File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Java Micro Edition and the fly likes SATSA jsr 177 Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Soft Skills this week in the Jobs Discussion forum!
JavaRanch » Java Forums » Mobile » Java Micro Edition
Bookmark "SATSA jsr 177" Watch "SATSA jsr 177" New topic
Author

SATSA jsr 177

itzik saban
Greenhorn

Joined: Jul 12, 2011
Posts: 2
Hi Guys,

I would like to start using SATSA PKI to authenticate my users. There is something that i don't understand: in the enrollment process i first need to generate a CSR and then send this CSR to get a signed certificate. But whom exactly do i send it to?

this is the official example from sun:




who is the "CA enrollment server" in reality? Can it be a self-signed Certificate?

Thanks


Walter Gabrielsen Iii
Ranch Hand

Joined: Apr 09, 2011
Posts: 158
You should look up these two classes, which are the main classes of SATSA-PKI:

javax.microedition.securityservice.CMSMessageSignatureService

javax.microedition.pki.UserCredentialManager

The implementation, not your application is responsible for looking up security keys, CA or Certificate Authority is useful for when you want to limit authentication to a small list of allowed keys.

The server is when you want to upload a message to your server and let it verify the signature on the data.
itzik saban
Greenhorn

Joined: Jul 12, 2011
Posts: 2
Hi Walter.

I'm not sure i got you right.

for authentication i use CMSMessageSignatureService as you've mentioned. But one parameter of the method authenitcate(...) is the name (DN) of the CA who certified my private key. So in order to use SATSA mechanism, i first have to do the following process:

1 - create a key pair and a Certificate Signing Request (use UserCredentialManager.generateCSR())
2 - Send the CSR to some CA enrollment server and get a certificate as a response.
3 - Store that certificate (use UserCredentialManager.addCredential())

only then i can start using CMSMessageSignatureService.authenticate.

My question is: in step 2, who is that "CA enrollment server"? Can a server of mine act as a "CA enrollment server" and self-sign a CSR and create a certificate? Would the addCredential method accept a self-signed certificate? are there any public "CA enrollment servers"?

Thanks
Walter Gabrielsen Iii
Ranch Hand

Joined: Apr 09, 2011
Posts: 158
Are you using this with some kind of smart card or similar ID? The reason I ask is because maybe there is a security logo, on the back of the card, or in the fine-print that tells you who is providing the security for that medium so you can verify it using their system.
Walter Gabrielsen Iii
Ranch Hand

Joined: Apr 09, 2011
Posts: 158
This link may help you: SATSA Developer's Guide.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: SATSA jsr 177