Menu
▾
▴
trustedjava-support
|
From: Carolin L. <car...@un...> - 2008-01-16 14:09:25
|
Hi all, I try to generate certificates for the privacy ca using tccert, but it fails: ./tccert.sh -i ca ca.ini ***************************************************************************** *** *** *** Welcome to the IAIK JCE Library *** *** *** *** This version of IAIK-JCE is licensed for evaluation, education, *** *** research, and use in open-source projects only. *** *** Commercial use of this software is prohibited. *** *** For details please see http://jce.iaik.tugraz.at/sales/. *** *** This message does not appear in the registered commercial version. *** *** *** ***************************************************************************** generating CA certificates... CAroot 15:07:09:783 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... 15:07:16:902 [INFO] CACertificate::<init> (74): root CA cert ---> issuerDN = subjectDN Exception in thread "main" iaik.utils.InternalErrorException: PBEParameterSpec type required at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) at iaik.tc.cert.common.Common.writePrivateKeyToFile(Common.java:363) at iaik.tc.TCcert.generateCA(TCcert.java:247) at iaik.tc.TCcert.main(TCcert.java:118) (I used ca.ini from the examples folder for testing purposes... it also fails with certs.ini from pca) My Java version is 1.6: java -version java version "1.6.0_03" Java(TM) SE Runtime Environment (build 1.6.0_03-b05) Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed mode) Does anybody have an idea whats going wrong here? Regards Carolin |
|
From: Martin P. <Mar...@ia...> - 2008-01-16 14:25:47
Attachments:
smime.p7s
IAIK.class
|
Hi... Carolin Latze wrote: > ./tccert.sh -i ca ca.ini [...] > generating CA certificates... > CAroot > 15:07:09:783 [INFO] CACertificate::<init> (49): generating RSA KeyPair > for CA certificate... > 15:07:16:902 [INFO] CACertificate::<init> (74): root CA cert ---> > issuerDN = subjectDN > Exception in thread "main" iaik.utils.InternalErrorException: > PBEParameterSpec type required > at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) > at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) > at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) > at iaik.tc.cert.common.Common.writePrivateKeyToFile(Common.java:363) > at iaik.tc.TCcert.generateCA(TCcert.java:247) > at iaik.tc.TCcert.main(TCcert.java:118) [...] > Does anybody have an idea whats going wrong here? I am unable to reproduce your problem: .../testtccert/tccert-0.2.2$ java -version java version "1.6.0_03" Java(TM) SE Runtime Environment (build 1.6.0_03-b05) Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed mode, sharing) .../tccert-0.2.2$ ./tccert.sh -i ca ca.ini *** *** *** Welcome to the IAIK JCE Library *** *** *** *** This version of IAIK JCE is licensed for educational and research use *** *** and evaluation only. Commercial use of this software is prohibited. *** *** For details please see http://jce.iaik.tugraz.at/sales/licences/. *** *** This message does not appear in the registered commercial version. *** *** *** generating CA certificates... CAroot 14:14:16:263 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... 14:14:19:132 [INFO] CACertificate::<init> (74): root CA cert ---> issuerDN = subjectDN CApe 14:14:19:926 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... 14:14:25:328 [INFO] CACertificate::<init> (71): derived CA cert CAek 14:14:25:440 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... 14:14:28:441 [INFO] CACertificate::<init> (71): derived CA cert CAaik 14:14:28:521 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... 14:14:33:813 [INFO] CACertificate::<init> (71): derived CA cert ...done Common problems: * Are you sure you use the signed(!) version of IAIK-JCE? * Are you sure you installed the "unlimited strength encryption" policy files for Java? As a future help, please also read my mail "XKMS 0.2 + Java 6" from 21.08.2007 on this mailing list. I attached "IAIK.class" again to this mail for your convenience. HTH, Martin |
|
From: Carolin L. <car...@un...> - 2008-01-16 14:32:01
|
Hi Martin, thanks for the immediate reply. I got it working now. You were right, I had to replace iaik-jce. I used the signed version for pca, but for certificate creation I use a seperate tccert installation, which didn't use the signed jar. Thanks for the hint Btw I read already your older mail, but I am not that far with my setup atm :-) Regards Carolin Martin Pirker wrote: > Hi... > > Carolin Latze wrote: > >> ./tccert.sh -i ca ca.ini >> > [...] > >> generating CA certificates... >> CAroot >> 15:07:09:783 [INFO] CACertificate::<init> (49): generating RSA KeyPair >> for CA certificate... >> 15:07:16:902 [INFO] CACertificate::<init> (74): root CA cert ---> >> issuerDN = subjectDN >> Exception in thread "main" iaik.utils.InternalErrorException: >> PBEParameterSpec type required >> at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) >> at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) >> at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) >> at iaik.tc.cert.common.Common.writePrivateKeyToFile(Common.java:363) >> at iaik.tc.TCcert.generateCA(TCcert.java:247) >> at iaik.tc.TCcert.main(TCcert.java:118) >> > > [...] > > >> Does anybody have an idea whats going wrong here? >> > > I am unable to reproduce your problem: > > .../testtccert/tccert-0.2.2$ java -version > java version "1.6.0_03" > Java(TM) SE Runtime Environment (build 1.6.0_03-b05) > Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed mode, sharing) > > .../tccert-0.2.2$ ./tccert.sh -i ca ca.ini > *** *** > *** Welcome to the IAIK JCE Library *** > *** *** > *** This version of IAIK JCE is licensed for educational and research use *** > *** and evaluation only. Commercial use of this software is prohibited. *** > *** For details please see http://jce.iaik.tugraz.at/sales/licences/. *** > *** This message does not appear in the registered commercial version. *** > *** *** > > generating CA certificates... > CAroot > 14:14:16:263 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... > 14:14:19:132 [INFO] CACertificate::<init> (74): root CA cert ---> issuerDN = subjectDN > CApe > 14:14:19:926 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... > 14:14:25:328 [INFO] CACertificate::<init> (71): derived CA cert > CAek > 14:14:25:440 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... > 14:14:28:441 [INFO] CACertificate::<init> (71): derived CA cert > CAaik > 14:14:28:521 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... > 14:14:33:813 [INFO] CACertificate::<init> (71): derived CA cert > ...done > > > > Common problems: > * Are you sure you use the signed(!) version of IAIK-JCE? > * Are you sure you installed the "unlimited strength encryption" policy files > for Java? > > > As a future help, please also read my mail "XKMS 0.2 + Java 6" from 21.08.2007 > on this mailing list. I attached "IAIK.class" again to this mail for your convenience. > > > HTH, > Martin > > ------------------------------------------------------------------------ > > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Microsoft > Defy all challenges. Microsoft(R) Visual Studio 2008. > http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ > ------------------------------------------------------------------------ > > _______________________________________________ > Trustedjava-support mailing list > Tru...@li... > https://lists.sourceforge.net/lists/listinfo/trustedjava-support > -- Carolin Latze Research Assistant Department of Computer Science Boulevard de Pérolles 90 CH-1700 Fribourg phone: +41 26 300 83 30 |
|
From: Carolin L. <car...@un...> - 2008-01-16 15:06:29
|
Hi all, I have another Java problem... meanwhile I copied tccert into the resources directory and adapted iaik_xkms.jar according to Martins Mail. Finally, I checked that I have JCE and the signed iaik_jce.jar. The example with ca.ini works, but I am not able to use certs.ini: ./tccert.sh -i ca certs.ini ***************************************************************************** *** *** *** Welcome to the IAIK JCE Library *** *** *** *** This version of IAIK-JCE is licensed for evaluation, education, *** *** research, and use in open-source projects only. *** *** Commercial use of this software is prohibited. *** *** For details please see http://jce.iaik.tugraz.at/sales/. *** *** This message does not appear in the registered commercial version. *** *** *** ***************************************************************************** generating CA certificates... CAroot 16:03:28:845 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... 16:03:28:847 [INFO] CACertificate::<init> (56): privatekeysize not specified, using default 2048 bits 16:03:30:002 [WARN] Common::parseName (70): 'country' property for distinguished name expected 16:03:30:002 [WARN] Common::parseName (77): 'organization' property for distinguished name expected 16:03:30:003 [WARN] Common::parseName (84): 'organizationalUnit' property for distinguished name expected 16:03:30:003 [WARN] Common::parseName (91): 'commonName' property for distinguished name expected Exception in thread "main" java.lang.IllegalArgumentException: distinguished name object must not be empty, cannot build Name object at iaik.tc.cert.common.Common.parseName(Common.java:95) at iaik.tc.cert.CACertificate.