[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [iaik-ssl] Certification verification



Thanks for the reply.
Can I make the assumption that if the public key of the server certificate
is 1024 bits,
then the certificate strength would be at least 128 bits. Or is that not a
valid assumption.

-----Original Message-----
From: Dieter Bratko [mailto:Dieter.Bratko@iaik.at]
Sent: Tuesday, December 04, 2001 3:52 AM
To: Taqvi, Syed [IT]; iaik-ssl@iaik.at
Subject: AW: [iaik-ssl] Certification verification


Hello,

you may get the key length by doing something like:
     
    X509Certificate[] certs = sslSocket.getPeerCertificateChain();
    if (certs != null) {
      PublicKey publicKey = certs[0].getPublicKey(); 
      int keyLength = -1;
      if (publicKey instanceof java.security.interfaces.RSAPublicKey) {
        keyLength  = ((RSAPublicKey) key).getModulus().bitLength() ;
      } else if (publicKey instanceof java.security.interfaces.DSAPublicKey)
{
        keyLength = ((DSAPublicKey) key).getParams().getP().bitLength() ;
      } else if (publicKey instanceof javax.crypto.interfaces.DHPublicKey) {
        keyLength = ((DHPublicKey) key).getParams().getP().bitLength() ;
      }
    }

However, since you speak of 128 bits I assume you mean the strengh of the
cipher key used to encrypt the data. If so, you only may ensure that you
only offer cipher suites using a symmetric key of >= 128 bits.

Regards,
Dieter Bratko 

-----Ursprüngliche Nachricht-----
Von: iaik-ssl-owner@iaik.tu-graz.ac.at
[mailto:iaik-ssl-owner@iaik.tu-graz.ac.at]Im Auftrag von Taqvi, Syed
[IT]
Gesendet: Mittwoch, 28. November 2001 16:33
An: 'iaik-ssl@iaik.at'
Betreff: [iaik-ssl] Certification verification


Hello,
I want to make sure that the certificate that I am getting from the server
is at least 128 bits. My understanding is that
I need to extend the ChainVerifier class and override the verifyCertificate
method.
But I can not figure out how to get the certificate strength information
from the certificate.
any help will be appreciated.


--
Mailinglist-archive at
http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content:
UNSUBSCRIBE iaik-ssl
 

--
Mailinglist-archive at http://jcewww.iaik.at/mailarchive/iaik-ssl/sslthreads.html

To unsubscribe send an email to listserv@iaik.at with the folowing content: UNSUBSCRIBE iaik-ssl