[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [iaik-ssl] Certification verification



Hello,

you may get the key length by doing something like:
     
    X509Certificate[] certs = sslSocket.getPeerCertificateChain();
    if (certs != null) {
      PublicKey publicKey = certs[0].getPublicKey(); 
      int keyLength = -1;
      if (publicKey instanceof java.security.interfaces.RSAPublicKey) {
        keyLength  = ((RSAPublicKey) key).getModulus().bitLength() ;
      } else if (publicKey instanceof java.security.interfaces.DSAPublicKey) {
        keyLength = ((DSAPublicKey) key).getParams().getP().bitLength() ;
      } else if (publicKey instanceof javax.crypto.interfaces.DHPublicKey) {
        keyLength = ((DHPublicKey) key).getParams().getP().bitLength() ;
      }
    }

However, since you speak of 128 bits I assume you mean the strengh of the
cipher key used to encrypt the data. If so, you only may ensure that you
only offer cipher suites using a symmetric key of >= 128 bits.

Regards,
Dieter Bratko 

-----Ursprüngliche Nachricht-----
Von: iaik-ssl-owner@iaik.tu-graz.ac.at
[mailto:iaik-ssl-owner@iaik.tu-graz.ac.at]Im Auftrag von Taqvi, Syed
[IT]
Gesendet: Mittwoch, 28. November 2001 16:33
An: 'iaik-ssl@iaik.at'
Betreff: [iaik-ssl] Certification verification


Hello,
I want to make sure that the certificate that I am getting from the server
is at least 128 bits. My understanding is that
I need to extend the ChainVerifier class and override the verifyCertificate
method.
But I can not figure out how to get the certificate strength information
from the certificate.
any help will be appreciated.


--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl
 


--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl