciBBam1h bmkgd3JvdGU6Cj4gPgo+ID4gPiBTZWFuLCBjYW4geW91IGFuc3dlciB0aGlzPyBMb29rcyBsaWtl IHlvdSB3cm90ZQo+ID4gPiB0aGlzIGNvZGUuCj4gPiA+Cj4gPiA+IFRoaXMgbGlrZSBpcyBzb21l d2hhdCBzdXNwZWN0Ogo+ID4gPiAxNTMga3BnID0KPiA+ID4gS2V5UGFpckdlbmVyYXRvci5nZXRJ bnN0YW5jZSgiU1BLSS8iICsKPiA+ID4ga2V5RW51bS5qZGtOYW1lKCkpCj4gPiA+Cj4gPiA+IFRo ZXJlJ3Mgbm8gS2V5UGFpckdlbmVyYXRvciByZWdpc3RlcmVkIGFzCj4gPiA+ICJTUEtJL1JTQSIu IElmIHlvdSByZW1vdmUKPiA+ID4gdGhlICJTUEtJLyIsIHRoaXMgc2hvdWxkIHdvcmsgKEkgdGhp bmsgdGhlIEphdmEgUlNBCj4gPiA+IGxpYnJhcnkgaXMgc2ltcGx5Cj4gPiA+ICJSU0EiKSwgYnV0 IHRoaXMgaXMganVzdCBhIGhhY2sgZm9yIG5vdy4gSG9wZWZ1bGx5Cj4gPiA+IFNlYW4gaGFzIGFu IGlkZWEKPiA+ID4gb2YgaG93IHRoaXMgd2FzIHN1cHBvc2VkIHRvIHdvcmsgOikKPiA+ID4KPiA+ ID4gUwo+ID4gPgo+ID4gPiBPbiAxMS8xLzA1LCBTb21heWEgQWJvdWx3YWZhCj4gPiA+IHdyb3Rl Ogo+ID4gPiA+IEhpLAo+ID4gPiA+IEkgYW0gdHJ5aW5nIHRvIGNyZWF0ZSBhIG5ldyBrZXlwYWly IGFzIGZvbGxvd3M6Cj4gPiA+ID4KPiA+ID4gPiBLZXlQYWlyIHNpZ25lciA9Cj4gPiA+IEtleVBh aXJGYWN0b3J5LmNyZWF0ZShLZXlFbnVtLlJTQSk7Cj4gPiA+ID4KPiA+ID4gPiBidXQgSSBnb3Qg dGhlIGZvbGxvd2luZyBSdW50aW1lIEV4Y2VwdGlvbjoKPiA+ID4gPgo+ID4gPiA+IGpzZHNpLkpz ZHNpUnVudGltZUV4Y2VwdGlvbjoKPiA+ID4gPiBqYXZhLnNlY3VyaXR5Lk5vU3VjaEFsZ29yaXRo bUV4Y2VwdGlvbjogU1BLSS9SU0EKPiA+ID4gPiBLZXlQYWlyR2VuZXJhdG9yIG5vdCBhdmFpbGFi bGUKPiA+ID4gPiBhdAo+ID4gPiA+Cj4gPiA+Cj4gPgo+IGpzZHNpLnV0aWwuS2V5UGFpckZhY3Rv cnkuY3JlYXRlS2V5UGFpckdlbmVyYXRvcihLZXlQYWlyRmFjdG9yeS5qYXZhOjE1NSkKPiA+ID4g PiBhdAo+ID4gPiA+Cj4gPiA+Cj4gPgo+IGpzZHNpLnV0aWwuS2V5UGFpckZhY3RvcnkuZ2V0S2V5 UGFpckdlbmVyYXRvcihLZXlQYWlyRmFjdG9yeS5qYXZhOjEyMCkKPiA+ID4gPiBhdAo+ID4gPiA+ Cj4gPiA+Cj4gPiBqc2RzaS51dGlsLktleVBhaXJGYWN0b3J5LmNyZWF0ZShLZXlQYWlyRmFjdG9y eS5qYXZhOjEwMikKPiA+ID4gPiBhdAo+ID4gPiA+Cj4gPiA+Cj4gPiBqc2RzaS51dGlsLktleVBh aXJGYWN0b3J5LmNyZWF0ZShLZXlQYWlyRmFjdG9yeS5qYXZhOjU5KQo+ID4gPiA+Cj4gPiA+ID4g U28gYW55IGlkZWEgYWJvdXQgd2h5IGlzIHRoaXMgaGFwcGVuaW5nIGFuZCBob3cgdG8KPiA+ID4g PiBvdmVyY29tZSB0aGlzPwo+ID4gPiA+Cj4gPiA+ID4gVGhhbmtzLAo+ID4gPiA+IFNvbWF5YQo+ ID4gPiA+Cj4gPiA+ID4KPiA+ID4gPgo+ID4gPiA+IF9fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX18KPiA+ID4gPiBTdGFydCB5b3VyIGRheSB3aXRoIFlhaG9vISAtIE1ha2UgaXQgeW91 ciBob21lCj4gPiA+IHBhZ2UhCj4gPiA+ID4gaHR0cDovL3d3dy55YWhvby5jb20vci9ocwo+ID4g PiA+Cj4gPiA+ID4KPiA+ID4gPgo+ID4gPgo+ID4gLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQo+ID4gPiA+IFRoaXMgU0YuTmV0IGVtYWlsIGlz IHNwb25zb3JlZCBieSB0aGUgSkJvc3MgSW5jLgo+ID4gPiA+IEdldCBDZXJ0aWZpZWQgVG9kYXkg KiBSZWdpc3RlciBmb3IgYSBKQm9zcwo+ID4gPiBUcmFpbmluZyBDb3Vyc2UKPiA+ID4gPiBGcmVl IENlcnRpZmljYXRpb24gRXhhbSBmb3IgQWxsIFRyYWluaW5nIEF0dGVuZGVlcwo+ID4gPiBUaHJv dWdoIEVuZCBvZiAyMDA1Cj4gPiA+ID4gVmlzaXQgaHR0cDovL3d3dy5qYm9zcy5jb20vc2Vydmlj ZXMvY2VydGlmaWNhdGlvbgo+ID4gPiBmb3IgbW9yZSBpbmZvcm1hdGlvbgo+ID4gPiA+IF9fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCj4gPiA+ID4gSnNkc2kt dXNlcnMgbWFpbGluZyBsaXN0Cj4gPiA+ID4gSnNkc2ktdXNlcnNAbGlzdHMuc291cmNlZm9yZ2Uu bmV0Cj4gPiA+ID4KPiA+ID4KPiA+IGh0dHBzOi8vbGlzdHMuc291cmNlZm9yZ2UubmV0L2xpc3Rz L2xpc3RpbmZvL2pzZHNpLXVzZXJzCj4gPiA+ID4KPiA+ID4gPgo+ID4gPgo+ID4gPgo+ID4gPiAt LQo+ID4gPiBTYW1lZXIKPiA+ID4gaHR0cDovL2FqbWFuaS5uZXQKPiA+ID4KPiA+Cj4gPgo+ID4K PiA+Cj4gPiBfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCj4gPiBZYWhvbyEgRmFy ZUNoYXNlOiBTZWFyY2ggbXVsdGlwbGUgdHJhdmVsIHNpdGVzIGluIG9uZSBjbGljay4KPiA+IGh0 dHA6Ly9mYXJlY2hhc2UueWFob28uY29tCj4gPgo+Cj4KPiAtLQo+IFNhbWVlcgo+IGh0dHA6Ly9h am1hbmkubmV0Cj4KPgo+IC0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0KPiBTRi5OZXQgZW1haWwgaXMgc3BvbnNvcmVkIGJ5Ogo+IFRhbWUgeW91 ciBkZXZlbG9wbWVudCBjaGFsbGVuZ2VzIHdpdGggQXBhY2hlJ3MgR2Vyb25pbW8gQXBwIFNlcnZl ci4gRG93bmxvYWQKPiBpdCBmb3IgZnJlZSAtIC1hbmQgYmUgZW50ZXJlZCB0byB3aW4gYSA0MiIg cGxhc21hIHR2IG9yIHlvdXIgdmVyeSBvd24KPiBTb255KHRtKVBTUC4gQ2xpY2sgaGVyZSB0byBw bGF5Ogo+IGh0dHA6Ly9zb3VyY2Vmb3JnZS5uZXQvZ2Vyb25pbW8ucGhwCj4gX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18KPiBKc2RzaS11c2VycyBtYWlsaW5n IGxpc3QKPiBKc2RzaS11c2Vyc0BsaXN0cy5zb3VyY2Vmb3JnZS5uZXQKPiBodHRwczovL2xpc3Rz