javakey doesn't work???

Dirk Ulrich (Dirk.Ulrich@gmx.de)
Mon, 7 Dec 1998 11:01:51 -0000

This is a multi-part message in MIME format.

------=_NextPart_000_001F_01BE21D0.FE99D080
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0020_01BE21D0.FE9CDDC0"

------=_NextPart_001_0020_01BE21D0.FE9CDDC0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

In section 4 "Example certificate directive file" you took "duke" as the =
subject name but then continue with subject.real.name=3D Marianne =
Mueller. Is this correct???

I also have a problem using javakey to generate a certificate and run a =
signed applet in a browser, respectively.
I ever receive such messages in the Java Console:

# Error: Invalid Hash of this JAR entry (-7882)
# jar file: C:\TEMP\jzip11DR.TMP
# path: PrintCanvas.class
# Error: Strange PKCS7 or RSA failure (-7881)
# jar file: C:\TEMP\jzip11DR.TMP
# path: C:\TEMP\jzip11DR.TMP
# Error: loading of signatures has failed (-1)
# jar file: C:\TEMP\jzip11DR.TMP
# path: /pmd/test/

(This happens when signer =3D=3D identity =3D=3D 'ulrich'.)

However, when trying to use different issuer and subject I have the =
problem to not have a public key for the subject!

1. javakey -cs sdc true
2. javakey -gk sdc DSA 1024 sdc.key.public sdc.key.public
3. javakey -c ulrich true
4. javakey -gc ulrichCertDirective
--> this step fails!!! ... and I don't know why!
The message: ulrich[identitydb.obj][trusted] does not have a =
public key.
=3D=3D> How can I create a public key for an identity (not a =
signer!) since "javakey -gk ..." is to be used for generating a key pair =
for the SIGNER!

By the way javakey -ld results in:
ulrich[identitydb.obj][trusted]
no public key
no certificates
No further information available.

sdc[identitydb.obj]
public and private keys initialized
certificates:
certificate 1 for : CN=3DSDC ...
(--> This one I've created with issuer =3D=3D subject =3D=3D 'sdc' =
!!!)
No further information available.

How can I generate a certificate individually for any identity like =
'ulrich'???

Here's my certificate and signature directive which I've used to try to =
create a certificate for an identity authenticated by the signer 'sdc' =
and what fails:

a) certificate directive
#Name des Zertifikators
issuer.name=3Dsdc
issuer.cert=3D1
#Name und Informationen zur zertifizierenden Person
subject.name=3Dulrich
subject.real.name=3DDirk Ulrich
subject.org=3DSDC
subject.org.unit=3DDevelopment
subject.country=3DGermany
#Angaben =FCber die Dauer des Zertifikats
start.date=3D1 Dec 1998
end.date=3D1 Dec 1999
serial.number=3D1
#Name der Datei, in der das Zertifikat gespeichert wird
out.file=3DCert.cert

b) signature directive
#Name des Unterzeichners
signer=3Dsdc
#Nummer des Zertifikats, von javakey der Zertifizierung des =
Unterezeichners zugewiesen
cert=3D1
#Baumtiefe der einzubindenden Zertifikate (z.Zt. nicht unterst=FCtzt)
chain=3D0
#Name der Signature-Datei
signature.file=3DulrichS
#Name des zu erzeugenden Archives
out.file=3DSignedPrintApplet.jar
signature.file=3DwriteSig

I'd appreciate if you could show me the steps which I have to do:
- create a signer (sdc)
- create an identity (ulrich)
- generate a key pair for the signer (issuer =3D=3D sdc)
- generate a public key for the identity
- generate a certificate
- sign a jar file

Attached you'll find the tiny program which simply should print out a =
graphic on the clients local printer as well as the relating HTML page.

Thank you very much for your help.

Kind regards,

Dirk Ulrich Dipl.-Inf.(FH)
fon: +49-30-40 53 61-75
fax: +49-30-40 53 61-85
d.ulrich@sdc.de

------=_NextPart_001_0020_01BE21D0.FE9CDDC0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">

In section 4 "Example = certificate directive=20 file" you took "duke" as the subject name but then = continue with=20 subject.real.name=3D Marianne Mueller. Is this correct???
 
