Tohuwabohu excorcism

User Tools

Site Tools

Trace: mysql ansible git prometheus raspberry
cryptography:certificates

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
cryptography:certificates [2014/02/25 11:25] – [Java] skipidarcryptography:certificates [2023/11/01 07:13] (current) – ↷ Page moved from business_process_management:camunda:cryptography:certificates to cryptography:certificates skipidar
Line 1: Line 1:
 +===== Certificates =====
 +Nice Introduction
 +https://developer.mozilla.org/en-US/docs/Introduction_to_Public-Key_Cryptography
  
 +==== Java ====
 +In Java Certificates are packed in Java Keystores.
 +
 +The can be exported from Java Keystore by doing. Details [[http://docs.oracle.com/javase/6/docs/technotes/tools/solaris/keytool.html|here]]:
 +<code> 
 +keytool  -exportcert {-alias alias} {-file cert_file} {-storetype storetype} {-keystore keystore} [-storepass storepass] {-providerName provider_name} {-providerClass provider_class_name {-providerArg provider_arg}} {-rfc} {-v} {-protected} {-Jjavaoption}
 +</code>
 +
 +
 +==== Android ====
 +The keystores which android do understand have do have the type BKS (Bouncycastle).
 +The bouncyCastel must have teh version bcprov-ext-jdk15on-1.46.jar, available here: http://repo1.maven.org/maven2/org/bouncycastle/bcprov-ext-jdk15on/1.46/bcprov-ext-jdk15on-1.46.jar
 +
 +The Android Keystoree can be creatd using Java's keytool as following:
 +
 +<code>
 +
 +REM Dieses Script generiert ein client-keystore, vom Typ BKS. Diese Keystores koennen von Android gelesen werden.
 +REM Das Script soll dazu verwendet werden Produktivzertifikate in einen Keystore zu packen und mit der App auszuliefern.
 +REM
 +REM Benutzung: die Zertifikate, welche im keystore gespeichert werden sollen ins gleiche Verzeichniss legen. Script ausfuhren. Der keystore client_keystore_bks.ks wird im gleichen Verzeichniss erzeugt.
 +
 +setlocal ENABLEDELAYEDEXPANSION
 +
 +SET SCRIPT_KEYSTORE_FILE_NAME=client_keystore_bks.ks
 +SET ALIAS_PREFIX=uic918_dsa_sign_ivu_
 +SET BOUNCYCASTLE=bcprov-ext-jdk15on-1.46.jar
 +
 +echo Creating an empty keystore
 +keytool -genkey -storepass tough1 -keypass tough1 -alias test -keystore %SCRIPT_KEYSTORE_FILE_NAME% -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath %BOUNCYCASTLE% -dname "CN=Name Lastname, OU=Organisational Unit, O=Organization, L=Aachen, S=State, C=US"
 +keytool -delete -storepass tough1 -keypass tough1 -alias test -keystore %SCRIPT_KEYSTORE_FILE_NAME% -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath %BOUNCYCASTLE%
 +
 +if not exist "%SCRIPT_KEYSTORE_FILE_NAME%" goto KEYSTORE_NOT_FOUND
 +
 +cls
 +echo -------------------------------------------------------------------
 +
 +
 +set /A cnt=1
 +for %%f in (*.cer) do (
 +            echo %%~nf
 +     keytool -import -trustcacerts -alias "uic918_dsa_sign_ivu_!cnt!" -file %%~nf.cer -storetype BKS -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath %BOUNCYCASTLE% -storepass tough1 -keypass tough1 -keystore %SCRIPT_KEYSTORE_FILE_NAME% 
 +            set /A cnt=cnt+1
 +)
 +
 +
 +goto FINISHED
 +
 +
 +:KEYSTORE_NOT_FOUND
 +echo ERROR: could not create the certificate file: %SCRIPT_KEYSTORE_FILE_NAME%
 +exit /b 1
 +
 +
 +:FINISHED
 +exit /b 0
 +</code>