Re: certificate request

Hemma Prafullchandra (Hemma.Prafullchandra@Eng)
Mon, 13 Oct 1997 14:28:36 -0700 (PDT)

Date: Mon, 13 Oct 1997 14:28:36 -0700 (PDT)
From: Hemma Prafullchandra <Hemma.Prafullchandra@Eng>
Subject: Re: certificate request
To: Jan.deRijke@uniway.be

Hello Jan,

--> Is there currently API support for requesting a certificate from
--> a web certificate server like verisign or entrust WebCA,
--> using PKCS#11?
--> Is something planned?
We do not have support for PKCS#11 (token api) in the JDK.
We do support PKCS#10 (certification request syntax) in the
sun package and in the soon to be released JDK - our keytool
does support generation of a PKCS#10 request that you could
send to a CA.

--> Are there plans to provide interfaces to request a certificate using
--> PKIX#3?
PKIX#3 == Diffie-Hellman Key-Agreement Standard. There is no support in
the JDK for this. We do support Diffie-Hellman in the JCE. Please see
http://java.sun.com/security/JCE1.2/earlyaccess/index.html for the JCE
apis. There are no agreed upon format for requesting a certificate
for DH keys; however a variation of PKCS#10 can be used.
We currently do not plan on providing DH certification request support
in the JCE.

--> Or should I expect all this from a security provider?
-->
If you're supplying the provider :)

Regards,
Hemma Prafullchandra
JavaSoft Security Group