I also have a problem using javakey = to generate=20 a certificate and run a signed applet in a browser, = respectively.
I ever receive such messages in the = Java=20 Console:
 
# Error: Invalid Hash of this JAR entry (-7882)
# = jar file:=20 C:\TEMP\jzip11DR.TMP
# path:     = PrintCanvas.class
#=20 Error: Strange PKCS7 or RSA failure (-7881)
# jar file:=20 C:\TEMP\jzip11DR.TMP
# path:    =20 C:\TEMP\jzip11DR.TMP
# Error: loading of signatures has failed = (-1)
# jar=20 file: C:\TEMP\jzip11DR.TMP
# path:    =20 /pmd/test/
 
(This happens when signer =3D=3D identity =3D=3D=20 'ulrich'.)
 
However, when trying to use different issuer and = subject I=20 have the problem to not have a public key for the subject!
 
1. javakey -cs sdc true
2. javakey -gk sdc DSA 1024 sdc.key.public=20 sdc.key.public
3. javakey -c ulrich true
4. javakey -gc ulrichCertDirective
    -->=20 this step fails!!! ... and I don't know why!
    The=20 message:    ulrich[identitydb.obj][trusted] does not have = a=20 public key.
    =3D=3D>=20 How can I create a public key for an identity (not a signer!) since=20 "javakey -gk ..." is to be used for generating a key pair for = the=20 SIGNER!
 
By the way javakey -ld results = in:
ulrich[identitydb.obj][trusted]
        no public = key
        no=20 certificates
        No=20 further information available.
 
sdc[identitydb.obj]
        public and private = keys=20 initialized
       =20 certificates:
       =20 certificate 1    for    = :    CN=3DSDC=20 ...
    (--> This one = I've created=20 with issuer =3D=3D subject =3D=3D 'sdc' !!!)
        No=20 further information available.
 
How can I generate a certificate = individually=20 for any identity like 'ulrich'???
 
Here's my certificate and signature directive which = I've used=20 to try to create a certificate for an identity authenticated by the = signer 'sdc'=20 and what fails:
 
a) certificate directive
#Name des=20 Zertifikators
issuer.name=3Dsdc
issuer.cert=3D1
#Name und = Informationen zur=20 zertifizierenden = Person
subject.name=3Dulrich
subject.real.name=3DDirk=20 Ulrich
subject.org=3DSDC
subject.org.unit=3DDevelopment
subject.c= ountry=3DGermany
#Angaben=20 über die Dauer des Zertifikats
start.date=3D1 Dec = 1998
end.date=3D1 Dec=20 1999
serial.number=3D1
#Name der Datei, in der das Zertifikat = gespeichert=20 wird
out.file=3DCert.cert
 
b) signature directive
#Name des=20 Unterzeichners
signer=3Dsdc
#Nummer des Zertifikats, von javakey = der=20 Zertifizierung des Unterezeichners zugewiesen
cert=3D1
#Baumtiefe = der=20 einzubindenden Zertifikate (z.Zt. nicht = unterstützt)
chain=3D0
#Name=20 der Signature-Datei
signature.file=3DulrichS
#Name des zu = erzeugenden=20 Archives
out.file=3DSignedPrintApplet.jar
signature.file=3DwriteSig=
 
I'd appreciate if you could show me = the steps=20 which I have to do:
- create a signer (sdc)
- create an identity (ulrich)
- generate a key pair for the signer (issuer =3D=3D=20 sdc)
- generate a public key for the = identity
- generate a certificate
- sign a jar file
 
Attached you'll find the tiny program which simply = should=20 print out a graphic on the clients local printer as well as the relating = HTML=20 page.
 
Thank you very much for your = help.
 
Kind regards,
 
Dirk Ulrich Dipl.-Inf.(FH)
fon: = +49-30-40 53=20 61-75
fax: +49-30-40 53 61-85
d.ulrich@sdc.de
------=_NextPart_001_0020_01BE21D0.FE9CDDC0-- ------=_NextPart_000_001F_01BE21D0.FE99D080 Content-Type: text/html; name="PrintApplet.html" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="PrintApplet.html" Autogenerated HTML

