Re: problems with javakey -gc cert_directive command - help?

Marianne Mueller (Marianne.Mueller@eng.sun.com)
Wed, 14 Apr 1999 11:07:13 -0700 (PDT)

Message-Id: <199904141807.LAA17566@shorter.eng.sun.com>
Date: Wed, 14 Apr 1999 11:07:13 -0700 (PDT)
From: Marianne Mueller <Marianne.Mueller@eng.sun.com>
Subject: Re: problems with javakey -gc cert_directive command - help?
To: java-security@java.sun.com, gte083h@prism.gatech.edu

--Herd_of_Buffalo_928_000
Content-Type: TEXT/plain; charset="us-ascii"
Content-MD5: QcnC/Pv4fvV3qOeeNb0STw==
X-Sun-Content-Length: 1693

We recommend you use the Java 2 signing tools, described on
http://java.sun.com/security/signExample12/

(stands for JDK1.2, the former name of Java 2)

javakey is obsoleted but it's still there for people using JDK 1.1.x.

I just tried the example for javakey, and it seems that the
cert_directive example doesn't work any longer. Try using

serial.number=1

instead of

serial.number=1001

(or something else) in the cert_directive file.

this sequence worked for me. (below) cert_directive and sign_directive
attached. BUT you will be much happier with the Java 2 tools!
Really, if you can, use those instead of the JDK 1.1.x tools.

--Marianne

--

% javakey -cs "mrm" true Created identity [Signer]mrm[identitydb.obj][trusted]

% javakey -gk "mrm" DSA 512 mrm_public_key mrm_private_key Generated DSA keys for mrm (strength: 512). Saved public key to mrm_public_key. Saved private key to mrm_private_key.

% javakey -gc cert_directive Generated certificate from directive file cert_directive.

% javakey -ld

Scope: sun.security.provider.IdentityDatabase, source file: /home/mrm/identitydb.obj

[Signer]mrm[identitydb.obj][trusted] public and private keys initialized certificates: certificate 1 for : CN=Marianne Mueller, OU=JavaSoft, O=Sun MicroSystems, C=US from : CN=Marianne Mueller, OU=JavaSoft, O=Sun MicroSystems, C=US

No further information available.

% jar cf HelloWorld.jar HelloWorld.class

% javakey -gs sign_directive HelloWorld.jar Adding entry: META-INF/MANIFEST.MF Creating entry: META-INF/MRMSIG.SF Creating entry: META-INF/MRMSIG.DSA Adding entry: HelloWorld.class Signed JAR file HelloWorld.jar using directive file sign_directive.

--Herd_of_Buffalo_928_000 Content-Type: TEXT/plain; name="cert_directive"; charset="us-ascii"; x-unix-mode="0664" Content-Description: cert_directive Content-MD5: Q8ALdMEZaaevAmaSgOs22w== X-Sun-Content-Length: 570

# the id of the signer

issuer.name=mrm

# the cert to use for the signing (this is where it gets it DN)

issuer.cert=1

# the id of the subject

subject.name=mrm

# the components of the X500 name for the subject

subject.real.name=Marianne Mueller subject.org.unit=JavaSoft subject.org=Sun MicroSystems subject.country=US

# Various parameters: start and end date for validity and expiration # of the certificate. Serial number. FIle to which to output the # certificate (optional).

start.date=14 Apr 1999 end.date=15 Apr 1999 serial.number=1 out.file=mrm.x509

--Herd_of_Buffalo_928_000 Content-Type: TEXT/plain; name="sign_directive"; charset="us-ascii"; x-unix-mode="0664" Content-Description: sign_directive Content-MD5: xoFpJJanuGMzqBmfos5RAw== X-Sun-Content-Length: 509

# Which signer to use. This must be in the system's database.

signer=mrm

# Cert number to use for this signer. This determines which # certificate will be included in the PKCS7 block. This is mandatory # and is 1 based.

cert=1

# Cert chain depth of a chain of certificate to include. This is # currently not supported.

chain=0

# The name to give to the signature file and associated signature # block. (i.e. DUKESIGN.SF and DUKESIGN.DSA). This must be 8 # characters or less.

signature.file=mrmSig

--Herd_of_Buffalo_928_000--