Re: [ease-dev] Script signing example

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]

Re: [ease-dev] Script signing example

From: Varun Raval <vraval48@xxxxxxxxx>
Date: Sun, 31 Jul 2016 04:49:45 +0000
Delivered-to: ease-dev@xxxxxxxxxxx
List-archive: <https://dev.eclipse.org/mailman/private/ease-dev>
List-help: <mailto:ease-dev-request@eclipse.org?subject=help>
List-subscribe: <https://dev.eclipse.org/mailman/listinfo/ease-dev>, <mailto:ease-dev-request@eclipse.org?subject=subscribe>
List-unsubscribe: <https://dev.eclipse.org/mailman/options/ease-dev>, <mailto:ease-dev-request@eclipse.org?subject=unsubscribe>

Hi Christian,

I have updated the patch [1].

One reason you might not be able to perform signature maybe the algorithm of private key. Since specific providers provide implementation of algorithms for e.g. SHA1withDSA by SUN, SHA1withRSA by SunRsaSign. I solved this issue.

Previously, I was taking SUN as default one. Now, in the update, if not selected explicitly on advanced page, it will try to chose preferred provider. Hence, for private key created for any algorithm like DSA or RSA, if provider combo box is not selected, it will iterate over all algorithms and chose preferred one.

In this case, it would be helpful to user if we provide "preferred" as an option so that once user has selected an algorithm, user can still let system make the choice of algorithm. I am saying this because, we previously agreed on showing specific types to user like "SUN" and not "Preferred" as default option.

Other reason might be that there are no alias with private key in provided keystore. jre/lib/security/cacerts is a kind of trust store that contains list of trusted certificates. These aliases are just certificates that contain public key. There is no alias with private key there by default.

[1]: https://git.eclipse.org/r/#/c/76997/

Thanks,

On Sun, Jul 31, 2016 at 8:17 AM Varun Raval <vraval48@xxxxxxxxx> wrote:

Hi Christian,

Wherever you want to create a new keystore file, try this from terminal to make a new private key with name MYALIAS and place it in a new keystore with name KEYSTORE_NAME
keytool -genkey -alias MYALIAS -keystore KEYSTORE_NAME

To list the current aliases in keystore
keytool -list -keystore KEYSTORE_NAME

Generate a self-signed certificate file

keytool -export -alias MYALIAS -file certfile.cer -keystore KEYSTORE_NAME

To make a Certificate Signing Request(CSR) from existing JAVA Keystore

keytool -certreq -alias MYALIAS -keystore KEYSTORE_NAME -file MYALIAS.csr

See HOWTO on Github

Thanks,

On Sun, Jul 31, 2016 at 12:06 AM Christian Pontesegger <christian.pontesegger@xxxxxx> wrote:
Hi Varun,

could you provide a short totuorail how to create a keystore with a self
signed certificate that works with your current patchset? I was trying
out some settings but none of them worked so far.

thanks

Christian

_______________________________________________
ease-dev mailing list
ease-dev@xxxxxxxxxxx
To change your delivery options, retrieve your password, or unsubscribe from this list, visit
https://dev.eclipse.org/mailman/listinfo/ease-dev

--
Varun Raval

Varun Raval

Follow-Ups:
- Re: [ease-dev] Script signing example
  - From: Christian Pontesegger

References:
- [ease-dev] Script signing example
  - From: Christian Pontesegger
- Re: [ease-dev] Script signing example
  - From: Varun Raval

Prev by Date: Re: [ease-dev] Script signing example
Next by Date: [ease-dev] Documentation for Sign and Verify features
Previous by thread: Re: [ease-dev] Script signing example
Next by thread: Re: [ease-dev] Script signing example
Index(es):
- Date
- Thread

Breadcrumbs