------=_NextPart_000_001F_01BE21D0.FE99D080
Content-Type: application/octet-stream;
name="PrintApplet.java"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="PrintApplet.java"

aW1wb3J0IGphdmEuYXd0Lio7CmltcG9ydCBqYXZhLmFwcGxldC4qOwppbXBvcnQgamF2YS5hd3Qu
ZXZlbnQuKjsKCi8vaW1wb3J0IG5ldHNjYXBlLnNlY3VyaXR5Lio7CgpwdWJsaWMgY2xhc3MgUHJp
bnRBcHBsZXQgZXh0ZW5kcyBBcHBsZXQgaW1wbGVtZW50cyBBY3Rpb25MaXN0ZW5lcgp7CiAgICBQ
cmludENhbnZhcyBjYW52YXM7CgogICAgcHVibGljIHZvaWQgaW5pdCgpIHsKICAgICAgICAKICAg
ICAgICBjYW52YXMgPSBuZXcgUHJpbnRDYW52YXMoKTsKICAgICAgICBhZGQoIkNlbnRlciIsIGNh
bnZhcyk7CgogICAgICAgIEJ1dHRvbiBiID0gbmV3IEJ1dHRvbigiUHJpbnQiKTsKICAgICAgICBi
LnNldEFjdGlvbkNvbW1hbmQoInByaW50Iik7CiAgICAgICAgYi5hZGRBY3Rpb25MaXN0ZW5lcih0
aGlzKTsKICAgICAgICBhZGQoIlNvdXRoIiwgYik7CiAgICB9CgogICAgcHVibGljIHZvaWQgYWN0
aW9uUGVyZm9ybWVkKEFjdGlvbkV2ZW50IGUpIHsKICAgICAgICBTdHJpbmcgY21kID0gZS5nZXRB
Y3Rpb25Db21tYW5kKCk7CiAgICAgICAgaWYgKGNtZC5lcXVhbHMoInByaW50IikpIHsKLy8JUHJp
dmlsZWdlTWFuYWdlci5lbmFibGVQcml2aWxlZ2UoIlVuaXZlcnNhbFByaW50Sm9iQWNjZXNzIik7
CiAgICAKICAgICAgICAgICAgUHJpbnRKb2IgcGpvYiA9IGdldFRvb2xraXQoKS5nZXRQcmludEpv
YihudWxsLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIlByaW50aW5nIFRlc3QiLCBu
dWxsKTsKICAgICAgICAgICAgaWYgKHBqb2IgIT0gbnVsbCkgewogICAgICAgICAgICAgICAgR3Jh
cGhpY3MgcGcgPSBwam9iLmdldEdyYXBoaWNzKCk7CgogICAgICAgICAgICAgICAgaWYgKHBnICE9
IG51bGwpIHsKICAgICAgICAgICAgICAgICAgICBjYW52YXMucHJpbnRBbGwocGcpOwogICAgICAg
ICAgICAgICAgICAgIHBnLmRpc3Bvc2UoKTsgLy8gZmx1c2ggcGFnZQogICAgICAgICAgICAgICAg
fQogICAgICAgICAgICAgICAgcGpvYi5lbmQoKTsKCiAgICAgICAgICAgIH0KICAgICAgICB9CiAg
ICB9Cn0KCi8vLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KCgpjbGFzcyBQcmludENhbnZhcyBleHRlbmRz
IENhbnZhcyB7CgogICAgcHVibGljIERpbWVuc2lvbiBnZXRQcmVmZXJyZWRTaXplKCkgewogICAg
ICAgIHJldHVybiBuZXcgRGltZW5zaW9uKDEwMCwgMTAwKTsKICAgIH0KCiAgICBwdWJsaWMgdm9p
ZCBwYWludChHcmFwaGljcyBnKSB7CiAgICAgICAgUmVjdGFuZ2xlIHIgPSBnZXRCb3VuZHMoKTsK
CiAgICAgICAgZy5zZXRDb2xvcihDb2xvci55ZWxsb3cpOwogICAgICAgIGcuZmlsbFJlY3QoMCwg
MCwgci53aWR0aCwgci5oZWlnaHQpOwoKICAgICAgICBnLnNldENvbG9yKENvbG9yLmJsdWUpOwog
ICAgICAgIGcuZHJhd0xpbmUoMCwgMCwgci53aWR0aCwgci5oZWlnaHQpOwoKICAgICAgICBnLnNl
dENvbG9yKENvbG9yLnJlZCk7CiAgICAgICAgZy5kcmF3TGluZSgwLCByLmhlaWdodCwgci53aWR0
aCwgMCk7CiAgICB9Cn0KCg==

------=_NextPart_000_001F_01BE21D0.FE99D080--