Dream.In.Code > Programming Help > Java

Welcome to Dream.In.Code
	Become a Java Expert! Join 150,399 Java Programmers for FREE! Get instant access to thousands of Java experts, tutorials, code snippets, and more! There are 962 people online right now. Registration is fast and FREE... Join Now! Chat LIVE With a Java Expert

Signing Digital certificate

2 Pages

1 2 >

Reply to this topic

Start new topic

Signing Digital certificate

rao atif	24 Feb, 2008 - 11:21 PM Post #1
New D.I.C Head Joined: 24 Feb, 2008 Posts: 7	HELLO! im working on digital certificate. So far i have generated a root certofate using Bouncy Castle API(Java).I have also generated a PKCS10 certificate request.Now i want to sign it , can any one give me the clue how i can do it. Thanks Rao Atif
	This Post Was Helpful!


Register for Free to Make These Ads Go Away!

bhandari	RE: Signing Digital Certificate 25 Feb, 2008 - 12:00 AM Post #2
D.I.C Addict Joined: 31 Jan, 2008 Posts: 747 Dream Kudos: 900 My Contributions	provide your code in code tags as below: [code] insert code here [/code] (without the asterisks * )
	This Post Was Helpful!

no2pencil	RE: Signing Digital Certificate 25 Feb, 2008 - 12:17 AM Post #3
My fridge be runnin OH NOEZ! Joined: 10 May, 2007 Posts: 7,166 Thanked: 78 times Dream Kudos: 2425 Expert In: Goofing Off My Contributions	http://www.google.com/search?hl=en&q=S...G=Google+Search
	This Post Was Helpful!

rao atif	RE: Signing Digital Certificate 25 Feb, 2008 - 11:11 PM Post #4
New D.I.C Head Joined: 24 Feb, 2008 Posts: 7	Hello thanks ! actually im signing the certificate with OPENSSL now i want to develop my own application that can do this by using bouncy castle.I have generated the certificate request now problem is to sign it with our root certificate. Thanks QUOTE(bhandari @ 25 Feb, 2008 - 01:00 AM) provide your code in code tags as below: [code] import java.io.FileOutputStream; import java.io.OutputStreamWriter; import java.security.Key; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.PrivateKey; import java.security.PublicKey; import java.security.SecureRandom; import java.security.Security; import java.util.Hashtable; import java.util.Vector; import javax.security.auth.x500.X500Principal; import org.bouncycastle.asn1.ASN1Sequence; import org.bouncycastle.asn1.DEROctetString; import org.bouncycastle.asn1.DERSet; import org.bouncycastle.asn1.pkcs.Attribute; import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers; import org.bouncycastle.asn1.x509.GeneralName; import org.bouncycastle.asn1.x509.GeneralNames; import org.bouncycastle.asn1.x509.X509Extension; import org.bouncycastle.asn1.x509.X509Extensions; import org.bouncycastle.asn1.x509.X509Name; import org.bouncycastle.jce.PKCS10CertificationRequest; import org.bouncycastle.jce.X509Principal; import org.bouncycastle.jce.provider.BouncyCastleProvider; import org.bouncycastle.openssl.PEMWriter; import org.bouncycastle.util.encoders.Base64; import com.sun.crypto.provider.SunJCE; /* * Generation of a basic PKCS #10 request with an extension. / public class pkcs10 { private boolean useBCAPI; private static String commonName; private static String email; private static String organization; private static String groupName; private static String locality; private static String country; pkcs10(String Name,String Email, String Organization,String GroupName,String Locality, String Country){ commonName = Name; email = Email; organization = Organization; groupName = GroupName; locality = Locality; country = Country; } public static PKCS10CertificationRequest generateRequest( KeyPair pair) throws Exception { // create a SubjectAlternativeName extension value GeneralNames subjectAltNames = new GeneralNames( new GeneralName(GeneralName.rfc822Name, "ncp.edu.pk")); // create the extensions object and add it as an attribute Vector oids = new Vector(); Vector values = new Vector(); Hashtable attrs = new Hashtable(); attrs.put(X509Principal.CN, commonName); attrs.put(X509Principal.EmailAddress, email); attrs.put(X509Principal.O, organization); attrs.put(X509Principal.L, locality); attrs.put(X509Principal.OU, groupName); attrs.put(X509Principal.C,country); oids.add(X509Extensions.SubjectAlternativeName); values.add(new X509Extension(false, new DEROctetString(subjectAltNames))); X509Extensions extensions = new X509Extensions(oids, values); Attribute attribute = new Attribute( PKCSObjectIdentifiers.pkcs_9_at_extensionRequest, new DERSet(extensions)); return new PKCS10CertificationRequest( "sha1WithRSAEncryption", new X509Principal(attrs), pair.getPublic(), new DERSet(attribute), pair.getPrivate()); } public void generateKeyPair() throws Exception { Security.addProvider(new BouncyCastleProvider()); Security.addProvider(new SunJCE()); // create the keys KeyPairGenerator kpGen = KeyPairGenerator.getInstance("RSA", "BC"); kpGen.initialize(1024);//, Utils.createFixedRandom()); KeyPair pair = kpGen.generateKeyPair(); PKCS10CertificationRequest request = generateRequest(pair); //certb64 = null; FileOutputStream out = new FileOutputStream("f:/test.pkcs10"); // out.write(beginRSAPrivateKey.getEncoded()); // out.write(pemWrt.toString().getBytes()); //out.close(); PEMWriter pemWrt = new PEMWriter(new OutputStreamWriter(out)); PEMWriter pemWrt1 = new PEMWriter(new OutputStreamWriter(System.out)); pemWrt1.writeObject(request); pemWrt.writeObject(request); pemWrt1.close(); pemWrt.close(); //byte [] certb64 = Base64.encode(request.getEncoded()); //int length = certb64.length; //int bytestowrite = 64; //certb64 = Base64.encode(prikey.getEncoded()); }[/code] (without the asterisks * ) waiting for ur reply
	This Post Was Helpful!

