Date: Wed, 08 Jul 1998 13:42:04 -0500
From: Dan Sharp <drsharp@concept5.com>
To: java-security@java.sun.com
Subject: [Fwd: Question about DSA & signing & such...]
This is a cryptographically signed message in MIME format.
--------------ms48C12C1B6CD30E6D51C23150
Content-Type: multipart/mixed; boundary="------------CD363E6D147B25EA8C49D882"
This is a multi-part message in MIME format.
--------------CD363E6D147B25EA8C49D882
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hello!
I sent this email to Marianne Mueller, but I got back an
auto-vacation response, so I'm forwarding it to the java-security email
address.
Thanks!
-Dan#
-- ................................... ("`-''-/").___..--''"`-._ .. <>< ...... The Doc ..... ><> .... `6_ 6 ) `-. ( ).`-.__.`) ...... drsharp@concept5.com ....... (_Y_.)' ._ ) `._ `. ``-..-' http://www.amherst.edu/~drsharp/ _..`--'_..-_/ /--'_.' ,' ........ .. (view in a fixed-width font) . (il),-'' (li),' ((!.-' ..........
--------------CD363E6D147B25EA8C49D882 Content-Type: message/rfc822 Content-Transfer-Encoding: 7bit Content-Disposition: inline
Return-Path: <drsharp@concept5.com> Received: from concept5.com ([207.123.142.2]) by warp15.concept5.com (Netscape Messaging Server 3.01) with SMTP id 171 for <drsharp@warp15>; Wed, 8 Jul 1998 13:40:56 -0400 Received: from concept5.com by concept5.com (SMI-8.6/SMI-SVR4) id NAA25510; Wed, 8 Jul 1998 13:36:41 -0400 Message-ID: <35A3BC4E.ED22C447@concept5.com> Date: Wed, 08 Jul 1998 13:37:02 -0500 From: Dan Sharp <drsharp@concept5.com> Organization: Concept Five Technologies, Inc. X-Mailer: Mozilla 4.05 [en] (WinNT; U) MIME-Version: 1.0 To: mrm@eng.sun.com Subject: Question about DSA & signing & such... Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1; boundary="------------msD239B822D270FA8720F5EEC5"
This is a cryptographically signed message in MIME format.
--------------msD239B822D270FA8720F5EEC5 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit
Marianne, I've been reading through the java-security archives looking for an answer about signing and verifying signatures, but have been unsuccessful. Hopefully, you can give me an answer. Feel free to forward this question to anyone else if there is someone else that it should go to.
Let me describe my situation, then I'll describe the problem/question.
We (C5) are building CORBA Security services in Java and C++. I am trying to come up with a way to perform signing of certificates and verification of signatures in Java. Our C++ code handles the generation of certificates (X.509) using BSAFE (RSA). We can switch to using DSA (BSAFE supports DSA, apparently). We are looking into using JSAFE, but are running into licensing snags. Anyway, the C++ code creates an X.509 certificate and signs it with DSA (right now, it uses RSA, but assume DSA for now - we could switch to that). This token then gets sent across the wire (via CORBA) to a Java client application. The Java app needs to pull out the certificate and verify the signature on it. We've written code to do this with JSAFE but are now investigating other options (because of licensing and exporting issues). Because of CORBA issues, we are currently stuck using JDK 1.1. Also, because of export issues (customers of this produce would include overseas companies), we can't include JCE (JCA?).
So.....
If we use the "java.security.*" APIs that are built-in to the JDK 1.1.x (x=5 or 6) and use the default "SUN" provider:
1) will this allow us to sign and verify signatures using DSA? 2) will this work if the keys/certificates are created outside of Java (even if DSA is used)? 3) it seems (from the API docs) that the initVerify() method requires a PublicKey, but this is an interface, and the DSAPublicKey is also an interface. Does the SUN provider implement this interface? If not, is there a way to do a verify() with just JDK 1.1 or am I out of luck? 4) what are the export/license issues involved with this scenario?
