[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-jce] Cert Request usage extensions



Hello,

there is no standard way how to include a key usage extension into a PKCS#10
request.

However, when creating an Attribute you will have to provide the OID, e.g.:

Attribute attribute =
  new Attribute(KeyUsage.oid, new ASN1Object[] { keyUsage.toASN1Object() });
request.addAttribute(attribute);

Use constructor Attribute(ASN1Object) only for creating an ASN1Object from
an already existing Attribute given as ASN.1 object.


Regards,
Dieter Bratko

-----Ursprüngliche Nachricht-----
Von: iaik-jce-owner@iaik.tu-graz.ac.at
[mailto:iaik-jce-owner@iaik.tu-graz.ac.at]Im Auftrag von Kevin Crosbie
Gesendet: Montag, 2. Oktober 2000 21:38
An: IAIK (E-Mail)
Betreff: [iaik-jce] Cert Request usage extensions


Hi,

I am trying to set the keyusage extension on my CertificateRequest using the
following code:

	KeyUsage keyU = new KeyUsage(KeyUsage.digitalSignature |
KeyUsage.nonRepudiation);
	keyU.setCritical(true);
	cert_request.addAttribute(new Attribute(keyU.toASN1Object()));

I get the following exception when trying to sign the cert request:

ASN1: BIT STRING does not support getComponentAt(int)!

Am I going about this the right way?   How is this extension set?

Best Regards,

Kevin Crosbie

Security Consultant
TradePayment.com
--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-jce/jcethreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-jce




***************************************************************************
*                                                                         *
* IAIK S/MIME Mapper Security Info                                        *
* ===================================                                     *
*                                                                         *
* for message:                                                            *
*   From: "Dieter Bratko" <Dieter.Bratko@iaik.at>                         *
*   Date: Tue, 3 Oct 2000 09:29:09 +0200                                  *
*   Subject: AW: [iaik-jce] Cert Request usage extensions                 *
*                                                                         *
* Message S/MIME properties:                                              *
*                                                                         *
*   Encrypted using:    not encrypted                                     *
*                                                                         *
*   Digitally signed:   yes                                               *
*   Signature valid:    yes                                               *
*   Signature trusted:  yes                                               *
*                                                                         *
*                                                                         *
* Compliance with policy for email addresses *@iaik.at:                   *
*                                                                         *
*   Encryption:         OK (None or better required)                      *
*                                                                         *
*   Digital Signature:  OK (digital signature required)                   *
*                                                                         *
***************************************************************************