From: babujm@wipsys.soft.net ( J Mathan Babu Wipro Systems 11912)
Message-Id: <199703210039.TAA15712@kmglmail.wipsys.soft.net>
Subject: Help with
To: java-security@java
Date: Thu, 20 Mar 1997 19:39:46 -0500 (GMT)
Hi Folks,
I need help.
I am doing the following.
1. Reading a file which has a certificate in X.509 format
2. Creating a public and private key using your KeyPairGenerator class
3. Now signing the X.509 certificate
4. Verifying the certificate which was just signed...? (It gives false
on verification).
With this mail, I have attached the code as well as the X.509 certificate.
Could you please tell me if I have done anything stupid...?
Thanks in advance...
cheers
Mathan
-----------------------X.509 Certificate starts ------------------
#
# Information about the issuer (required).
#
issuer.name=mottai
#
# The certificate to use for the signing (required if this is not self-signed).
#
issuer.cert=1
#
# Information about the subject (required).
#
subject.name=mottai
subject.real.name=Mathan Babu
subject.org.unit=CAT
subject.org=Wipro Systems
subject.country=India
#
# Information about the certificate (required).
#
start.date=1 Dec 1996
end.date=30 Dec 1997
serial.number=1001
#
# Name of the file to which to save a copy of the certificate (optional).
#
out.file=new.cer
------------------------------------end of X.509 Certifcate--------------
-------------begin of java program---------------------------------------
import java.security.*;
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
class CheckSign {
public static void main(String args[]){
try{
//Now let us read the certificate from the file.
File file = new File("Certificate");
FileInputStream fis = new FileInputStream(file);
byte[] b = new byte[1000];
int readSoFar;
String cert;
StringBuffer sb = new StringBuffer();
while (fis.available() > 0){
readSoFar = fis.read(b);
if (readSoFar > 0)
sb.append(new String(b,0,readSoFar));
}
cert = sb.toString();
System.out.println(cert);
//generate keys
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
kpg.initialize(512);
KeyPair kp = kpg.generateKeyPair();
PublicKey pubKey = kp.getPublic();
PrivateKey privKey = kp.getPrivate();
System.out.println("The public key..." + pubKey);
System.out.println("The private key..." + privKey);
//now sign a signature
Signature sign1 = Signature.getInstance("DSA");
sign1.initSign(privKey);
sign1.update(cert.getBytes());
byte[] signed = sign1.sign();
System.out.println("The certificate is");
System.out.println(signed);
//now check if that is correct
Signature sign2 = Signature.getInstance("DSA");
sign2.initVerify(pubKey);
if (sign2.verify(signed))
System.out.println("This is a valid signature");
else
System.out.println("This is not valid");
} catch (NoSuchAlgorithmException e){
System.out.println("The error is " + e.getMessage());
e.printStackTrace();
}
catch (IOException e){
System.out.println("The error is " + e.getMessage());
e.printStackTrace();
}
catch (InvalidKeyException e){
System.out.println("The error is " + e.getMessage());
e.printStackTrace();
}
catch (SignatureException e){
System.out.println("The error is " + e.getMessage());
e.printStackTrace();
}
}
}
------------------end of CheckSign.java----------------------------