Fwd: [Jsdsi-users] KeyStore
Status: Pre-Alpha
Brought to you by:
sajma
Menu
▾
▴
Fwd: [Jsdsi-users] KeyStore
|
From: Dav C. <dav...@gm...> - 2004-08-11 15:13:49
|
oops, missed the list
---------- Forwarded message ----------
Subject: Re: [Jsdsi-users] KeyStore
To: Luis Pedro <lp...@ne...>
Hi, thanks for the Provider.install(), that worked (with the addition
of cryptix32.jar to the classpath). I didn't expect to need to do
anything more to read the keystore than I needed to create it!
You're probably right about not needing certificate chains. I'm
writing this utility so I can try to understand how to use SPKI/SDSI,
but at the same time I'm working with the java.security package for
the first time so I'm not sure which parts of it to ignore. All I want
to do now is create some kind of store so that I can create a
principal keypair and save it to the filesystem in one invocation,
unlock it and load it back into memory in another invocation and then
use it to create a NameCert (sign another user's principal pubkey and
assign it a local name) and store the NameCert somewhere too. If I can
get all that working, I'll move on to the ACL stuff :)
Incidentally, if I can get this simple example utility working I'd be
happy to make the source of it publically available for others as a
resource. I'm hoping to get something together to demo at FOO Camp
this year, so I'll be working on this a lot over the next month or so.
On Wed, 11 Aug 2004 11:34:47 +0100, Luis Pedro <lp...@ne...> wrote:
> Hi (again) Dav,
>
> I've been looking better your example, and really don't understand why u
> want to create certifcate chains(spki is not like x509). U don't need to
> create certs chains, instead u have to proof your spki/sdsi certs. The id=
eia
> is to have "CertStore's" which contain spki/sdsi certs, with this CertSto=
re
> u i'll be able to make proofs of u certs. Take a better look at tests
> examples, like "CertPathTest".
>
>
>
> -- Lu=EDs Pedro
>
> _____________________
> yahoo: lpv_pt
> msn: lp...@ne...
>
> =BB -----Original Message-----
> =BB From: jsd...@li...
> =BB [mailto:jsd...@li...] On
> =BB Behalf Of Dav Coleman
> =BB Sent: quarta-feira, 11 de Agosto de 2004 6:00
> =BB To: jsd...@li...
> =BB Subject: [Jsdsi-users] KeyStore
> =BB
> =BB Hi,
> =BB
> =BB I'm trying to save a Private Key and Certificate to a KeyStore an=
d
> =BB then load it back. I'm able to create the keystore on the
> =BB file system
> =BB without throwing any exceptions, but when I try to load it I get
> =BB
> =BB java.security.cert.CertificateException: SPKI not found
> =BB at
> =BB java.security.cert.CertificateFactory.getInstance(Certific
> =BB ateFactory.java:191)
> =BB at
> =BB sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore
> =BB .java:670)
> =BB at java.security.KeyStore.load(KeyStore.java:652)
> =BB at com.s0ciety.demo.CLI.loadKeyStore(CLI.java:129)
> =BB
> =BB Any ideas on what would cause that?
> =BB
> =BB Here is the (I hope) relevant code snippets
> =BB
> =BB create and save keystore:
> =BB
> =BB pair =3D jsdsi.RSAPublicKey.create();
> =BB java.security.PrivateKey privKey =3D pair.getPrivate();
> =BB java.security.PublicKey pubKey =3D pair.getPublic();
> =BB
> =BB jsdsi.RSAPublicKey jsdsiPubKey =3D
> =BB (jsdsi.RSAPublicKey)pair.getPublic();
> =BB Date expire =3D new Date(now.getTime() + (86400 * 30));
> =BB jsdsi.Validity validity =3D new jsdsi.Validity(now, expire);
> =BB jsdsi.Cert cert =3D new jsdsi.NameCert(jsdsiPubKey,
> =BB jsdsiPubKey,
> =BB validity, "display hint", "blah... comment field", "my
> =BB jsdsi pubkey");
> =BB jsdsi.Hash hash =3D new jsdsi.Hash("MD5", cert.toByteArray(=
));
> =BB jsdsi.Signature signature =3D null;
> =BB jsdsi.Principal principal =3D (jsdsi.Principal)
> =BB pair.getPublic();
> =BB signature =3D jsdsi.Signature.create(pair, cert,
> =BB "MD5withRSA");
> =BB jsdsi.Certificate certificate =3D new
> =BB jsdsi.Certificate(cert, signature);
> =BB jsdsi.Certificate[] certificate_chain =3D new
> =BB jsdsi.Certificate[]
> =BB { certificate };
> =BB // Create an empty keystore object
> =BB keystore =3D KeyStore.getInstance(KeyStore.getDefaultType()=
);
> =BB keystore.load(null, password.toCharArray()); // null input
> =BB stream to create empty keystore
> =BB keystore.setKeyEntry("myalias", privKey,
> =BB password.toCharArray(),
> =BB certificate_chain);
> =BB // Save the new keystore contents
> =BB FileOutputStream out =3D new FileOutputStream(keystoreFile)=
;
> =BB keystore.store(out, password.toCharArray());
> =BB out.close();
> =BB
> =BB load keystore:
> =BB
> =BB FileInputStream fis =3D new FileInputStream(file);
> =BB keystore =3D KeyStore.getInstance(KeyStore.getDefaultType()=
);
> =BB keystore.load(fis, password.toCharArray());
> =BB fis.close();
> =BB System.out.println("- keystore loaded");
> =BB System.out.println("- contains "+keyStore.size()+"
> =BB entries");
> =BB
> =BB
> =BB Are there any code examples available for integrating
> =BB JSDSI into an
> =BB application? I've read a lot of docs and published papers
> =BB online and I
> =BB think I have a basic understanding of SPKI/SDSI
> =BB capabilities, but I'm
> =BB completely new to PKI application development so I feel a
> =BB little lost.
> =BB
> =BB --
> =BB Dav Coleman
> =BB http://AkuAku.org/
> =BB
> =BB
> =BB -------------------------------------------------------
> =BB SF.Net email is sponsored by Shop4tech.com-Lowest price
> =BB on Blank Media
> =BB 100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
> =BB Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
> =BB http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
> =BB _______________________________________________
> =BB Jsdsi-users mailing list
> =BB Jsd...@li...
> =BB https://lists.sourceforge.net/lists/listinfo/jsdsi-users
>
>
--
Dav Coleman
http://AkuAku.org/
--=20
Dav Coleman
http://AkuAku.org/
|
