From: Martin P. <Mar...@ia...> - 2009-06-10 07:27:38
|
Hi... Martin Schneider wrote: > we're working on a kind of TPM-based Certification Authority (CA). The > private key of the CA is located in a TPM which means that the > Certificate Signing Request (CSR) will be signed using a private key > **inside the TPM**. Note that not all TPM key types sign arbitrary externally supplied data. > In my understanding singing a CSR with a key in a TPM could be done > using OpenSSL and a OpenSSL TPM engine. OpenSSL and Java doesn't fit > there's also a Java Package java.security.cert > (http://java.sun.com/j2se/1.5.0/docs/api/java/security/cert/package-summary.html) > available that can be used for certificate creation. As you can read from this link "Provides classes and interfaces for parsing and managing certificates". The classes included in standard Java runtime are either just abstract interfaces or classes with limited functionality (e.g. only parsing, not creating). > Can this package > be used with TPM, too? Or what would you recommend to us? If you need a full implementation of the Java cryptography API, we can recommend our own IAIK-JCE libraries which provide everything you ever need for certificates, cryptography, ASN.1, CRLs etc. etc. with Java. IAIK-JCE is also the toolkit used by the Trusted Computing for Java libraries. Note that IAIK-JCE is a commercial product, but free licenses are available for educational and/or research purposes. Please see further information at http://jce.iaik.tugraz.at/sic/products/core_crypto_toolkits/jca_jce HTH, Martin |