Date: Wed, 19 Feb 1997 10:09:54 -0800
Message-Id: <199702191809.KAA20612@puffin.eng.sun.com>
From: Marianne Mueller <mrm@eng.sun.com>
To: garfield@gte.net
Subject: Re: X.509 question
> Is there a way for Java to get the users private key for doing digital
> signatures of information transmitted using Java?
If you want to use keys to authenticate the user, then authorize them
for certain tasks, then you don't want to user's private key, but
rather, you want a good way to get the user's public key.
The general scenario is
1. person generates key pair (private key, public key) for
himself
2. person uses private key to sign a document
3. the signed document is routed through the net
4. your system obtains the certificate for the person
who signed the document
5. your system uses the public key contained in the
certificate to validate the signature
6. your system then decides which actions to authorize,
based on strong authentication
JDK 1.1 provides basic technology for many of these pieces, but not
yet a full suite of key and certificate management tools.
You can use the JDK 1.1 tool, javakey, to experiment with using
digital signatures with Java. Suppose my id is "Barbie." Then I
could use javakey like so
1. person generates key pair (private key, public key) for
himself
% javakey -cs "Barbie" true
% javakey -gk "Barbie" DSA 512
% javakey -gc barbie_cert_dir
The first invocation of javakey creates the identity "Barbie"
in your JDK system. The second call generates a key pair
and stores them in the identity database, typically stored
at $HOME/identitydb.obj. The third call creates a
certificate that Barbie can give to you, so that you
can authenticate Barbie when documents signed by her
show up. The argument "barbie_cert_dir" is the name
of a file that contains directives to javakey on how
the certificate should be created. Copy an
example certificate directive file from
http://java.sun.com/security/cert_directive.txt.
(Refer to the online example at
http://java.sun.com/security/signExample, and to the
user's guide at
http://java.sun.com/usingJavakey.html)
Note that if you do this, the private key is now
stored in the identity database. Therefore, this
copy of the identity database should be offline,
or stored in a very secure area of your file system,
to safeguard the private key.
Refer to http://java.sun.com/security/policy.html
for recommendations on using the identity database.
2. person uses private key to sign a document
% jar cf foo.jar *txt *html *class
% javakey -gs barbie_sign_dir
The first command, the jar command, creates an
archive file out of the rest of the files specified.
The second command to javakey uses information in
the signing directive file, barbie_sign_dir, to
sign the archive.
Copy an example signing directive file from
http://java.sun.com/security/sign_directive.txt
3. the signed document is routed through the net
Distribute the archive via http, ftp, mail, ...
4. your system obtains the certificate for the person
who signed the document
% javakey -c "Barbie" true
% javakey -ic "Barbie" /tmp/Barbie.x509
Now, on *your* side, you also need to have an identity
database. Create an "identity" for Barbie; that's
the first command. Either ftp Barbie's certificate from
where she's distributing it, or have her send it to you
by some secure means, and put it in a file named
/tmp/Barbie.x509. The certificate is a binary data file.
Now you're ready to import Barbie's certificate into your
database. That's what the second command to javakey does.
5. your system uses the public key contained in the
certificate to validate the signature
Right now, the JDK 1.1 appletviewer knows how to
parse and verify JDK 1.1 digital signatures. If you
have established Barbie as a trusted identity in your
database, and you load an applet distributed and
signed by Barbie, then the applet will be allowed full
access to the client system.
We anticipate that browser vendors and other people
developing internet software with Java will
incorporate support for Java digitial signatures.
6. your system then decides which actions to authorize,
based on strong authentication
This is up to your system. In the appletviewer,
the applet security manager mediates the access
control decision.
JavaSoft is working on support for X509v3 certificates, flexible
security policies and finer-grain access control. The scenario I just
described will evolve to include secure certificate requests to online
Certificate Authorities, and different ways to generate and store
keys, among other things.
Marianne