Re: javakey problems - JDK1.1b2

Marianne Mueller (mrm@doppio)
Mon, 16 Dec 1996 18:30:59 -0800

Date: Mon, 16 Dec 1996 18:30:59 -0800
From: mrm@doppio (Marianne Mueller)
Message-Id: <199612170230.SAA02318@puffin.eng.sun.com>
To: drake@netobjective.com
Subject: Re: javakey problems - JDK1.1b2

> From drake@netobjective.com Mon Dec 16 10:31:34 1996
> Date: Sun, 15 Dec 1996 10:57:54 -0600
> From: drake@netobjective.com (Don Drake)
> MIME-Version: 1.0
> To: mrm@Eng
> Subject: javakey problems - JDK1.1b2
> Content-Transfer-Encoding: 7bit
>
> I'm trying to create a certificates for myself using javakey, and I
> am following the instructions up to the javakey -gc <dircerfile> and I
> get an error "issuer.cert must be specified in the directive file." I
> could not find an example of what this field should be, so I added
> issuer.cert=1 in my directive file. I then retry to create my
> certificate and I get "no such cert: 0". If I change the field to
> anything else I get "date formatted incorrectly".
>
> I'm at a loss of what I should do now. Any ideas?
>
> Thanks.
>
> -Don
> --
> Donald Drake
> E-mail: Donald.Drake@netobjective.com
> Company: NetObjective, P.O. Box 46461, Chicago, IL 60646
> Phone: (708)345-4282
> URL: http://www.netobjective.com

Hi Don,

Hmm, I don't know what the problem is. I was able to create an identity
for myself, create a pair of keys, and use it to sign a JAR file, just now,
using the JDK1.1 beta2 stuff.

Here's a screen dump of what I did followed by a copy of my cert_directive
and sign_direcitive files.

If you can send in a screen dump of your session, we can file a bug
if need be.

One thing you should try, is the brute force method. Delete your previous
identitydb.obj database, and start from scratch. I don't know why it
would be, but perhaps there's some confusion mixing stuff from beta1 and
stuff from beta2.

thanks,
Marianne

screen dump:

puffin% javakey -cs "mrm" true
Operation successful

puffin% javakey -gk "mrm" DSA 512 mrm_pub mrm_priv
Operation successful

puffin% javakey -gc cert_directive
Operation successful

puffin% jar cf demo.jar HelloUsenix*

puffin% javakey -gs sign_directive demo.jar
Operation successful

puffin% mkdir demo
puffin% mv demo.jar.sig demo/demo.jar

puffin% cd demo

puffin% jar xf demo.jar

puffin% ls
HelloUsenix.class HelloUsenix.java demo.jar
HelloUsenix.html META-INF/

puffin% cd META-INF

puffin% ls
MANIFEST.MF MRMSIG.DSA MRMSIG.SF

directive files:

#! /bin/sh
# This is a shell archive, meaning:
# 1. Remove everything above the #! /bin/sh line.
# 2. Save the resulting text in a file.
# 3. Execute the file with /bin/sh (not csh) to create:
# cert_directive
# sign_directive
# This archive created: Mon Dec 16 18:28:27 1996
# By: Marianne Mueller ()
export PATH; PATH=/bin:/usr/bin:$PATH
if test -f 'cert_directive'
then
echo shar: "will not over-write existing file 'cert_directive'"
else
cat << \SHAR_EOF > 'cert_directive'
#
# 96/11/11 @(#)cert_directive 1.3
#

#
# This is a sample certificate directive file.
#

# the id of the signer

issuer.name=mrm

# the cert to use for the signing (this is where it gets it DN)

issuer.cert=1

# the id of the subject

subject.name=mrm

# the components of the X500 name for the subject

subject.real.name=Marianne Mueller
subject.org.unit=JavaSoft
subject.org=Sun MicroSystems
subject.country=US

# Various parameters: start and end date for validity and expiration
# of the certificate. Serial number. FIle to which to output the
# certificate (optional).

start.date=10 Dec 1996
end.date=1 Sept 1997
serial.number=1001
out.file=mrm.x509

SHAR_EOF
fi
if test -f 'sign_directive'
then
echo shar: "will not over-write existing file 'sign_directive'"
else
cat << \SHAR_EOF > 'sign_directive'
#
# 96/09/22 @(#)sigdir 1.1
#

#
# Jar signing directive. This is the directive file used by javakey to
# sign a jar file.
#

# Which signer to use. This must be in the system's database.

signer=mrm

# Cert number to use for this signer. This determines which
# certificate will be included in the PKCS7 block. This is mandatory
# and is 1 based.

cert=1

# Cert chain depth of a chain of certificate to include. This is
# currently not supported.

chain=0

# The name to give to the signature file and associated signature
# block. (i.e. DUKESIGN.SF and DUKESIGN.DSA). This must be 8
# characters or less.

signature.file=mrmSig

SHAR_EOF
fi
exit 0
# End of shell archive