[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-jce] V3 extensions

You should not use UnknownExtension for implementing private extensions.
Rather extend the
V3Extension class for each extension you´re wishing to implement. When doing
so, implement the abstract toASN1Object() method in a way that it returns an
ASN.1 representation of
your extension (do not include the critical specification and the OID in the
ASN.1 representation). The, for instance, KeyUsage extension is defined as:

KeyUsage ::= BIT STRING

     digitalSignature        (0),
    nonRepudiation          (1),
    keyEncipherment         (2),
    dataEncipherment        (3),
     keyAgreement            (4),
    keyCertSign             (5),
    cRLSign                 (6),
    encipherOnly            (7),
   decipherOnly            (8) }

and so the toASN1Object() method of the KeyUsage class just returns a
BIT_STRING with the value that has been set when creating the KeyUsage
object. In the same way, the ASN1Object supplied for the init(..) method of
the KeyUsage extension will be a BIT_STRING object.

In this way, you may proceed as follows: define an ASN.1 representation for
your private extension properly representing your string,  e.g.:

      MyPrivateExtension  ::= PrintableString,

and subsequently write a new class for this extension (by extending
V3Extension) and statically set the OID. Use the toASN1Object() method for
returning the ASN.1 representation you have defined (you also must include
the empty default constructor for
dynamic object generation), e.g.:

MyPrivateExtension  extends iaik.x509.V3Extension {

    public static oid = new ObjectIdentifier("...", "...");

    private String value;

    public MyPrivateExtension() {

    public MyPrivateExtension(String value) {
       this.value = value;

    public String getValue() {
      return this.value;

    public ASN1Object toASN1Object() {
       return new IA5StringString(value);


   public void init(ASN1Object obj) {
      value = (String)obj.getValue();



  public ObjectID getObjectID() {
    return oid;


  public int hashCode() {
    return oid.hashCode();


  public String toString() {


For using your new extension in the way accustumed from the standard
extensions, statically register it in class X509Extensions:

X509Extensions.register(MyPrivateExtension.oid, MyPrivateExtension.class);

Dieter Bratko
-----Ursprüngliche Nachricht-----
Von: iaik-jce-owner@iaik.tu-graz.ac.at
[mailto:iaik-jce-owner@iaik.tu-graz.ac.at]Im Auftrag von Aaron Haspel
Gesendet: Montag, 21. August 2000 17:56
An: iaik-jce@iaik.tu-graz.ac.at
Betreff: [iaik-jce] V3 extensions

I'm having trouble writing V3 certificates to a .cer file.  I have no
trouble creating a certificate from a file and adding a V3 extension.
Here's my code to add the extension:

  public void addCustomExtension()
      byte[] randomBytes = (initialize a bag of bytes here);
      OCTET_STRING verificationBytes =
          new OCTET_STRING(randomBytes);
      V3Extension randomExtension = new UnknownExtension(new
      System.out.println("version = "  + m_cert.getVersion());
    catch (X509ExtensionException xee)
      // some handling
    catch (CxEnigmaException cee)
      // more handling

The System.out.println call at the end returns "version = 3", indicating
that the extension has been added successfully.  But when I write the
revised certificate to a file with the following code:

  public void writeToFile(String i_fileName, X509Certificate i_cert)
    FileOutputStream fos = null;
      File certificateFile = new File(i_fileName);
      fos = new FileOutputStream(certificateFile);
    catch (Exception e)
      catch (IOException ioe)
        // handle it here

 it writes ok (without an error), but I end up with V1 certificate, not a
V3.  In other words it appears to ignore my added extension.  Any help would
be greatly appreciated.

Aaron Haspel