[Jsdsi-users] Re: Signed certificates
Status: Pre-Alpha
Brought to you by:
sajma
Menu
▾
▴
[Jsdsi-users] Re: Signed certificates
|
From: Sameer A. <aj...@gm...> - 2004-07-08 18:37:24
|
Ladislav,
There's no direct method to convert a Sequence into a Proof that you
can then verify, but it's pretty straightforward:
static Proof fromSequence(Sequence seq) {
Iterator elems =3D Arrays.asList(seq.getElements()).iterator();
Proof p =3D new Proof(Certificate.fromElements(elems));
while (elems.hasNext()) {
p =3D p.compose(new Proof(Certificate.fromElements(elems)));
}
return p;
}
Now you can just check that p.getCert() equals the cert you're looking for.
Sameer
Developers: we should probably add fromSequence() to the Proof class.
On Thu, 08 Jul 2004 18:38:30 +0200, Ladislav Huraj <hu...@fp...> wrote=
:
> Sameer,
>=20
> thanks for your help.
>=20
> Could I have one question more?
>=20
> Is there any possibility to verify only sequence which I obtained
> from proof.getSequence() (e.g. all certificates in the sequence were
> signed in right order respectively) automatically or I have to do it
> myself. For example if I don't trust the intermediary's signature.
>=20
> Thanks,
>=20
> Ladislav
>=20
>=20
> At 21:12 7. 7. 2004, you wrote:
> >Ladislav,
> >
> >Here's an easy way to do this:
> >1) The original prover creates a Proof p that contains hundreds of
> >Certificates.
> >2) A trusted intermediary checks p using p.verify(). If it's okay,
> >the intermediarycreates a new proof that summarizes the original one
> >as follows:
> >Proof newProof =3D new Proof(
> >new Certificate(p.getCert(),
> >Signature.create(keys, p.getCert(), 'rsa')));
> >3) The intermediary can now pass newProof to other verifiers. Since
> >these other verifiers trust the intermediary's signature, they don't
> >need the original proof.
> >
> >Hope this helps!
> >Sameer
> >
> >----- Original Message -----
> >From: Ladislav Huraj <hu...@fp...>
> >Date: Wed, 07 Jul 2004 20:20:07 +0200
> >Subject: Re: Signed certificates
> >To: Sameer Ajmani <aj...@gm...>
> >
> >
> >
> > Sameer,
> >
> >
> >
> >Is the idea here just to save time
> >in verification, i.e., rather than
> >
> >verifying the signatures on eact certificate in the chain, I can
> >just
> >
> >check one signature on the whole chain?
> >
> >Yes, this is really the purpose.
> >
> >
> >
> >If this is what you want, it should
> >be easy. First, create your
> >
> >Sequence of Certificates (perhaps using a jsdsi.Proof). Then create
> >a
> >
> >Signature for this Sequence. Finally, pass a summary of the
> >Sequence
> >
> >(what it actually means, e.g., A is authorized by B to do C) and
> >the
> >
> >Signature to the verifier. I don't even think you need to keep
> >the
> >
> >original sequence, because your verifier trusts the signature on
> >the
> >
> >summary anyway.
> >
> >
> >Sameer
> >
> >It seems it works.
> >
> >I thought it is not possible to create Sequence of
> >(jsdsi.Certificate)s. But function getSequence in
> >jsdsi.Proof returns similar Sequence and it seems this will be
> >sufficed.
> >
> >
> >
> >I=EF=BF=BDll try work with this.
>=20
>=20
> >
> >
> >
> >Thank you.
> >
> >
> >
> >Ladislav
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >-----------------------------------------
> >
> >Ladislav Huraj
> >
> >Dept. of Computer Science
> >
> >Faculty of Natural Sciences
> >
> >University of Matej Bel
> >
> >Tajovskeho 40
> >
> >974 01 Banska Bystrica
> >
> >Slovakia
> >
> >phone: 048/413 45 41-6 ext. 126
> >e-mail: hu...@fp...
>=20
> -----------------------------------------
> Ladislav Huraj
> Dept. of Computer Science
> Faculty of Natural Sciences
> University of Matej Bel
> Tajovskeho 40
> 974 01 Banska Bystrica
> Slovakia
> phone: 048/413 45 41-6 ext. 126
> e-mail: hu...@fp...
>=20
>
|
