Date: Tue, 11 Feb 1997 21:46:28 -0800
From: br@doppio (Benjamin Renaud)
Message-Id: <199702120546.VAA20392@springbank.eng.sun.com>
To: Marianne Mueller <mrm@Eng>
Subject: Re: Chicken and Egg?
In-Reply-To: <199702120332.TAA24212@puffin.eng.sun.com>
<199702120332.TAA24212@puffin.eng.sun.com>
FYI: there is a simple hook in javakey for signing JAR files using
arbitrary signature algorithms: it will use whatever algorithm the
private key of the signer is for, defaulting to certain signature
schemes (DSA -> DSA, RSA -> MD5/RSA, etc). It is disabled right now
because we didn't get a good naming scheme in time for testing. Now we
have it, so it may be reenabled for 1.1.1...
-- Benjamin
> 3. Which CA's will issue certs for JDK 1.1 digital signatures
>
> Negotiations are in progress so we can't comment but we are talking
> with CAs. The interesting or tricky part, depending on your
> perspective, is that the Sun provider to the java.security APIs in JDK
> 1.1 implements digital signatures using the DSA algorithm. Most CA's
> are set up to issue certs for RSA-based signatures. Of course with
> X509v3 they can issue certs for a variety of implementations but they
> hadn't done so to date.
>
>
>
> > Date: Thu, 06 Feb 1997 21:23:01 +0000
> > From: David Boydston <dhboy@sb.net>
> > Reply-To: dhboy@sb.net
> > Organization: Solutions Consulting
> >
> > Thanks Marianne,
> >
> > I did manage to get the file signed using the reference:
> > http://java.sun.com/security/usingJavakey.html
> >
> > and I did figure out where the confusion got me.
> >
> > After reading several of the security .html files and looking at the
> > directive example file in
> > JDK1.1b3/docs/tooldocs/win32/javakey.html#CertificateGeneration
> > one would assume (at least I did :) ) that the issuer and subject would
> > be *different* entities. (If I always vouch for myself, the trust is
> > quite meaningless)
> >
> > The example shows issuer.name=jsmith and subject.name=mlaunay so I'm
> > asking myself "how can I get a 'trusted' certificate to create my
> > certificate?"...and I downloaed Duke.X509, imported him with javakey and
> > tryed to use issuer.name=Duke. This crashes javakey like this:
> >
> > G:\JDK1.1b3\JavaDev\SerPort\WinTerm\Applet>javakey -gc dbCert.dir
> > java.lang.ClassCastException:
> > at sun.security.provider.Main.generateCertificate(Main.java:802)
> > at sun.security.provider.Main.generateCmd(Main.java:698)
> > at sun.security.provider.Main.run(Main.java:1313)
> > at sun.security.provider.Main.main(Main.java:1341)
> >
> > Perhaps the next release docs explain this better. (and maybe fixes the
> > above ClassCastException)
> >
> > BTW do you know which CA's are planning to issue Certs for use with
> > javakey?
> > --
> > Dave Boydston
> > Solutions Consulting
> >
>
>
>