1lacca	RE: Signing Digital Certificate 26 Feb, 2008 - 06:19 AM Post #5
code.rascal Joined: 11 Aug, 2005 Posts: 3,822 Thanked: 12 times My Contributions	I would suggest registering Bouncy Castle as a JCE Provider and doing hte whole thing through JCE. Here is a nice intorduction with plenty of examples
	This Post Was Helpful!

rao atif	RE: Signing Digital Certificate 27 Feb, 2008 - 02:51 AM Post #6
New D.I.C Head Joined: 24 Feb, 2008 Posts: 7	my this code is running fine.But i have to sign it with my own generated CA certificate.I have done two things 1.created the root (CA) certificate with bouncy castle 2.Generated the request in PKCS10 format. PROBLEMS 1 Now i want to sign my request with my Root certificate.Thats i cant understand HOW? using bouncy castle. 2 I have created an applet it works fine when i run with Eclipse(IDE java). but when run it with compiled classes it gives this exception. "access denied (java.security.SecurityPermission putProviderProperty.BC)" Can any one help me out i have checked the security files checks the permissions but didnt works. thanks
	This Post Was Helpful!

rao atif	RE: Signing Digital Certificate 3 Mar, 2008 - 11:43 PM Post #7
New D.I.C Head Joined: 24 Feb, 2008 Posts: 7	IS there no one who can solve this problem or just give me clue how to do it thanks
	This Post Was Helpful!

1lacca	RE: Signing Digital Certificate 4 Mar, 2008 - 01:56 AM Post #8
code.rascal Joined: 11 Aug, 2005 Posts: 3,822 Thanked: 12 times My Contributions	jar the compiled classes and sign them with jarsigner (you can generate a key with the keytool utility) This way, when you run the applet it will ask the user if he trusts the signer (you) and it will get the needed security permissions. (Maybe it won't work from a local filesystem, just through http(s), but I am not confident about this) FYI: your problem is probably caused by the fact that when you run it from Eclipse it doesn't impose the sandbox restrictions on the classes, but the browser always does (unless you set special permissions with the policytool, but that is usually not a possibility when you distribute your application anyway).
	This Post Was Helpful!

rao atif	RE: Signing Digital Certificate 7 Mar, 2008 - 03:22 AM Post #9
New D.I.C Head Joined: 24 Feb, 2008 Posts: 7	thanks for ur tip it was the security problem. I want to sign the CSR with the CA private.i have created the CSR and CA root certificate.Than i created the keystore it only store the files with cert(.cer) extension but my private key is in pem format and my request is in PKCS10 format how can i sign the CSR with the CA root private key and how can i load the pem files in the keystore. Can u tell me what is the difference between the PKCS12 format and keystore which one is best for storing the key and the certificates. thanks
	This Post Was Helpful!

