[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Antwort: [iaik-jce] Signing jar with private key from a p12



It finally worked. I signed a jar but when I try to use that jar in a
browser (Plugin 1.2.2) it said that META-INF/CENTAUR is not valid.
I think it's because of the jar signed with iaik (propably with rsa) as JRE
only supports DSA.
Is this true?
How can I choose DSA in order to use my P12 cert from cert with the plugin?

JOERN_HEID


-----Original Message-----
From: Wolfgang_Platzer@sonydadc.com
To: Heid Joern
Cc: 'iaik-jce@iaik.tu-graz.ac.at'
Sent: 24.06.99 10:17
Subject: Antwort: [iaik-jce] Signing jar with private key from a p12




Does your cert include a DSA or RSA public key?

Sun's jarsigner tool per default only works for DSA.

You can try to modify the 'java.security' file in directory
<java-install>/jre/lib/security/
to also use the IAIK provider per default:

security.provider.2=iaik.security.provider.IAIK

This registers at least the RSA implementation for creating RSA based
signatures
for the jarsigner.
And don't forget to copy the IAIK libraries to the standard extension
directory:
<java-install>/jre/lib/ext/

Wolfgang






Heid Joern <heid@integraliscentaur.de> on 24.06.99 10:03:46

An:   "'iaik-jce@iaik.tu-graz.ac.at'" <iaik-jce@iaik.tu-graz.ac.at>
Kopie:     (Blindkopie: Wolfgang Platzer)
Thema:    [iaik-jce] Signing jar with private key from a p12






There is a possibility to create a private key with keytool and buy a
cert from Thwate for 200US$ (they say, it's beta state but they want
money for it!). But I already have a cert for Netscape Object Signing as
a p12 file. So I want to import it to keytool and sign a jar file for
Thwate certs are supported in JDK1.2.2.

I used this code:
             Security.insertProviderAt (new IAIK (), 1);
             IAIK.addAsProvider (true);
             PKCS12 p12 = new PKCS12 (new FileInputStream
("e:/programme/java/iaik-jce/sign.p12"));
             p12.decrypt ("fddasd".toCharArray ());
             CertificateBag[] bags = p12.getCertificateBags ();
             PrivateKey privateKey = p12.getKeyBag ().getPrivateKey ();
             KeyStore keyStore = KeyStore.getInstance ("JKS", "SUN");
             keyStore.load (null, null);
             keyStore.setKeyEntry ("centaur", privateKey,
"mfkbm1".toCharArray (), CertificateBag.getCertificates (bags));
             keyStore.store (new FileOutputStream (".keystore"),
"mfkbm1".toCharArray ());

and it worked fine. When I typed

E:\programme\java\IAIK-JCE>keytool -list -alias centaur
Enter keystore password:  mfkbm1
centaur, Sat Jun 19 11:34:02 GMT+01:00 1999, keyEntry,
Certificate fingerprint (MD5):
C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D

it seems to be right but when I try to sign a jar:

E:\programme\java\IAIK-JCE>jarsigner Test.jar centaur
Enter Passphrase for keystore: mfkbm1
jarsigner error: java.security.NoSuchAlgorithmException: Signature not
available

I'm using the newest IAIK-JCE (2.51?), Win NT and JDK1.2.2RC1.
Has anybody successfully imported a p12 to the keystore and has signed a
jar?

JOERN_HEID
--
Mailinglist-archive at
http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the
folowing
content: UNSUBSCRIBE iaik-jce





--
Mailinglist-archive at
http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the
folowing content: UNSUBSCRIBE iaik-jce
 
--
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-jce