Date: Mon, 16 Dec 1996 18:30:59 -0800
From: mrm@doppio (Marianne Mueller)
Message-Id: <199612170230.SAA02318@puffin.eng.sun.com>
To: drake@netobjective.com
Subject: Re: javakey problems - JDK1.1b2
> From drake@netobjective.com Mon Dec 16 10:31:34 1996
> Date: Sun, 15 Dec 1996 10:57:54 -0600
> From: drake@netobjective.com (Don Drake)
> MIME-Version: 1.0
> To: mrm@Eng
> Subject: javakey problems - JDK1.1b2
> Content-Transfer-Encoding: 7bit
>
> I'm trying to create a certificates for myself using javakey, and I
> am following the instructions up to the javakey -gc <dircerfile> and I
> get an error "issuer.cert must be specified in the directive file." I
> could not find an example of what this field should be, so I added
> issuer.cert=1 in my directive file. I then retry to create my
> certificate and I get "no such cert: 0". If I change the field to
> anything else I get "date formatted incorrectly".
>
> I'm at a loss of what I should do now. Any ideas?
>
> Thanks.
>
> -Don
> --
> Donald Drake
> E-mail: Donald.Drake@netobjective.com
> Company: NetObjective, P.O. Box 46461, Chicago, IL 60646
> Phone: (708)345-4282
> URL: http://www.netobjective.com
Hi Don,
Hmm, I don't know what the problem is. I was able to create an identity
for myself, create a pair of keys, and use it to sign a JAR file, just now,
using the JDK1.1 beta2 stuff.
Here's a screen dump of what I did followed by a copy of my cert_directive
and sign_direcitive files.
If you can send in a screen dump of your session, we can file a bug
if need be.
One thing you should try, is the brute force method. Delete your previous
identitydb.obj database, and start from scratch. I don't know why it
would be, but perhaps there's some confusion mixing stuff from beta1 and
stuff from beta2.
thanks,
Marianne
screen dump:
puffin% javakey -cs "mrm" true
Operation successful
puffin% javakey -gk "mrm" DSA 512 mrm_pub mrm_priv
Operation successful
puffin% javakey -gc cert_directive
Operation successful
puffin% jar cf demo.jar HelloUsenix*
puffin% javakey -gs sign_directive demo.jar
Operation successful
puffin% mkdir demo
puffin% mv demo.jar.sig demo/demo.jar
puffin% cd demo
puffin% jar xf demo.jar
puffin% ls
HelloUsenix.class HelloUsenix.java demo.jar
HelloUsenix.html META-INF/
puffin% cd META-INF
puffin% ls
MANIFEST.MF MRMSIG.DSA MRMSIG.SF
directive files:
#! /bin/sh
# This is a shell archive, meaning:
# 1. Remove everything above the #! /bin/sh line.
# 2. Save the resulting text in a file.
# 3. Execute the file with /bin/sh (not csh) to create:
# cert_directive
# sign_directive
# This archive created: Mon Dec 16 18:28:27 1996
# By: Marianne Mueller ()
export PATH; PATH=/bin:/usr/bin:$PATH
if test -f 'cert_directive'
then
echo shar: "will not over-write existing file 'cert_directive'"
else
cat << \SHAR_EOF > 'cert_directive'
#
# 96/11/11 @(#)cert_directive 1.3
#
#
# This is a sample certificate directive file.
#
# the id of the signer
issuer.name=mrm
# the cert to use for the signing (this is where it gets it DN)
issuer.cert=1
# the id of the subject
subject.name=mrm
# the components of the X500 name for the subject
subject.real.name=Marianne Mueller
subject.org.unit=JavaSoft
subject.org=Sun MicroSystems
subject.country=US
# Various parameters: start and end date for validity and expiration
# of the certificate. Serial number. FIle to which to output the
# certificate (optional).
start.date=10 Dec 1996
end.date=1 Sept 1997
serial.number=1001
out.file=mrm.x509
SHAR_EOF
fi
if test -f 'sign_directive'
then
echo shar: "will not over-write existing file 'sign_directive'"
else
cat << \SHAR_EOF > 'sign_directive'
#
# 96/09/22 @(#)sigdir 1.1
#
#
# Jar signing directive. This is the directive file used by javakey to
# sign a jar file.
#
# Which signer to use. This must be in the system's database.
signer=mrm
# Cert number to use for this signer. This determines which
# certificate will be included in the PKCS7 block. This is mandatory
# and is 1 based.
cert=1
# Cert chain depth of a chain of certificate to include. This is
# currently not supported.
chain=0
# The name to give to the signature file and associated signature
# block. (i.e. DUKESIGN.SF and DUKESIGN.DSA). This must be 8
# characters or less.
signature.file=mrmSig
SHAR_EOF
fi
exit 0
# End of shell archive