[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] Certificate request attributes



Martin,

You must add the extensions before signing the certificate.

Otherwise anyone can change your extensions on your cert, without regard
to them being checked with the signature.

Try adding then signing.

Gil Peeters.

Martin Micek wrote:
> 
> Hello everybody,
> 
> I have the following problem with certificate request attributes in IAIK
> library.
> 
> I want to create a certificate with extensions. I want enter these
> extensions
> to certificate request as extended certificate attributes.
> 
> When I create a certificate request and add these attributes, everything is
> OK,
> certificate has the attributes. (toString() returns Attributes: yes)
> 
> But when I write this request to byte array or to a stream and I read it
> back to Java object,
> it contains no attributes.
> 
> Has somebody any idea how to solve this problem?
> 
> Thanks for your help.
> 
> Martin Micek
> 
> P.S.
> I enclose a little example how I created the certificate request.
> 
>  <<TestIAIK.java>>
> 
>   ------------------------------------------------------------------------
> 
>    TestIAIK.javaName: TestIAIK.java
>                 Type: unspecified type (application/octet-stream)

-- 
-----------------------------------------------------------------------
Gil Peeters
b.v.b.a CANCAS I.T.
-----------------------------------------------------------------------
--
Mailinglist-archive at http://jcewww.iaik.tu-graz.ac.at/mailarchive/iaik-jce/maillist.html

To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the folowing content: UNSUBSCRIBE iaik-jce