Signing a X.509 certificate in Java -


i want find out how sign x.509 certificate.

i have set openssl ca create demo certificate. certificate fine , can see relevant elements using tool called dumpasn1. theoretically know have sign structure called "tbscertificate" compounds attributes version , serial number signature, issuer, validity, subject, subjectpublickeyinfo , extensions.

however, when try mimic in java, unfortunately not work. is:

  • i read "tbscertificate"-portion of der-encoded certificate
  • then private key issuing ca
  • last try sign tbscertificate-structure using following code:

.

public static void sign(byte [] data) throws exception   {     string algorithm = "sha256withecdsa";     privatekey privkey;     keypair keypair;      keypair = getkeypairfompem();     privkey = keypair.getprivate();      signature ecdsa;     ecdsa = signature.getinstance(algorithm, "bc");     ecdsa.initsign(privkey);     ecdsa.update(data);     byte[] basignature = ecdsa.sign();  }

unfortunately result not match signature in certificate, made kind of error. signature algorithm same used in certificate (sha256withecdsa), suspect did not choose right portion of tbscertificate structure.

my certificate 530 bytes long. start reading offset 4 (skipping initial sequence tag , length bytes) end of extensions (stopping before begin of certificate section).

can tell if right array of bytes have read "tbscertificate" structure? or other error may have made don't see right now? certificate definitively ok, double checked certificate , signing algorithm using following java code.

public static x509certificate loadcertificate(string filename) {     inputstream in;     byte [] signature;     x509certificate cert = null;     try     {         in = new fileinputstream(filename);         certificatefactory factory = certificatefactory.getinstance("x.509");         cert = (x509certificate) factory.generatecertificate(in);         signature = cert.getsignature();         system.out.println("signature algorithm: " + cert.getsigalgname());         system.out.println(signature);         return cert;     }     catch (filenotfoundexception e)     {         e.printstacktrace();     }     catch (certificateexception e)     {         e.printstacktrace();     }     return cert; }

ecdsa doesn't produce stable signatures, if test produced same answer won't work. can verify signature on certificate verifying signature presented against tbscertificate data.

your approach work rsa signature, since that's stable signature algorithm (with pkcs1 padding, not pss).

as finding tbscertificate: seem have idea of der encoding is, feel compelled provide guidance based on loose description in question:

the binary encoded form of certificate in der. first byte 0x30 ((constructed) sequence). next byte either how long sequence (< 0x80) or how long length (0x82 => next 2 bytes big-endian length). next byte again 0x30, start of tbscertificate encoded value. can read length of structure, , compute correct end offset tbscertificate.

the certificate structure can found in rfc 3280. (there's update in rfc 5280 i've heard people "that didn't approved standard".) it's available, along attribute certificates, in itu-t x.509 -- x.509 in x.509 certificate comes from. linked 2012 version because 2016 version behind paywall.


Comments

Post a Comment

Popular posts from this blog

javascript - Clear button on addentry page doesn't work -

this addentry blog page have made scratch , there underlying problems code particularly clear button supposed clear text entered when button clicked on doesn't work have saved html file problem. also 1 other problem submit button works doesn't pass of text index file have written php , reason whenever click on submit button redirects me index page without posting entry have made. <!doctype html> <html> <head> <script> function message() { alert("clear form?"); } </script> <style> body {background-color: beige;} h1 {color: black;} p {color: black;} textarea { width: 50%; height: 150px; padding: 12px 20px; box-sizing: border-box; border: 2px solid #ccc; border-radius: 4px; background-color: white; font-size: 16px; resize: none; } div { padding-left: 20px; } </style> </head> <meta charset="utf-8"> <link rel="stylesheet" href=".
Read more

c# - Selenium Authentication Popup preventing driver close or quit -

i have selenium automated task setup login website retrieve information. it's basic in automation. logging in , clicking 2 links. running issue proving problem. the site in question uses authentication required popup not javascript popup rather regular windows auth popup. have read isn't handled out of box selenium. i using " http://username:password@url.com " site every , site has issues on end prompt me again username/password randomly. have enter username/password twice in row when navigating there hand. since task loops continuously few hours picking needed info figured use webdriverwait verify element present on page. if authentication popup appears, element isn't present. no need care run, start over. the problem having when authentication popup displayed , hit timeout limit want close driver/browser window can start task on again. however, driver.close() , driver.quit() not doing anything. browser remains open , unloaded page still there login p
Read more

tensorflow when input_data MNIST_data , zlib.error: Error -3 while decompressing: invalid block type -

i'm geting started tensorflow,followed tutorials,but cannot download mnist data. import tensorflow tf tensorflow.examples.tutorials.mnist import input_data mnist=input_data.read_data_sets("mnist_data/",one_hot=true) print("download done!") error information: extracting mnist_data/train-images-idx3-ubyte.gz traceback (most recent call last): file "/home/sj/program/tesorflow_try.py", line 6, in <module> mnist=input_data.read_data_sets("mnist_data/",one_hot=true) file "/usr/local/lib/python2.7/dist-packages/tensorflow/contrib/learn/python/learn/datasets/mnist.py", line 213, in read_data_sets train_images = extract_images(f) file "/usr/local/lib/python2.7/dist-packages/tensorflow/contrib/learn/python/learn/datasets/mnist.py", line 60, in extract_images buf = bytestream.read(rows * cols * num_images) file "/usr/lib/python2.7/gzip.py", line 268, in read self._read(readsize) file
Read more