[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] AlgorithmID



The signature is computed over the DER encoded PublicKeyAndChallenge
sequence:
PublicKeyAndChallenge ::= SEQUENCE {
    spki SubjectPublicKeyInfo,
    challenge IA5STRING
 }

So it should help when you forget the asn1Pki structure in your example and
change line

seqPkac.addComponent(asn1Pki);

to

seqPkac.addComponent(DerCoder.decode(pubKey));

Dieter Bratko



-----Ursprüngliche Nachricht-----
Von: Lucia Bonelli <bonelli@mail.eng.it>
An: <iaik-jce@iaik.tu-graz.ac.at>
Gesendet: Mittwoch, 09. Juni 1999 11:13
Betreff: Re: [iaik-jce] AlgorithmID


> Hello.
>
> Zahid Ahmed wrote:
>
> > You have test code for this problem?
> >
> > what version iaik jce you use?
> >
> > > -----Original Message-----
> > > From: Lucia Bonelli [mailto:bonelli@mail.eng.it]
> > > Sent: Tuesday, June 08, 1999 9:50 AM
> > > To: iaik-jce@iaik.tu-graz.ac.at
> > > Subject: [iaik-jce] AlgorithmID
> > >
> > >
> > > Hello.
> > > I made a certificate request to Netscape Certificate Server,
> > > by building
> > > the SignedPublicKeyAndChallenge. I set the public key algorithm of
> > > subjectPublicKeyInfo to iaik.asn1.structures.algorithmID.rsa.
> > > When the certificate server receive the certificate request, it
> shows
> > > the following response in the subjectPublicKeyInfo section:
> > >
> > > Subject Public Key Info:
> > >                 Algorithm: UNKNOWN OBJECT IDENTIFIER
> > >                 oid contents:
> > >                     55:08:01:01
> > >                 Public Key (DER):
> > >
> > > 30:5a:30:0d:06:09:2a:86:48:86:f7:0d:01:01:01:05:00:03:49:
> > > 00:30:46:02:41:00:be:a1:0c:99:c5:50:b1:52:a7:f1:7a:ef:b7:
> > > 07:f4:9a:50:cc:14:08:18:67:a8:e5:2f:8d:c6:96:68:6c:64:56:
> > > b0:66:b4:3d:63:0e:e9:94:29:e1:3b:bb:b6:fe:fa:fe:79:8b:e0:
> > > 78:9b:03:86:90:c0:90:2e:41:8e:73:d0:7f:02:01:07
> > >
> > > Then I tryed to read the certificate issued with the following code:
>
> > >
> > > iaik.x509.X509Certificate cert = new
> > > iaik.x509.X509Certificate(Util.readFile(certFile));
> > >
> > > where certFile contains the certificate issued in PEM format.
> > >
> > > But I get the following exception:
> > >
> > > java.security.cert.certificateException: Can't parse PublicKeyInfo.
> > >
> > > Can you help about this problem? Can I make a certificate request to
>
> > > Netscape Certificate Server in other ways?
> > >
> > > Thank you in advance, Lucia
> > >
> > > Mailinglist-archive at
> > > http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist
>
> I used  IAIK-JCE 2.5 final version.
> The code is the following:
>
> ////keys generation
>
> KeyPairGenerator generator =
>           KeyPairGenerator.getInstance("RSA","IAIK");
> SecureRandom random = new SecureRandom();
> generator.initialize(1024, random);
> KeyPair keys = generator.generateKeyPair();
>
> /////SignedPublicKeyAndChallenge structure as ASN1 SEQUENCE
>
> file://Asn1 object to build  SubjectPublicKeyInfo as SEQUENCE
> SEQUENCE asn1Pki = new SEQUENCE();
> asn1Pki.addComponent(AlgorithmID.rsa.toASN1Object());
> byte[] pubKey = keys.getPublic().getEncoded();
> asn1Pki.addComponent(new BIT_STRING(pubKey));
>
> file://Challenge
> IA5String challenge = new IA5String("challenge");
>
> file://PublicKeyAndChallenge as SEQUENCE
> SEQUENCE seqPkac = new SEQUENCE();
> seqPkac.addComponent(asn1Pki);
> seqPkac.addComponent(challenge);
>
>  file://Signature of PublicKeyAndChallenge
>  Signature md5_rsa = Signature.getInstance("MD5/RSA");
> md5_rsa.initSign(keys.getPrivate());
> md5_rsa.update(DerCoder.encode(seqPkac));
> byte[] signByte = md5_rsa.sign();
> BIT_STRING signature = new BIT_STRING(signByte);
>
> file://SignedPublicKeyAndChallenge as SEQUENCE
> SEQUENCE seqSignPkac = new SEQUENCE();
> seqSignPkac.addComponent(seqPkac);
> seqSignPkac.addComponent(AlgorithmID.md5WithRSAEncryption.toASN1Object());
>
> seqSignPkac.addComponent(signature);
>
> byte[ ] PKAC = DerCoder.encode(seqSignPkac);
>
> Then, PKAC  is used, together with other data, to build the URL sent to
> Netscape Certificate Server.
>
> Thanks in advance
>
> --
> Lucia Bonelli
> Engineering Ingegneria Informatica SpA
> Laboratorio Ricerca & Sviluppo
> Viale del Castro Pretorio, 116
> 00185 Roma Italia
> Tel. +39 06 44741123
>
>
> --
> Mailinglist-archive at
http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist.html
>
> To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the
folowing content: UNSUBSCRIBE iaik-jce
>
>
>


smime.p7s