harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Stepan Mishura" <stepan.mish...@gmail.com>
Subject Re: [classlib][security]Problems about certificate signed by SHA1withDSA?
Date Tue, 09 Jan 2007 09:11:08 GMT
Hi Leo,

I'll look more closely into all your questions when I sort out all unread
See my quick comments below.

On 1/4/07, Leo Li wrote:
> Hi, all:
>     I am now trying to switch the security provider for Harmony, but I
> have
> a problem:
>     If the normal certificate signed by SHA1withDSA is decoded by harmony
> ASN1 decoder, we will get an algorithm as  "
>". Although bouncycastle really has such
> signature instance, RI security provider does not have such algorithm.
>     RI has a signature  for "" , which is SHA1withDSA.
>     But what makes things worse is that in
> org.apache.harmony.security.utils.JarUtil, if the security providers has
> no
> "" signature, a "" will be
> sought instead, while some other provider has a SHA1withRSA signature for
> it, which does not fit the situation.(Luckily enough RI has no such
> signature.)
>     So my question is:
>      1.Whether the "" is the same as "
>" signature?

Yes, they are the same. We have the following correspondence: - SHA1 hash algorithm - DSA with SHA-1 signature algorithm
1.2.840.10040.4.1 - DSA hash algorithm

So: SHA1withDSA == ==

>      2.What is the real digit representation of the signature stored in
> the
> certificate?

Raw bytes: see java.security.cert.X509Certificate#getSignature()
"Gets the signature value (the raw signature bits) from the certificate"


   Furthermore, the bcprov.jar itself has a certificate signed by the
> SHA1withDSA, but actually the signature is provided by itself. Thus the
> signature is absent at the time of loading the jar. Although it does not
> matter since the JarVerifier will let it pass as if no certificate existed
> when the signature instance is not available, is it more reasonable if we
> are able to add the support for such signature in bootstrap security
> providers of Harmony, such as DRLCertFactory or CryptoProvider?
>   Thanks.
> --
> Leo Li
> China Software Development Lab, IBM

Stepan Mishura
Intel Enterprise Solutions Software Division

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message