Certificate Processing ...

Jatinder Bali (jbali@lucent.com)
Thu, 25 Jun 1998 13:47:57 -0400

To: java-security@web2.javasoft.com
Message-Id: <005901bda061$63c6b280$46265c87@atlantis.hr-firewalls.lucent.com>
From: "Jatinder Bali" <jbali@lucent.com>
Subject: Certificate Processing ...
Date: Thu, 25 Jun 1998 13:47:57 -0400

This is a multi-part message in MIME format.

------=_NextPart_000_0056_01BDA03F.DC31B1B0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello,

I know that one should not use sun.* classes as they are unsupported. =
Anyway ....
=20
I can generate a certificate for any file in JDK1.1.5 using the =
following code :
=20
String s =3D assertProp("signature.file", properties);
if(s =3D=3D null)
return false;
s =3D s.toUpperCase();
String s1 =3D file.getName();
String s2 =3D properties.getProperty("out.file");
if(s2 =3D=3D null || s2.equals(s1))
s2 =3D s1 + ".sig";
File file1 =3D new File(s2);
FileInputStream fileinputstream =3D new FileInputStream(file);
FileOutputStream fileoutputstream =3D new =
FileOutputStream(certificateFile);
PrintStream printstream =3D new PrintStream(fileoutputstream);
byte abyte0[] =3D getBytesToEOF(fileinputstream);
PKCS7 pkcs7 =3D computeSignatures(abyte0, properties);
pkcs7.encodeSignedData(printstream);
out.println("Written signature for file \"" + s1 + "\"" + "in =
file \"" + s2 + "\"");
fileinputstream.close();
printstream.close();
=20
My problem is how do I verify it. Could you provide me with some =
pointers. Foe example can one use PKCS7.verify method.

My certificate file contains :
=20
PKCS7 :: version: 01
PKCS7 :: digest AlgorithmIds:
[SHA]
Content Info Sequence
Content type: 1.2.840.1113549.1.7.1
Content: [DerValue, tag =3D 4, length =3D 3192]
PKCS7 :: certificates:
0. [
X.509v01 certificate,
Subject is CN=3DDuke, OU=3D"JavaSoft ", O=3DSun MicroSystems, C=3DUS
Key: Sun DSA Public Key
parameters:
p: =
fca682ce8e12caba26efccf7110e526db078b05edecbcd1eb4a208f3ae1617ae01f35b91a=
47e6
df63413c5e12ed0899bcd132acd50d99151bdc43ee737592e17
q: 962eddcc369cba8ebb260ee6b6a126d9346e38c5
g: =
678471b27a9cf44ee91a49c5147db1a9aaf244f05a434d6486931d2d14271b9e35030b71f=
d73d
a179069b32e2935630e1c2062354d0da20a6c416e50be794ca4
=20
y: =
59304defc183ab116c1184e4a906faa6f9587995c300c9c7bab4436cf4f74182ba82da633=
3af0
6b7333d3e0dc252a9d107a09660bc509ba540168231ef7c9422
Validity <Mon Apr 06 20:00:00 EDT 1998> until <Fri Apr 05 19:00:00 EST =
2002>
Issuer is CN=3DDuke, OU=3D"JavaSoft ", O=3DSun MicroSystems, C=3DUS
Issuer signature used [SHA1withDSA]
Serial number =3D 03e9
]
PKCS7 :: signer infos:
0. Signer Info for (issuer): CN=3DDuke, OU=3D"JavaSoft ", =
O=3DSun MicroSystem
s, C=3DUS
version: 01
certificateSerialNumber: 03e9
digestAlgorithmId: [SHA]
digestEncryptionAlgorithmId: [SHA1withDSA]
encryptedDigest: [B@18ffde

Thanks in advance,
Jatinder

------=_NextPart_000_0056_01BDA03F.DC31B1B0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">

Hello,
 
I know that one should not use sun.* = classes as=20 they are unsupported. Anyway ....
 
