Re: certificates for javakey

Marianne Mueller (mrm@eng.sun.com)
Thu, 23 Jan 1997 15:29:36 -0800

Date: Thu, 23 Jan 1997 15:29:36 -0800
Message-Id: <199701232329.PAA16060@puffin.eng.sun.com>
From: Marianne Mueller <mrm@eng.sun.com>
To: watson@CEBAF.GOV
Subject: Re: certificates for javakey

Check out "Using Javakey" at
http://java.sun.com/security/usingJavakey.html

The steps are

1. create a signing identity, say for "cebaf.gov"

% javakey -cs cebaf.gov true

2. generate a keypair for that identity

% javakey -gk cebaf.gov DSA 512 cebaf_pub cebaf_priv

The last two arguments are optional. If you provide them,
the public key is stored in cebaf_pub and the private
key in cebaf_priv, *in addition* to being stored in your
identitydb.obj database.

See http://java.sun.com/security/policy.html for some
policy recommendations on creating and sharing keys
and certificates, in our current setup.

3. generate a certificate for that identity

% javakey -gc cert_directive

See http://java.sun.com/security/cert_directive.txt for
an example of a certificate directive file you can
copy and modify for generating your own certificate.

We don't support cert chaining right now so we don't have a way
for you to use your cert to sign someone else's cert ... this is
a recognized need.

Please do let us know how you'd like to use these facilities.

Marianne
JavaSoft engineering, security