Wrox Programmer Forums
|
BOOK: Beginning Cryptography with Java
This is the forum to discuss the Wrox book Beginning Cryptography with Java by David Hook; ISBN: 9780764596339
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Beginning Cryptography with Java section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old June 14th, 2010, 01:39 PM
BKD BKD is offline
Registered User
 
Join Date: Jun 2010
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default Chapter 9 - SignedMailExample

How can I insert the signers certificate in the signed email?.

I was testing the example and the signed email, hasn't got a certificate from the person who signed the email.

Thanks.
 
Old June 14th, 2010, 07:15 PM
dgh dgh is offline
Wrox Author
 
Join Date: Aug 2005
Posts: 206
Thanks: 0
Thanked 20 Times in 20 Posts
Default

That can happen - the inclusion of the signing certificates is optional.

In that case you just need to source the signing certificate from elsewhere. The fundamental principles are the same.

Regards,

David
 
Old June 17th, 2010, 09:24 AM
BKD BKD is offline
Registered User
 
Join Date: Jun 2010
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Yes I know that is possible, but I would like to know where or how I have to insert the public certificate of the signer of the Signed Mime Message.


The example has added, issuer and serialnumber in the signerInfo object
but has not added the signers or root certificate.

I would like to insert a certificate. The signers public certificate or public root certificate, email clients have to identify who send the email or could validate the signed email.

In the example seems the certifcates are included in the signed email with the method .addCertificatesAndCRLs


SMIMESignedGenerator gen = new SMIMESignedGenerator();

gen.addSigner(key, cert, SMIMESignedGenerator.DIGEST_SHA256, new AttributeTable(signedAttrs), null);

gen.addCertificatesAndCRLs(certsAndCRLs);


I have inserted code to send an email, but in Thunderbird email client tells me that the email received hasn't got a digital signature from sender. There is no certificate.

Maybe I have to insert the public certificate from signer or the rootCA like a signed atributte

These are the signed atributes at the RFC5751

- Signing Time (section (Section 2.5.1 in this document)
- SMIME Capabilities (section (Section 2.5.2 in this document)
- Encryption Key Preference (section (Section 2.5.3 in this
document)
- Message Digest (section (Section 11.2 in [CMS])
- Content Type (section (Section 11.1 in [CMS])

And tells this:
Sending agents SHOULD generate one instance of the signingCertificate
or signingCertificatev2 signed attribute in each SignerInfo
structure

I'm not sure if I have to insert the signers certificate or root certificate like a signed atributte of SMime Capabilities.

And I'm not sure how

Is there an example to do this?

Any help would be appreciated
 
Old June 17th, 2010, 06:12 PM
dgh dgh is offline
Wrox Author
 
Join Date: Aug 2005
Posts: 206
Thanks: 0
Thanked 20 Times in 20 Posts
Default

Yes, you use addCertificatesAndCRLs. The certificate associated with "cert" would need to be included in the CertStore. It must be associated with the private key of the signer.

For a signature to be validated the trust anchor for "cert" would need to be accepted into Thunderbird. You can also add the ca certificates and trust anchor to the cert store, which might help, on the other hand the trust anchor may need to be imported separately.

Regards,

David
 
Old June 18th, 2010, 01:55 PM
BKD BKD is offline
Registered User
 
Join Date: Jun 2010
Posts: 3
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I have exported rootCert created in the example to root.cer

And I have installed into windows keystore and thunderbird keystore but is not validating or showing the signers certificate in the signed email.

I can see the signed data in thunderbird.


I have another cuestion:

In the method
gen.addSigner(key, cert, SMIMESignedGenerator.DIGEST_SHA256, new AttributeTable(signedAttrs), null);

there are a private key and cert

key has to be extracted from cert, isn't it?

endEntitykey has to be extracted from endEntitykey.

The parameters of the method addSigner
key - key to use to generate the signature
cert - the public key certificate associated with the signer's key.
digestOID - object ID of the digest algorithm to use.
signedAttr - signed attributes to be included in the signature.
unsignedAttr - unsigned attribitues to be included.

I'm confused, when method addSigner() is callled in the example of the book, "key" is private key from END_ENTITY_ALIAS and cert is the certificate from INTERMEDIATE_ALIAS.
Should It use key (private key from END_ENTITY_ALIAS and cert from END_ENTITY_ALIAS the public key certificate associated with the signer's key?

Last edited by BKD; June 21st, 2010 at 04:57 AM..





Similar Threads
Thread Thread Starter Forum Replies Last Post
Chapter 6 - Code Download Missing for this Chapter dbaechtel BOOK: Professional SharePoint 2007 Development ISBN: 978-0-470-11756-9 0 August 11th, 2009 11:02 AM
Chapter 2 - End of chapter exercises whizzkid1892 BOOK: Beginning PHP5, Apache, and MySQL Web Development ISBN: 978-0-7645-7966-0 1 July 30th, 2008 12:02 PM
Generics chapter 12 difficult chapter i found ...? Larryz C# 2005 1 July 4th, 2007 09:40 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.