Message-Id: <199907061809.LAA00089@laguna.eng.sun.com>
Date: Tue, 6 Jul 1999 11:09:57 -0700 (PDT)
From: Jan Luehe <luehe@laguna.eng.sun.com>
Subject: Re: JCE Keystore Bug ???
To: puga@tislabs.com
Ralph:
> Is there away to use the keytool to import x509v3 certificates and
> associate them with both a private and public key pair? If so, how? I
> have not been able to figure out a way to do this using the keytool.
You use the "-import" option to import an X509v3 or PKCS#7
formatted certificate reply from a CA. The certificate in the
reply will be associated with your public/private keypair.
See
http://java.sun.com/products/jdk/1.2/docs/tooldocs/solaris/keytool.html
for more information.
Jan
>
> Thanks,
> --Ralph P.
>
> Jan Luehe wrote:
> >
> > Ralph:
> >
> > > I have several questions regarding your answer.
> > >
> > > 1) If you are adding support for storing session keys in the JCE keystore
in
> > > an upcoming JCE 1.2 FCS release, what if any difference is there between
the
> > > JKS and the JCEKS implementations ?
> >
> > The implementation of the protection algorithm for
> > sensitive key information differs between JKS and JCEKS.
> >
> > JCEKS provides a much stronger protection algorithm,
> > based on triple DES.
> >
> > We did not put any strong crypto into the JDK,
> > in order to avoid any export issues.
> >
> > > 2) When is the next JCE 1.2 FCS with the secret (session) key support due
to
> > > be released ?
> >
> > Hopefully within this month.
> >
> > Jan
>
> --
> Ralph G. Puga NEW---> puga@tislabs.com (!NEW!)
> NAI Labs (443) 259-2323 (Voice)
> 3060 Washington Rd. (RT.97) (800) 918-0622 (Beeper)
> Glenwood, MD 21738 (443) 259-2300 (Main) (301) 854-4731 (FAX)