Re: Fwd: [Jsdsi-users] KeyStore
Status: Pre-Alpha
Brought to you by:
sajma
Menu
▾
▴
Re: Fwd: [Jsdsi-users] KeyStore
|
From: Sean R. <sra...@ae...> - 2004-08-12 23:52:06
|
Dav Coleman wrote:
>On Thu, 12 Aug 2004 11:23:22 +0100, Sean Radford
><sra...@ae...> wrote:
>
>
>Hi Sean,
>
>I have to admit I'm still a little confused. I took a look at the
>CertPathTest and it uses Loader to load some plain text files with
>certificate representations, but they aren't a text format I was
>expecting (the sexp lisp-like stuff), and it's not clear how you would
>create them (there's no Saver class that I found). The
>SexpMarshallingTest source was good for showing me a simpler way of
>creating Name/Auth certs however.
>
>
Don't worry about being confused. It does take some time I'm afraid,
mainly because there is currently very little / no help or getting
started documentation.
>What is the standard/best/accepted way of creating "your own" keypairs
>(Prinicpals) and saving them to the file system between application
>invocations? And what about storing other people's public keys in your
>name space? I assume in X.509 all this was done in a single KeyStore
>(which comes with load/save methods), but apparently that's not
>correct for a SPKI system?
>
>
Creating KeyPairs: jsdsi.util.KeyPairFactory.create("RSA", 512);
Saving a KeyPair to file.... For this I think we really need an
implementation of a KeyStore that supports JSDSI objects (well
SExpressions really). If I remember correctly the Sun and BouncyCastle
ones do not work (you can save but they have trouble loading). I did
have a modified BouncyCastle keystore a long time back that worked(I
took the original source and added about 3 lines of code) - not sure
where it is now but could hunt down I guess...
To store other peoples public keys one would create NameCertificates for
them and store them in a CertStore. If there is a limited number of
proof searching using a jsdsi.Prover is not required I guess you could
use a KeyStore?
>The FOO Camp is the one at O'Reilly headquarters in Sebastapol, CA.
>It's in mid september so I figure my chances of finishing this in time
>aren't great (especially with 10 days at Burning Man between now and
>then), but I'm seriously going to try. I have friends going to the
>European one, although I'm not sure when/where that is exactly. If I
>had it done in time they could possibly do a short demo for me there.
>
>
>
The one in Europe I think is at the end of this month. Somewhere in
Scandanavia I think. I'll hunt down my modified bouncastle keystore if
that will help you get going?
>The system I'm trying to build is a trusted brokered p2p network (and
>eventually, a trusted brokered p2p darknet) that uses SPKI/SDSI to
>control authentication/authorization in a way that maps to social
>network concepts. It's just a general concept at the moment, but I
>need to get something to play with to flesh it out. I'm comfortable
>with the network and application programming, but I'm new to PKI
>programming. I've been a PGP user for years but the concepts I've
>learned from that are probably hurting as much as helping.
>
>
>
>
Stick with SPKI! ;-) (I'm probably biased) Seriously though, I should
imagine that the A&A stuff in SPKI is what you need, and correct me if
I'm wrong, but PGP doesn't really support authorisation?
Regards,
Sean
--
Dr. Sean Radford, MBBS, MSc
sra...@ae...
http://www.aegeus-technology.com/
|
