-
Bug
-
Resolution: Fixed
-
P2
-
1.1
-
None
-
1.0fcs
-
sparc
-
solaris_2.5.1
-
Not verified
There are two possible problems (or perhaps it's just that the documentation
needs to be enhanced.)
1. When an X.509 cert is imported, the database says there are no
keys associated with the identity.
2. When javakey is used to import the keys, it fails with the error
Error: [Signer]mrm[lg_group.db][trusted] is not a SUN identity.
More details are shown in the user scenario below.
this was reported by a user to ###@###.###.
--Marianne 16 Jan 1997
1. First, I generate keys for myself in my private workspace, and
generate a certificate for myself.
I'm using the latest nightly build of JDK1.1 here. Note: same behavior
regardless of whether the private and public keys are stored to file,
as well as being created inside the identity database.
puffin% which javakey
/usr/green3/local.java/jdk1.1/solaris/bin/javakey
puffin% javakey -l
Scope: sun.security.IdentityDatabase, source file: /home/mrm/identitydb.obj
puffin% javakey -cs mrm true
Operation successful
puffin% javakey -gk mrm DSA 512 mrm_pub mrm_priv
Operation successful
puffin% javakey -gc cert_directive_mrm
Operation successful
puffin%
puffin% javakey -ld
Scope: sun.security.IdentityDatabase, source file: /home/mrm/identitydb.obj
[Signer]mrm[identitydb.obj][trusted]
public and private keys initialized
certificates:
certificate 1 for : CN=Marianne Mueller, OU="JavaSoft ", O=Sun MicroSystems, C=US
from : CN=Marianne Mueller, OU="JavaSoft ", O=Sun MicroSystems, C=US
No further information available.
puffin%
puffin% more cert_directive_mrm
#
# 96/11/11 @(#)cert_directive 1.3
#
#
# This is a sample certificate directive file.
#
# the id of the signer
issuer.name=mrm
# the cert to use for the signing (this is where it gets it DN)
issuer.cert=1
# the id of the subject
subject.name=mrm
# the components of the X500 name for the subject
subject.real.name=Marianne Mueller
subject.org.unit=JavaSoft
subject.org=Sun MicroSystems
subject.country=US
# Various parameters: start and end date for validity and expiration
# of the certificate. Serial number. FIle to which to output the
# certificate (optional).
start.date=10 Dec 1996
end.date=1 Dec 1996
serial.number=1001
out.file=mrm.x509
puffin% ls -l mrm.x509
-rw-rw-r-- 1 mrm green 532 Jan 16 16:42 mrm.x509
puffin%
2. Then, I copy the mrm.x509 and mrm_pub files to /tmp, and try to import them
into an identity database that is associated with the security group nightly
build of JDK1.1
puffin% which javakey
/usr/security/nightly/JDK1.1/solaris/bin/javakey
puffin% javakey -l
Scope: sun.security.IdentityDatabase, source file: /usr/security/lg_group.db
[Signer]duke[lg_group.db][trusted]
puffin% javakey -cs mrm true
Operation successful
puffin% javakey -ic mrm /tmp/mrm.x509
[Signer]mrm[lg_group.db][trusted] does not have keys
puffin% javakey -li mrm
Identity: mrm
[Signer]mrm[lg_group.db][trusted]
no keys
no certificates
No further information available.
puffin% javakey -ik mrm /tmp/mrm_pub
Error: [Signer]mrm[lg_group.db][trusted] is not a SUN identity.
puffin%
Note: I tried various ways to import keys and certs. I got the same
behavior whether I tried to import the keys first, and then the cert,
or the cert first and then the key, or the cert only.
needs to be enhanced.)
1. When an X.509 cert is imported, the database says there are no
keys associated with the identity.
2. When javakey is used to import the keys, it fails with the error
Error: [Signer]mrm[lg_group.db][trusted] is not a SUN identity.
More details are shown in the user scenario below.
this was reported by a user to ###@###.###.
--Marianne 16 Jan 1997
1. First, I generate keys for myself in my private workspace, and
generate a certificate for myself.
I'm using the latest nightly build of JDK1.1 here. Note: same behavior
regardless of whether the private and public keys are stored to file,
as well as being created inside the identity database.
puffin% which javakey
/usr/green3/local.java/jdk1.1/solaris/bin/javakey
puffin% javakey -l
Scope: sun.security.IdentityDatabase, source file: /home/mrm/identitydb.obj
puffin% javakey -cs mrm true
Operation successful
puffin% javakey -gk mrm DSA 512 mrm_pub mrm_priv
Operation successful
puffin% javakey -gc cert_directive_mrm
Operation successful
puffin%
puffin% javakey -ld
Scope: sun.security.IdentityDatabase, source file: /home/mrm/identitydb.obj
[Signer]mrm[identitydb.obj][trusted]
public and private keys initialized
certificates:
certificate 1 for : CN=Marianne Mueller, OU="JavaSoft ", O=Sun MicroSystems, C=US
from : CN=Marianne Mueller, OU="JavaSoft ", O=Sun MicroSystems, C=US
No further information available.
puffin%
puffin% more cert_directive_mrm
#
# 96/11/11 @(#)cert_directive 1.3
#
#
# This is a sample certificate directive file.
#
# the id of the signer
issuer.name=mrm
# the cert to use for the signing (this is where it gets it DN)
issuer.cert=1
# the id of the subject
subject.name=mrm
# the components of the X500 name for the subject
subject.real.name=Marianne Mueller
subject.org.unit=JavaSoft
subject.org=Sun MicroSystems
subject.country=US
# Various parameters: start and end date for validity and expiration
# of the certificate. Serial number. FIle to which to output the
# certificate (optional).
start.date=10 Dec 1996
end.date=1 Dec 1996
serial.number=1001
out.file=mrm.x509
puffin% ls -l mrm.x509
-rw-rw-r-- 1 mrm green 532 Jan 16 16:42 mrm.x509
puffin%
2. Then, I copy the mrm.x509 and mrm_pub files to /tmp, and try to import them
into an identity database that is associated with the security group nightly
build of JDK1.1
puffin% which javakey
/usr/security/nightly/JDK1.1/solaris/bin/javakey
puffin% javakey -l
Scope: sun.security.IdentityDatabase, source file: /usr/security/lg_group.db
[Signer]duke[lg_group.db][trusted]
puffin% javakey -cs mrm true
Operation successful
puffin% javakey -ic mrm /tmp/mrm.x509
[Signer]mrm[lg_group.db][trusted] does not have keys
puffin% javakey -li mrm
Identity: mrm
[Signer]mrm[lg_group.db][trusted]
no keys
no certificates
No further information available.
puffin% javakey -ik mrm /tmp/mrm_pub
Error: [Signer]mrm[lg_group.db][trusted] is not a SUN identity.
puffin%
Note: I tried various ways to import keys and certs. I got the same
behavior whether I tried to import the keys first, and then the cert,
or the cert first and then the key, or the cert only.