[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-ssl]cu|| IAIK and Corba/VisiBroker



Hello,

toPemString() works correctly; it creates a PEM string bound by

-----BEGIN <algorithm> PRIVATE KEY-----
...
-----END <algorihtm> PRIVATE KEY-----

Perhaps VisiBroker requires different start/end delimiter (e.g.
"-----BEGIN ENCRYPTED PRIVATE KEY-----" for a PKCS#8 encrypted
key) or requires a special key format or (if encrypted) encryption
algorithm.

Regards,
Dieter Bratko

-----Ursprungliche Nachricht-----
Von: iaik-ssl-owner@iaik.at [mailto:iaik-ssl-owner@iaik.at]Im Auftrag
von Oliver Christophliemk
Gesendet: Dienstag, 29. Janner 2002 09:47
An: iaik-ssl@iaik.at
Betreff: [iaik-ssl]cu|| IAIK and Corba/VisiBroker


Hey,
I use JDK 1.3.1 with VisiBroker 4.5/Security Service 4.5. I use IAIK as
a JCE-Service-Provider, and manage my certificates/keys/keystores with
the IAIK API. (Non-SSL-)Corba applications as well as the SSL-Example in
the Security-Documentation (with Sun as provider) work well.

In order to get the correct byte-arrays for the setPKprincipal()-method
in my applications, I use the static methods

String iaik.utils.Util.toPemString(PrivateKey key)
String iaik.utils.Util.toPemString(Certificate certificate)

Both returned Strings look OK. I call getBytes() to get the byte-arrays,
exactly as in the example. When I call setPKprincipal(), the pem-coded
certificate is read correctly, but the pem-coded key is not: I get a
org.omg.CORBA.BAD_PARAM: minor code: 9002 Exception, which means "There
is an error parsing the key".

The questions are:

a) Is String iaik.utils.Util.toPemString(PrivateKey key) not working
   correctly or ...
b) is setPKprincipal(...) not working correctly???

As the example works well with the SUN-Provider, it looks like the error
is with AIAK. But does anybody know a way to produce the correct
pem-coded-byte-arrays (for the keys and certificates) with just using
the SUN-implementation (I want to use some kind of keystore, and not
hardcoded strings as in the example). I could not even find a way to
convert a Certificate in a pem-coded-string ...

Thanks a lot in advance
Olli C.
--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-ssl


--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl