Message-Id: <199904141807.LAA17566@shorter.eng.sun.com>
Date: Wed, 14 Apr 1999 11:07:13 -0700 (PDT)
From: Marianne Mueller <Marianne.Mueller@eng.sun.com>
Subject: Re: problems with javakey -gc cert_directive command - help?
To: java-security@java.sun.com, gte083h@prism.gatech.edu
--Herd_of_Buffalo_928_000
Content-Type: TEXT/plain; charset="us-ascii"
Content-MD5: QcnC/Pv4fvV3qOeeNb0STw==
X-Sun-Content-Length: 1693
We recommend you use the Java 2 signing tools, described on
http://java.sun.com/security/signExample12/
(stands for JDK1.2, the former name of Java 2)
javakey is obsoleted but it's still there for people using JDK 1.1.x.
I just tried the example for javakey, and it seems that the
cert_directive example doesn't work any longer. Try using
serial.number=1
instead of
serial.number=1001
(or something else) in the cert_directive file.
this sequence worked for me. (below) cert_directive and sign_directive
attached. BUT you will be much happier with the Java 2 tools!
Really, if you can, use those instead of the JDK 1.1.x tools.
--Marianne
--% javakey -cs "mrm" true Created identity [Signer]mrm[identitydb.obj][trusted]
% javakey -gk "mrm" DSA 512 mrm_public_key mrm_private_key Generated DSA keys for mrm (strength: 512). Saved public key to mrm_public_key. Saved private key to mrm_private_key.
% javakey -gc cert_directive Generated certificate from directive file cert_directive.
% javakey -ld
Scope: sun.security.provider.IdentityDatabase, source file: /home/mrm/identitydb.obj
[Signer]mrm[identitydb.obj][trusted] public and private keys initialized certificates: certificate 1 for : CN=Marianne Mueller, OU=JavaSoft, O=Sun MicroSystems, C=US from : CN=Marianne Mueller, OU=JavaSoft, O=Sun MicroSystems, C=US
No further information available.
% jar cf HelloWorld.jar HelloWorld.class
% javakey -gs sign_directive HelloWorld.jar Adding entry: META-INF/MANIFEST.MF Creating entry: META-INF/MRMSIG.SF Creating entry: META-INF/MRMSIG.DSA Adding entry: HelloWorld.class Signed JAR file HelloWorld.jar using directive file sign_directive.
--Herd_of_Buffalo_928_000 Content-Type: TEXT/plain; name="cert_directive"; charset="us-ascii"; x-unix-mode="0664" Content-Description: cert_directive Content-MD5: Q8ALdMEZaaevAmaSgOs22w== X-Sun-Content-Length: 570
# the id of the signer
issuer.name=mrm
# the cert to use for the signing (this is where it gets it DN)
issuer.cert=1
# the id of the subject
subject.name=mrm
# the components of the X500 name for the subject
subject.real.name=Marianne Mueller subject.org.unit=JavaSoft subject.org=Sun MicroSystems subject.country=US
# Various parameters: start and end date for validity and expiration # of the certificate. Serial number. FIle to which to output the # certificate (optional).
start.date=14 Apr 1999 end.date=15 Apr 1999 serial.number=1 out.file=mrm.x509
--Herd_of_Buffalo_928_000 Content-Type: TEXT/plain; name="sign_directive"; charset="us-ascii"; x-unix-mode="0664" Content-Description: sign_directive Content-MD5: xoFpJJanuGMzqBmfos5RAw== X-Sun-Content-Length: 509
# Which signer to use. This must be in the system's database.
signer=mrm
# Cert number to use for this signer. This determines which # certificate will be included in the PKCS7 block. This is mandatory # and is 1 based.
cert=1
# Cert chain depth of a chain of certificate to include. This is # currently not supported.
chain=0
# The name to give to the signature file and associated signature # block. (i.e. DUKESIGN.SF and DUKESIGN.DSA). This must be 8 # characters or less.
signature.file=mrmSig
--Herd_of_Buffalo_928_000--