<init>(CACertificate.java:67) at iaik.tc.TCcert.generateCA(TCcert.java:243) at iaik.tc.TCcert.main(TCcert.java:118) It seems, that I have another configuration problem... BTW I compared certs.ini with ca.ini, but I don't see the problem... Any hints are appreciated Regards Carolin Carolin Latze wrote: > Hi Martin, > > thanks for the immediate reply. I got it working now. You were right, I > had to replace iaik-jce. I used the signed version for pca, but for > certificate creation I use a seperate tccert installation, which didn't > use the signed jar. Thanks for the hint > > Btw I read already your older mail, but I am not that far with my setup > atm :-) > > Regards > Carolin > > Martin Pirker wrote: > >> Hi... >> >> Carolin Latze wrote: >> >> >>> ./tccert.sh -i ca ca.ini >>> >>> >> [...] >> >> >>> generating CA certificates... >>> CAroot >>> 15:07:09:783 [INFO] CACertificate::<init> (49): generating RSA KeyPair >>> for CA certificate... >>> 15:07:16:902 [INFO] CACertificate::<init> (74): root CA cert ---> >>> issuerDN = subjectDN >>> Exception in thread "main" iaik.utils.InternalErrorException: >>> PBEParameterSpec type required >>> at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) >>> at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) >>> at iaik.pkcs.pkcs8.EncryptedPrivateKeyInfo.encrypt(Unknown Source) >>> at iaik.tc.cert.common.Common.writePrivateKeyToFile(Common.java:363) >>> at iaik.tc.TCcert.generateCA(TCcert.java:247) >>> at iaik.tc.TCcert.main(TCcert.java:118) >>> >>> >> [...] >> >> >> >>> Does anybody have an idea whats going wrong here? >>> >>> >> I am unable to reproduce your problem: >> >> .../testtccert/tccert-0.2.2$ java -version >> java version "1.6.0_03" >> Java(TM) SE Runtime Environment (build 1.6.0_03-b05) >> Java HotSpot(TM) Client VM (build 1.6.0_03-b05, mixed mode, sharing) >> >> .../tccert-0.2.2$ ./tccert.sh -i ca ca.ini >> *** *** >> *** Welcome to the IAIK JCE Library *** >> *** *** >> *** This version of IAIK JCE is licensed for educational and research use *** >> *** and evaluation only. Commercial use of this software is prohibited. *** >> *** For details please see http://jce.iaik.tugraz.at/sales/licences/. *** >> *** This message does not appear in the registered commercial version. *** >> *** *** >> >> generating CA certificates... >> CAroot >> 14:14:16:263 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... >> 14:14:19:132 [INFO] CACertificate::<init> (74): root CA cert ---> issuerDN = subjectDN >> CApe >> 14:14:19:926 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... >> 14:14:25:328 [INFO] CACertificate::<init> (71): derived CA cert >> CAek >> 14:14:25:440 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... >> 14:14:28:441 [INFO] CACertificate::<init> (71): derived CA cert >> CAaik >> 14:14:28:521 [INFO] CACertificate::<init> (49): generating RSA KeyPair for CA certificate... >> 14:14:33:813 [INFO] CACertificate::<init> (71): derived CA cert >> ...done >> >> >> >> Common problems: >> * Are you sure you use the signed(!) version of IAIK-JCE? >> * Are you sure you installed the "unlimited strength encryption" policy files >> for Java? >> >> >> As a future help, please also read my mail "XKMS 0.2 + Java 6" from 21.08.2007 >> on this mailing list. I attached "IAIK.class" again to this mail for your convenience. >> >> >> HTH, >> Martin >> >> ------------------------------------------------------------------------ >> >> ------------------------------------------------------------------------- >> This SF.net email is sponsored by: Microsoft >> Defy all challenges. Microsoft(R) Visual Studio 2008. >> http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ >> ------------------------------------------------------------------------ >> >> _______________________________________________ >> Trustedjava-support mailing list >> Tru...@li... >> https://lists.sourceforge.net/lists/listinfo/trustedjava-support >> >> > > |
|
From: Martin P. <Mar...@ia...> - 2008-01-16 15:26:59
Attachments:
smime.p7s
|
Carolin Latze wrote: > example with ca.ini works, but I am not able to use certs.ini: > > ./tccert.sh -i ca certs.ini PCA readme, section 2.4.2: "To create this 2 entities run the build-certs script in the bin directory" HTH, Martin |
|
From: Carolin L. <car...@un...> - 2008-01-16 16:05:25
|
Ok, I did not mean these certificates, I am at this point: == The PrivacyCA expects a certain set of certificates to be available upon startup: A self signed CA root certificate ca.cert At the next level, intermediate CA certificates + private keys for each service: TPM Endorsement Key (EK) CA caek.cert and caek.pkey Attestation Identity Key (AIK) CA caaik.cert and caaik.pkey The certificates and private keys for these 3 entities may be build with the TCcert utility. After running TCcert, just copy over the created ca* files. == But I think, I understand, what you mean... ca.ini generates those three and cert.ini the other two... was not clear for me, as you see :-) (I thought ca.ini was just an example to explain tccert...) Regards Martin Pirker wrote: > Carolin Latze wrote: > >> example with ca.ini works, but I am not able to use certs.ini: >> >> ./tccert.sh -i ca certs.ini >> > > PCA readme, section 2.4.2: > "To create this 2 entities run the build-certs script in the bin directory" > > HTH, > Martin > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X