We aren't doing any encryption/decryption, so I'm not sure how export restrictions fit in. This is mainly for authentication purposes. If the above description and questions aren't clear, please let me know so I can clarify further.
Thank you so much!
-Dan Sharp drsharp@concept5.com
-- ................................... ("`-''-/").___..--''"`-._ .. <>< ...... The Doc ..... ><> .... `6_ 6 ) `-. ( ).`-.__.`) ...... drsharp@concept5.com ....... (_Y_.)' ._ ) `._ `. ``-..-' http://www.amherst.edu/~drsharp/ _..`--'_..-_/ /--'_.' ,' ........ .. (view in a fixed-width font) . (il),-'' (li),' ((!.-' ..........
--------------msD239B822D270FA8720F5EEC5 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature
MIIKCAYJKoZIhvcNAQcCoIIJ+TCCCfUCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC CEEwggOKMIIC86ADAgECAhAr6rXBnuy6SBpz2FLWz++iMA0GCSqGSIb3DQEBAgUAMGIxETAP BgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVy aVNpZ24gQ2xhc3MgMiBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05ODA0MjAwMDAw MDBaFw05OTA0MjAyMzU5NTlaMIIBETERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZl cmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVh bCBTdWJzY3JpYmVyMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BT IEluY29ycC4gYnkgUmVmLixMSUFCLkxURChjKTk2MSYwJAYDVQQLEx1EaWdpdGFsIElEIENs YXNzIDIgLSBOZXRzY2FwZTEYMBYGA1UEAxMPRGFuaWVsIFIuIFNoYXJwMSMwIQYJKoZIhvcN AQkBFhRkcnNoYXJwQGNvbmNlcHQ1LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDDrkNd //68p5EW8NgkRsqMNPRuUBQN1u6EYNr5GeknmdV1KHuWvhdCJeVw5xJwpNpvjKMEwyti/JvD cnv+d2URAgMBAAGjgdMwgdAwCQYDVR0TBAIwADCBrwYDVR0gBIGnMIAwgAYLYIZIAYb4RQEH AQEwgDAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzBiBggrBgEF BQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlTaWduJ3MgQ1BTIGluY29ycC4g YnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcgVmVyaVNpZ24AAAAAAAAwEQYJYIZIAYb4 QgEBBAQDAgeAMA0GCSqGSIb3DQEBAgUAA4GBAJn2PkuCzpi+/rFIOg/SUiy5noWKgLHXBqso 8WO73hz6LrEat8UqqwUvIMqT3Bl8f9xxLB4Bpv5uzFepnhruBgGDAbgaH+qaUPB8/+vAT4DZ /tmuWiWqtXGltja5Pnrk0ycIq/8OUt7KtoKh3ieXzky9Dcluzfw05CDMHlhhZzr/MIICejCC AeOgAwIBAgIRAJWwdoRMxQoiZqaTab+Cnp0wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMC VVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAyIFB1YmxpYyBQ cmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk5MDYy NzIzNTk1OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVy MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0 v5nbRsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp3bJn cZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZvz+793wIDAQAB ozMwMTAPBgNVHRMECDAGAQH/AgEBMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYw DQYJKoZIhvcNAQECBQADgYEAqnUuv+srf8qe029tjTwPCc5bOJjdT4AhOVhb/XcxTgYSF1/Z