[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [iaik-jce] getTBSCertificate

The getTBSCertificate method was intended to be used for getting the TBS
structure from a received and parsed certificate. However, we will change
this so that it  also may be used when creating a new certificate. Since you
need access before signature calculation we also have to include a method
like setSignatureAlgorithm to provide the possibility to set the algorithm
required for the TBS structure before signing the certificate. It is your
responsibility to ensure that the algorithm provided with this method is the
same as supplied when signing the certificate by means of method
sign(AlgorithmID, PrivateKey). Class X509CRL already contains a method
setSignatureAlgorithm and the sign method only looks for the private key. So
for X509CRL only method getTBSCertList has to changed to allow getting the
TBS structure before signing the crl.

Dieter Bratko

----- Original Message -----
From: Keith Wiseman <keith@digsigtrust.com>
To: <iaik-jce@iaik.tu-graz.ac.at>
Sent: Monday, December 20, 1999 10:59 PM
Subject: [iaik-jce] getTBSCertificate

> I have a need to get the TBSCertificate and TBSCertList structures from
> X509Certificate and X509CRL, respectively, before signing them.
> Currently these methods (getTBSCertificate and getTBSCertList) only work
> after the Certificate or CRL has been signed.
> If getTBSCertificate() is called before sign() has been called I get:
> java.security.cert.CertificateEncodingException:
> iaik.asn1.CodingException: Cannot parse data from a null object!
> The error for X509CRL is nearly identical.
> Is there any chance this can and will be fixed?
> Thanks,
> Keith
> --
> Mailinglist-archive at
> To unsubscribe send an email to listserv@iaik.tu-graz.ac.at with the
folowing content: UNSUBSCRIBE iaik-jce