[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] AlgorithmID



Hello.

Zahid Ahmed wrote:

> You have test code for this problem?
>
> what version iaik jce you use?
>
> > -----Original Message-----
> > From: Lucia Bonelli [mailto:bonelli@mail.eng.it]
> > Sent: Tuesday, June 08, 1999 9:50 AM
> > To: iaik-jce@iaik.tu-graz.ac.at
> > Subject: [iaik-jce] AlgorithmID
> >
> >
> > Hello.
> > I made a certificate request to Netscape Certificate Server,
> > by building
> > the SignedPublicKeyAndChallenge. I set the public key algorithm of
> > subjectPublicKeyInfo to iaik.asn1.structures.algorithmID.rsa.
> > When the certificate server receive the certificate request, it
shows
> > the following response in the subjectPublicKeyInfo section:
> >
> > Subject Public Key Info:
> >                 Algorithm: UNKNOWN OBJECT IDENTIFIER
> >                 oid contents:
> >                     55:08:01:01
> >                 Public Key (DER):
> >
> > 30:5a:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:49:
> > 00:30:46:02:41:00:be:a1:0c:99:c5:50:b1:52:a7:f1:7a:ef:b7:
> > 07:f4:9a:50:cc:14:08:18:67:a8:e5:2f:8d:c6:96:68:6c:64:56:
> > b0:66:b4:3d:63:0e:e9:94:29:e1:3b:bb:b6:fe:fa:fe:79:8b:e0:
> > 78:9b:03:86:90:c0:90:2e:41:8e:73:d0:7f:02:01:07
> >
> > Then I tryed to read the certificate issued with the following code:

> >
> > iaik.x509.X509Certificate cert = new
> > iaik.x509.X509Certificate(Util.readFile(certFile));
> >
> > where certFile contains the certificate issued in PEM format.
> >
> > But I get the following exception:
> >
> > java.security.cert.certificateException: Can't parse PublicKeyInfo.
> >
> > Can you help about this problem? Can I make a certificate request to

> > Netscape Certificate Server in other ways?
> >
> > Thank you in advance, Lucia
> >
> > Mailinglist-archive at
> > http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist

I used  IAIK-JCE 2.5 final version.
The code is the following:

////keys generation

KeyPairGenerator generator =
          KeyPairGenerator.getInstance("RSA","IAIK");
SecureRandom random = new SecureRandom();
generator.initialize(1024, random);
KeyPair keys = generator.generateKeyPair();

/////SignedPublicKeyAndChallenge structure as ASN1 SEQUENCE

//Asn1 object to build  SubjectPublicKeyInfo as SEQUENCE
SEQUENCE asn1Pki = new SEQUENCE();
asn1Pki.addComponent(AlgorithmID.rsa.toASN1Object());
byte[] pubKey = keys.getPublic().getEncoded();
asn1Pki.addComponent(new BIT_STRING(pubKey));

//Challenge
IA5String challenge = new IA5String("challenge");

//PublicKeyAndChallenge as SEQUENCE
SEQUENCE seqPkac = new SEQUENCE();
seqPkac.addComponent(asn1Pki);
seqPkac.addComponent(challenge);

 //Signature of PublicKeyAndChallenge
 Signature md5_rsa = Signature.getInstance("MD5/RSA");
md5_rsa.initSign(keys.getPrivate());
md5_rsa.update(DerCoder.encode(seqPkac));
byte[] signByte = md5_rsa.sign();
BIT_STRING signature = new BIT_STRING(signByte);

//SignedPublicKeyAndChallenge as SEQUENCE
SEQUENCE seqSignPkac = new SEQUENCE();
seqSignPkac.addComponent(seqPkac);
seqSignPkac.addComponent(AlgorithmID.md5WithRSAEncryption.toASN1Object());

seqSignPkac.addComponent(signature);

byte[ ] PKAC = DerCoder.encode(seqSignPkac);

Then, PKAC  is used, together with other data, to build the URL sent to
Netscape Certificate Server.

Thanks in advance

--
Lucia Bonelli
Engineering Ingegneria Informatica SpA
Laboratorio Ricerca & Sviluppo
Viale del Castro Pretorio, 116
00185 Roma Italia
Tel. +39 06 44741123


--
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-jce