Search...
FAQs Subscribe
Pie
FAQs
Recent topics Flagged topics Hot topics Best topics
Search...
Search within Java Micro Edition Search Coderanch
Advance search Google search
Register / Login
This week's book giveaway is in the Open Source Projects forum.
We're giving away four copies of Eclipse Collections Categorically: Level up your programming game and have Donald Raab on-line!
See this thread for details.
Win a copy of Eclipse Collections Categorically: Level up your programming game this week in the Open Source Projects forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
building better world book advertise on coderanch meaningless drivel book review grid thread boost
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Ron McLeod
  • Jeanne Boyarsky
Sheriffs:
  • Paul Clapham
Saloon Keepers:
  • Tim Holloway
  • Roland Mueller
Bartenders:

SATSA jsr 177

 
itzik saban
Greenhorn
Posts: 2
posted 14 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
Hi Guys,

I would like to start using SATSA PKI to authenticate my users. There is something that i don't understand: in the enrollment process i first need to generate a CSR and then send this CSR to get a signed certificate. But whom exactly do i send it to?

this is the official example from sun:




who is the "CA enrollment server" in reality? Can it be a self-signed Certificate?

Thanks


 
Walter Gabrielsen Iii
Ranch Hand
Posts: 160
posted 14 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
You should look up these two classes, which are the main classes of SATSA-PKI:

javax.microedition.securityservice.CMSMessageSignatureService

javax.microedition.pki.UserCredentialManager

The implementation, not your application is responsible for looking up security keys, CA or Certificate Authority is useful for when you want to limit authentication to a small list of allowed keys.

The server is when you want to upload a message to your server and let it verify the signature on the data.
 
itzik saban
Greenhorn
Posts: 2
posted 14 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
Hi Walter.

I'm not sure i got you right.

for authentication i use CMSMessageSignatureService as you've mentioned. But one parameter of the method authenitcate(...) is the name (DN) of the CA who certified my private key. So in order to use SATSA mechanism, i first have to do the following process:

1 - create a key pair and a Certificate Signing Request (use UserCredentialManager.generateCSR())
2 - Send the CSR to some CA enrollment server and get a certificate as a response.
3 - Store that certificate (use UserCredentialManager.addCredential())

only then i can start using CMSMessageSignatureService.authenticate.

My question is: in step 2, who is that "CA enrollment server"? Can a server of mine act as a "CA enrollment server" and self-sign a CSR and create a certificate? Would the addCredential method accept a self-signed certificate? are there any public "CA enrollment servers"?

Thanks
 
Walter Gabrielsen Iii
Ranch Hand
Posts: 160
posted 14 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
Are you using this with some kind of smart card or similar ID? The reason I ask is because maybe there is a security logo, on the back of the card, or in the fine-print that tells you who is providing the security for that medium so you can verify it using their system.
 
Walter Gabrielsen Iii
Ranch Hand
Posts: 160
posted 14 years ago
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
    Send
  • Quote
  • Report post to moderator
This link may help you: SATSA Developer's Guide.
 
The moustache of a titan! The ad of a flea:
Clean our rivers and oceans from home
https://www.kickstarter.com/projects/paulwheaton/willow-feeders
reply
reply
    Bookmark Topic Watch Topic
  • New Topic
Boost this thread!
Similar Threads
More...