LnNvdXJjZWZvcmdlLm5ldC9saXN0cy9saXN0aW5mby9qc2RzaS11c2Vycwo+Cj4KPgo+Cj4gICLZ hu+/vdmB77+92YTvv73YqO+/vdmB77+92Ybvv73ZhO+/ve+/ve+/ve+/vdmD77+9INio77+92LTv v73Zje+/vdih2ZIg2YPvv73vv73ZhO+/vSDYp9mB77+92K7vv73Zhu+/ve+/vSDZhu+/vdin2YHv v73YrO+/vdmG2Lrvv70g2Ybvv73ZhO+/ve+/ve+/vdi12ZIg2YPvv73vv73ZhO+/vQo+INin2YHY o++/vdmD77+92Ybvv73Yp9mB77+9INmG77+92KfZgdij2YTvv73vv73Ys++/vSDZhu+/vdin2YHY q++/ve+/vdmD77+92LHvv73Yp9iq77+9INmG77+92Kjvv73YtO+/ve+/vdix77+9INin2YHYte+/ ve+/vdin2Kjvv73Yse+/vdmN2YQg2KfZge+/ve+/vdiw77+92Y3ZhO+/vSDYpe+/vdiw77+92KcK PiDYo++/vdi177+92KfYqO+/vdiq77+92YXvv73ZgyDZg++/ve+/vdi177+92Y3YqO+/vdip2ZEg 77+977+92KfZge+/vdmG2Kfvv70g2KXvv73ZhO+/ve+/vdinINmB77+92YHvv73Zhe+/vSDZhu+/ vdil77+92YTvv73vv73vv73YpyDYpe+/vdmB77+92Y3vv73Zhe+/vSDYse+/vdin2Kzvv73YutmG 2YTvv70KPiDYo++/vdmG2YHvv73vv73Ypu+/ve+/ve+/vSDYuu+/vdmB77+92Y3vv73Zhe+/vdmD 77+9INi177+92YHvv73Zhu+/vdin2KrZkSDZg++/ve+/vdmEINix77+977+92Kjvv73vv73Zhe+/ vdmD77+9INmG77+92LHvv73Yre+/vdmD77+92KnZkSDZhu+/vdij77+92YbZge+/ve+/vdim77+9 77+977+9INmF77+92YPvv70KPiDYp9mB77+92YPvv73Zhe+/vdiq77+92K/vv73ZhtmEIiDYp9mB 2Kjvv73YsdipIDE1NS0gMTU3Cj4KPiAgX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX18K PiAgWWFob28hIEZhcmVDaGFzZSAtIFNlYXJjaCBtdWx0aXBsZSB0cmF2ZWwgc2l0ZXMgaW4gb25l IGNsaWNrLgo+Cj4KCgotLQpTYW1lZXIKaHR0cDovL2FqbWFuaS5uZXQK |
|
From: Somaya A. <som...@ya...> - 2006-01-05 07:32:05
|
Hi Sameer and everyone, Im using JSDSI with another framework (a Multiagent system framework). Agents in this framework have their own KeyPairs. Whenever I try to use those KeyPairs to create or sign certificates using JSDSI I got an exception. While if I used JSDSI with KeyPairs generated by JSDSI I got no exceptions So, would you plz help me to figure out the problem? Thanks in advance, Somaya __________________________________________ Yahoo! DSL Something to write home about. Just $16.99/mo. or less. dsl.yahoo.com |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X