harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leo Li" <liyilei1...@gmail.com>
Subject [classlib][security]Problems about certificate signed by SHA1withDSA?
Date Thu, 04 Jan 2007 07:08:20 GMT
Hi, all:
     I am now trying to switch the security provider for Harmony, but I have
a problem:
     If the normal certificate signed by SHA1withDSA is decoded by harmony
ASN1 decoder, we will get an algorithm as  "
1.3.14.3.2.26with1.2.840.10040.4.1". Although bouncycastle really has such
signature instance, RI security provider does not have such algorithm.
     RI has a signature  for "1.3.14.3.2.27" , which is SHA1withDSA.
     But what makes things worse is that in
org.apache.harmony.security.utils.JarUtil, if the security providers has no
"1.3.14.3.2.26with1.2.840.10040.4.1" signature, a "1.3.14.3.2.26" will be
sought instead, while some other provider has a SHA1withRSA signature for
it, which does not fit the situation.(Luckily enough RI has no such
signature.)
     So my question is:
      1.Whether the "1.3.14.3.2.26with1.2.840.10040.4.1" is the same as "
1.3.14.3.2.27" signature?
      2.What is the real digit representation of the signature stored in the
certificate?

    Furthermore, the bcprov.jar itself has a certificate signed by the
SHA1withDSA, but actually the signature is provided by itself. Thus the
signature is absent at the time of loading the jar. Although it does not
matter since the JarVerifier will let it pass as if no certificate existed
when the signature instance is not available, is it more reasonable if we
are able to add the support for such signature in bootstrap security
providers of Harmony, such as DRLCertFactory or CryptoProvider?

   Thanks.
-- 
Leo Li
China Software Development Lab, IBM

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message