• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

How to digitally sign document by Verisign?

 
Ranch Hand
Posts: 782
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

This is the requirement from one of the Government Organization (say: GO). Here is the scenario.

There is some document which is to be sent from GO to it's Client (say: CL). Here are the 3 specific requirements.

---- This should be authenticated that it is sent ONLY from GO.
---- This should be authenticated that CL who recieved is the *right reciever. Means nobody else should recieve this document.
--- Integrity of the document's content. That is, it should not be modified while going from GO to CL.

How could we achieve this? I know we have to use Certificate Authorities like Verisign. But how to proceed? Somebody please guide.

Thanks.

Bye,
Viki.
 
Ranch Hand
Posts: 153
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Vikrama Sanjeeva:
Hi,

This is the requirement from one of the Government Organization (say: GO). Here is the scenario.

There is some document which is to be sent from GO to it's Client (say: CL). Here are the 3 specific requirements.

---- This should be authenticated that it is sent ONLY from GO.
---- This should be authenticated that CL who recieved is the *right reciever. Means nobody else should recieve this document.
--- Integrity of the document's content. That is, it should not be modified while going from GO to CL.

How could we achieve this? I know we have to use Certificate Authorities like Verisign. But how to proceed? Somebody please guide.

Thanks.

Bye,
Viki.




Assuming you are writing this is Core Java. You can do this by using Certificates and PKI infrastructure. You could use JCA and JSSE (secure socket extensions) api
 
Ranch Hand
Posts: 320
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Don't you think your client CL should also get certificate from Verisign?

I think you can contact Verisign and get Digital Certificates to setup secured server.
 
suekar meredilko
Ranch Hand
Posts: 153
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Rajan Chinna:
Don't you think your client CL should also get certificate from Verisign?

I think you can contact Verisign and get Digital Certificates to setup secured server.




Client certificate is required only if client authentication is enabled. Which means that clients needs to be authenticated.

in most cases, server authentication is enough. You trust the server to talk to. Use PKI to exchange a shared key to encrypt messages. Trust of the server is achieved by the browser pre-installed with Certificate chains of CAs like Baltimore, Versign and so on. So when server gives you a cert (containing its pub key) then you are sure that it can be trusted. you use that pubkey of the server to send a secret key for asymmetric encryption then onwards.

Cleint auth is an expensive proposition. You need to purchase a client certificate for all you clients. In a true internet scenario its most unlikely. In a b2b scenario for e.g. suppliers connecting to companies via a portal, this can be done. Again you can also use a userid-password mechanism to trust.

hope the confusion is resolved.
reply
    Bookmark Topic Watch Topic
  • New Topic