I can generate a certificate for any file in = JDK1.1.5 using=20 the following code :
 
        String s = =3D=20 assertProp("signature.file",=20 properties);
        if(s =3D=3D=20 null)
          &nbs= p;=20 return false;
        s =3D=20 s.toUpperCase();
        String s1 = =3D=20 file.getName();
        String s2 = =3D=20 properties.getProperty("out.file");
    =    =20 if(s2 =3D=3D null ||=20 s2.equals(s1))
         &= nbsp; =20 s2 =3D s1 + = ".sig";
        File=20 file1 =3D new File(s2);
       =20 FileInputStream fileinputstream =3D new=20 FileInputStream(file);
       =20 FileOutputStream fileoutputstream =3D new=20 FileOutputStream(certificateFile);
      = ; =20 PrintStream printstream =3D new=20 PrintStream(fileoutputstream);
      &nb= sp;=20 byte abyte0[] =3D=20 getBytesToEOF(fileinputstream);
      &n= bsp;=20 PKCS7 pkcs7 =3D computeSignatures(abyte0,=20 properties);
       =20 pkcs7.encodeSignedData(printstream);
     &nb= sp; =20 out.println("Written signature for file \"" + s1 +=20 "\"" + "in file \"" + s2 +=20 "\"");
       =20 fileinputstream.close();
       =20 printstream.close();
 
My problem is how do I verify it. Could you provide = me with=20 some pointers. Foe example can one use = PKCS7.verify=20 method.
 
My certificate file contains :
 
PKCS7 :: version:     = 01
PKCS7 ::=20 digest AlgorithmIds:
       =20 [SHA]
Content Info = Sequence
       =20 Content type:=20 1.2.840.1113549.1.7.1
        = Content:=20 [DerValue, tag =3D 4, length =3D 3192]
PKCS7 ::=20 certificates:
        = 0.  =20 [
  X.509v01 certificate,
  Subject is CN=3DDuke,=20 OU=3D"JavaSoft ", O=3DSun MicroSystems, C=3DUS
  = Key:  Sun DSA=20 Public Key
parameters:
p:=20 fca682ce8e12caba26efccf7110e526db078b05edecbcd1eb4a208f3ae1617ae01f35b91a= 47e6
df63413c5e12ed0899bcd132acd50d99151bdc43ee737592e17
q:=20 962eddcc369cba8ebb260ee6b6a126d9346e38c5
g:=20 678471b27a9cf44ee91a49c5147db1a9aaf244f05a434d6486931d2d14271b9e35030b71f= d73d
a179069b32e2935630e1c2062354d0da20a6c416e50be794ca4
 
y:=20 59304defc183ab116c1184e4a906faa6f9587995c300c9c7bab4436cf4f74182ba82da633= 3af0
6b7333d3e0dc252a9d107a09660bc509ba540168231ef7c9422
 =20 Validity <Mon Apr 06 20:00:00 EDT 1998> until <Fri Apr 05 = 19:00:00 EST=20 2002>
  Issuer is CN=3DDuke, OU=3D"JavaSoft ", = O=3DSun=20 MicroSystems, C=3DUS
  Issuer signature used = [SHA1withDSA]
 =20 Serial number =3D     03e9
]
PKCS7 :: signer=20 infos:
        0.  Signer = Info for=20 (issuer): CN=3DDuke, OU=3D"JavaSoft ", O=3DSun = MicroSystem
s,=20 C=3DUS
       =20 version:    =20 01
       =20 certificateSerialNumber:    =20 03e9
        digestAlgorithmId:=20 [SHA]
        = digestEncryptionAlgorithmId:=20 [SHA1withDSA]
        = encryptedDigest:=20 [B@18ffde
 
Thanks in advance,
Jatinder
------=_NextPart_000_0056_01BDA03F.DC31B1B0--