kqGRuyCi04g8p7ZSaRcs7mwsn07IW71EwcCK9o8t0lX8YYFNckfCDcduPLOx2QGyYDVtN6EV 38Jgj4XanGX8677JC0V23dDiNBRp1kx2uYdEcGGZa8j8PxoYrngwggIxMIIBmgIFAqMAAAEw DQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu MTcwNQYDVQQLEy5DbGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y aXR5MB4XDTk2MDEyOTAwMDAwMFoXDTk5MTIzMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAV BgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAyIFB1YmxpYyBQcmltYXJ5 IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2 WoujDWojg4BrzzmH9CETMwZMJaLtVRKXxaeAufqDwSCg+i8VDXyhYGt+eSz6Bg86rvYbb7HS /y8oUl+DfUvEerf4Zh+AVPy3wo5ZShRXRtGak75BkQO7FYCTXOvnzAhsPz6zSvz/S2wj1VCC JkQZjiPDceoZJEcEnnW/yKYAHwIDAQABMA0GCSqGSIb3DQEBAgUAA4GBAHuvpBwvwJsOO1z8 qObRlg9IckmF5a8aIwDj6buANGyyP4SoPHJws0zec/p8hNKSpQA3CcIDNCMDt+12ltw+T4X9 WBf0BL7sUR7cetvbruhheNplOEesHQNwbenju6BKn0DqvNtzv2dNXcZ8IFzn6KIKK8IJdNdM /tvpawJjXTmnMYIBjzCCAYsCAQEwdjBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMO VmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDIgQ0EgLSBJbmRpdmlk dWFsIFN1YnNjcmliZXICECvqtcGe7LpIGnPYUtbP76IwCQYFKw4DAhoFAKCBsTAYBgkqhkiG 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw05ODA3MDgxODM3MDJaMCMGCSqG SIb3DQEJBDEWBBRCLjtQ5D7MRZVPzIpgThhXesKgIzBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqG SIb3DQMHMA4GCCqGSIb3DQMCAgIAgDAHBgUrDgMCBzANBggqhkiG9w0DAgIBQDANBggqhkiG 9w0DAgIBKDANBgkqhkiG9w0BAQEFAARAjOGqJ1kSf2Zmssm0qYhUGy4hvPTJbw9QfbH3mCD7 91hVY6tlyzRTDokztL0ceFHd3Ciy++L62bpRDL2IEJpi8Q== --------------msD239B822D270FA8720F5EEC5--
--------------CD363E6D147B25EA8C49D882--
--------------ms48C12C1B6CD30E6D51C23150 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" Content-Description: S/MIME Cryptographic Signature
MIIKCAYJKoZIhvcNAQcCoIIJ+TCCCfUCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC CEEwggOKMIIC86ADAgECAhAr6rXBnuy6SBpz2FLWz++iMA0GCSqGSIb3DQEBAgUAMGIxETAP BgNVBAcTCEludGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVy aVNpZ24gQ2xhc3MgMiBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjAeFw05ODA0MjAwMDAw MDBaFw05OTA0MjAyMzU5NTlaMIIBETERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZl cmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVh bCBTdWJzY3JpYmVyMUYwRAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BT IEluY29ycC4gYnkgUmVmLixMSUFCLkxURChjKTk2MSYwJAYDVQQLEx1EaWdpdGFsIElEIENs YXNzIDIgLSBOZXRzY2FwZTEYMBYGA1UEAxMPRGFuaWVsIFIuIFNoYXJwMSMwIQYJKoZIhvcN AQkBFhRkcnNoYXJwQGNvbmNlcHQ1LmNvbTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDDrkNd //68p5EW8NgkRsqMNPRuUBQN1u6EYNr5GeknmdV1KHuWvhdCJeVw5xJwpNpvjKMEwyti/JvD cnv+d2URAgMBAAGjgdMwgdAwCQYDVR0TBAIwADCBrwYDVR0gBIGnMIAwgAYLYIZIAYb4RQEH AQEwgDAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL0NQUzBiBggrBgEF BQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlTaWduJ3MgQ1BTIGluY29ycC4g YnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcgVmVyaVNpZ24AAAAAAAAwEQYJYIZIAYb4 QgEBBAQDAgeAMA0GCSqGSIb3DQEBAgUAA4GBAJn2PkuCzpi+/rFIOg/SUiy5noWKgLHXBqso 8WO73hz6LrEat8UqqwUvIMqT3Bl8f9xxLB4Bpv5uzFepnhruBgGDAbgaH+qaUPB8/+vAT4DZ /tmuWiWqtXGltja5Pnrk0ycIq/8OUt7KtoKh3ieXzky9Dcluzfw05CDMHlhhZzr/MIICejCC AeOgAwIBAgIRAJWwdoRMxQoiZqaTab+Cnp0wDQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMC VVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAyIFB1YmxpYyBQ cmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTk2MDYyNzAwMDAwMFoXDTk5MDYy NzIzNTk1OVowYjERMA8GA1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu MTQwMgYDVQQLEytWZXJpU2lnbiBDbGFzcyAyIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVy MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC6A+2czKGRcYMfm8gdnk+0de99TDDzsqo0 v5nbRsbUmMcdRQ7nsMbRWe0SAb/9QoLTZ/cJ0iOBqdrkz7UpqqKarVoTSdlSMVM92tWp3bJn cZHQD1t4xd6lQVdI1/T6R+5J0T1ukOdsI9Jmf+F28S6g3R3L1SFwiHKeZKZvz+793wIDAQAB ozMwMTAPBgNVHRMECDAGAQH/AgEBMAsGA1UdDwQEAwIBBjARBglghkgBhvhCAQEEBAMCAQYw DQYJKoZIhvcNAQECBQADgYEAqnUuv+srf8qe029tjTwPCc5bOJjdT4AhOVhb/XcxTgYSF1/Z kqGRuyCi04g8p7ZSaRcs7mwsn07IW71EwcCK9o8t0lX8YYFNckfCDcduPLOx2QGyYDVtN6EV 38Jgj4XanGX8677JC0V23dDiNBRp1kx2uYdEcGGZa8j8PxoYrngwggIxMIIBmgIFAqMAAAEw DQYJKoZIhvcNAQECBQAwXzELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMu MTcwNQYDVQQLEy5DbGFzcyAyIFB1YmxpYyBQcmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9y aXR5MB4XDTk2MDEyOTAwMDAwMFoXDTk5MTIzMTIzNTk1OVowXzELMAkGA1UEBhMCVVMxFzAV BgNVBAoTDlZlcmlTaWduLCBJbmMuMTcwNQYDVQQLEy5DbGFzcyAyIFB1YmxpYyBQcmltYXJ5 IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC2 WoujDWojg4BrzzmH9CETMwZMJaLtVRKXxaeAufqDwSCg+i8VDXyhYGt+eSz6Bg86rvYbb7HS /y8oUl+DfUvEerf4Zh+AVPy3wo5ZShRXRtGak75BkQO7FYCTXOvnzAhsPz6zSvz/S2wj1VCC JkQZjiPDceoZJEcEnnW/yKYAHwIDAQABMA0GCSqGSIb3DQEBAgUAA4GBAHuvpBwvwJsOO1z8 qObRlg9IckmF5a8aIwDj6buANGyyP4SoPHJws0zec/p8hNKSpQA3CcIDNCMDt+12ltw+T4X9 WBf0BL7sUR7cetvbruhheNplOEesHQNwbenju6BKn0DqvNtzv2dNXcZ8IFzn6KIKK8IJdNdM /tvpawJjXTmnMYIBjzCCAYsCAQEwdjBiMREwDwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMO VmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWduIENsYXNzIDIgQ0EgLSBJbmRpdmlk dWFsIFN1YnNjcmliZXICECvqtcGe7LpIGnPYUtbP76IwCQYFKw4DAhoFAKCBsTAYBgkqhkiG 9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw05ODA3MDgxODQyMDRaMCMGCSqG SIb3DQEJBDEWBBTdGZ8UoUDxX0+K+W5RiCHz/ffsEjBSBgkqhkiG9w0BCQ8xRTBDMAoGCCqG SIb3DQMHMA4GCCqGSIb3DQMCAgIAgDAHBgUrDgMCBzANBggqhkiG9w0DAgIBQDANBggqhkiG 9w0DAgIBKDANBgkqhkiG9w0BAQEFAARAcgJCOHem67UnoSUP0jYNKBLAZIo614inPVRG1FXH IHODGZREsjKr/OqqCgHS7u2eZH24E46jo+NbnQ/2dExivA== --------------ms48C12C1B6CD30E6D51C23150--