Wrox Programmer Forums
Go Back   Wrox Programmer Forums > Java > Other Java > BOOK: Beginning Cryptography with Java
|
BOOK: Beginning Cryptography with Java
This is the forum to discuss the Wrox book Beginning Cryptography with Java by David Hook; ISBN: 9780764596339
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Beginning Cryptography with Java section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old October 24th, 2006, 03:47 AM
Registered User
 
Join Date: Oct 2006
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default Questions about OCSP issuer request

Hi!

When I create a OCSPRequest, I must use the issuer certificate [issuerCert] of certificate to evaluate [certToVal] but... which issuerCert must be used:

[1] The certificate that appears in "issuer" field of certToVal?

[2] The certificate that appears in AuthorityKeyIdentifier extension (OID = 2.5.29.35 [http://www.alvestrand.no/objectid/2.5.29.35.html]) of certToVal?

[3] The certificate that appears in "id-ad-caIssuer" field (OID = 1.3.6.1.5.5.7.48.2 [http://www.alvestrand.no/objectid/1....5.7.48.2.html]) of "authorityInfoAccess" extension (OID = 1.3.6.1.5.5.7.1.1 [http://www.alvestrand.no/objectid/1.....5.7.1.1.html]) of certToVal?

[4] The CArootCertificate?

Another question: if I want evaluate a certificate chain [certPath formed by three certificates, for example: by signerCert, an intermediate certificate and a CAroot certificate], I must use the same issuerCert for each certificate? I that case, which issuerCert I must use?

Thanks!!

---------------

David Cervera-Pérez
DiSiD Technologies
Valencia - Spain
www.disid.com
 
Old October 25th, 2006, 08:59 PM
dgh dgh is offline
Wrox Author
 
Join Date: Aug 2005
Posts: 206
Thanks: 0
Thanked 20 Times in 20 Posts
Default

Sorry, I'm a little confused - there's no certToVal field in RFC 2560 can you tell me a little more about what you're trying to do?

With the second question, the CA certificate must be the issuer of the intermediate certificate, and the intermediate certificate must be the issuer of signerCert.

Regards,

David

 
Old October 26th, 2006, 02:03 AM
Registered User
 
Join Date: Oct 2006
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Sorry, I will try to explain it better.

In the context of OCSP comunication, when I construct a CertID for OCSP request I must use the certificate to evaluate (that I called certToVal) and its issuer certificate (that I called issuerCert).

My first question: when we talked about the issuer certificate of the certificate to evaluate, we talked about:

[1] The certificate that corresponds with the field “Issuer” of the certificate to evaluate?

[2] The certificate that appears in AuthorityKeyIdentifier extension of certificate to evaluate?

[3] The certificate that appears in field "id-ad-caIssuer" of "authorityInfoAccess" extension of certificate to evaluate?

[4] The CA certificate?

(( I was sure that [1] was the suitable answer, because in Chapter 7 as in RFC 2560 is explained thus, but I have this doubt because in a test certificate the issuer certificate that it had to use to create CertID of OCSP request (and to obtain an OCSP response) was the corresponding one to [3] ))

Thanks you very much.

---------------

David Cervera-Pérez
DiSiD Technologies
Valencia - Spain
www.disid.com
 
Old October 27th, 2006, 01:47 AM
dgh dgh is offline
Wrox Author
 
Join Date: Aug 2005
Posts: 206
Thanks: 0
Thanked 20 Times in 20 Posts
Default

Okay, my understanding of this one is that if id-ad-caIssuer is present it specifies where to look for the issuer of the certificate that was the one that issued the certificate you're looking at. So the situation you've described would make sense if you were evaluating the issuer certificate (so given certVal has the extension, evaluating it's issuer certificate might require using the information in the extension). Is that what happened?

If it's any help there's a fairly lengthy description on this one in section 4.2.2.1 of RFC 3280.

Regards,

David

 
Old October 27th, 2006, 05:12 AM
Registered User
 
Join Date: Oct 2006
Posts: 4
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yes, that is what it happens.

Thanks for your aid and congratulations for your book!

Regards.

-------------

David Cervera-Pérez
DiSiD Technologies
Valencia - Spain
www.disid.com





Similar Threads
Thread Thread Starter Forum Replies Last Post
request forwarging & request redirection hafizmuhammadmushtaq Servlets 2 April 24th, 2008 12:42 AM
OCSP request wil BOOK: Beginning Cryptography with Java 11 May 10th, 2007 06:45 AM
Request.Form / Request.QueryString Toran Classic ASP Databases 4 January 17th, 2007 02:23 PM
request.qurystring vs. request.form Durwood Edwards Classic ASP Databases 3 June 18th, 2004 12:09 AM
request.querystring() , request.form() alyeng2000 ASP.NET 1.0 and 1.1 Basics 1 December 30th, 2003 12:07 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.