1lacca	RE: Signing Digital Certificate 7 Mar, 2008 - 04:19 AM Post #10
code.rascal Joined: 11 Aug, 2005 Posts: 3,822 Thanked: 12 times My Contributions	From the Wiki: QUOTE Defines a file format commonly used to store private keys with accompanying public key certificates, protected with a password-based symmetric key. PFX is a predecessor to PKCS#12. This is a container format that can contain multiple embedded objects, eg. multiple certificates. Usually protected/encrypted with a password. Can be used as a format for the Java key store. Can be used by Tomcat, but NOT by Apache. CSR can be signed with the keytool -certreq option. This link has some information on CSR usage, maybe it will help. I don't fully understand what are you trying to do.
	This Post Was Helpful!

rao atif	RE: Signing Digital Certificate 10 Mar, 2008 - 02:20 AM Post #11
New D.I.C Head Joined: 24 Feb, 2008 Posts: 7	Thanks for all.Wel i wil tel u what i actually want to do: WE are certificate authority and sign certificates by using OPEN SSL. Now i want to write an application Using java and Bouncy castle API What i want to do is 1.Generate the root certificate. 2.generate CSR 3. sign the csr 4.generate CRL What i have achieved 1.generated the root certificate 2.generated the CSR below is my CSR in pem format -----BEGIN CERTIFICATE REQUEST----- MIIBjDCB9gIBADAlMSMwIQYDVQQDDBpSZXF1ZXN0ZWQgVGVzdCBDZXJ0aWZpY2F0 ZTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnZMHNgBDG6P8XOyKxa9ehuP4 QVnIhMdJyIqJ0vNSzdPA9GbxdCuyLeIXUlVJyanw6d4EUlKa7CxBV7t6jxS00aK3 YFkd3jDQ8kXRMLo70B+SdHVmsy+AJNqJ39b58Jfs/fe6DUPHD1BwCE+DazAOhktc 7dcf94kuPtGzw/yi8M8CAwEAAaAoMCYGCSqGSIb3DQEJDjEZMBcwFQYDVR0RBA4w DIEKbmNwLmVkdS5wazANBgkqhkiG9w0BAQUFAAOBgQCKsfHoEaLCdV2KFOWO+348 pbAVB09fHNgx+aHeQ1HrCWNPco1aVK1D+c4fn/6bwolq5TvPb2lZ7JK3XkNvtTiR sLdGTSKJt/atXKoHNpBbwokB5mzpWRDfQmj7lSXCZDB2YtpdlRZDNfhNDi+OUh0j +3Z9ifySph9SILAQx8Ou5w== -----END CERTIFICATE REQUEST----- Now i stuck how to sign the CSR which is in PKCS10 format how can i sign it with my root certificate and generate the CRLs. Waiting Anxiously for ur reply. i have also created the keystore but it only stors the .cer files.
	This Post Was Helpful!

rao atif	RE: Signing Digital Certificate 18 Mar, 2008 - 09:16 PM Post #12
New D.I.C Head Joined: 24 Feb, 2008 Posts: 7	I have signed my certificate and issued the CRL.
	This Post Was Helpful!

2 Pages

1 2 >

Fast Reply

Reply to this topic

Start new topic

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Time is now: 1/9/09 06:54PM

Invision Power Board v2.1.7 © 2009 IPS, Inc.

Licensed to: MediaGroup1

Advertising | Terms of Use | Privacy Policy | About Us | Site Map

Forum Index: Programming Help | C and C++ | Visual Basic | Java | VB.NET | C# | ASP.NET | PHP | ColdFusion | Perl and Python | Ruby | Databases | Other Languages | Game Programming | Software Development | Computer Science | Industry News | Programming Tutorials | C++ Tutorials | Visual Basic Tutorials | Java Tutorials | VB.NET Tutorials | C# Tutorials | Linux Tutorials | PHP Tutorials | ColdFusion Tutorials | Windows Tutorials | HTML/JavaScript Tutorials | CSS Tutorials | Flash Tutorials | Web Promotion Tutorials | Photoshop Tutorials | Software Development Tutorials | Database Tutorials | Other Language Tutorials | ASP.NET Tutorials |

Copyright 2001-2008 MediaGroup1 LLC, All Rights Reserved
A MediaGroup1 LLC Production - Version 6.0.2.1.36
Server: secure2

Search^Updated!w00t

Over 509,000 Pages! Advanced Forum Search

Be Social

Live Java Help!

Java Tutorials

Reference Sheets

Java Snippets

DIC Chatroom

Join our IRC Chat

Bye Bye Ads

Monthly Drawing

Top Contributors

Top 10 Kudos This Month