santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Arshad Noor <arshad.n...@strongauth.com>
Subject Re: Keystore
Date Thu, 30 Mar 2006 00:53:26 GMT
It depends on what your business objective is.

If the objective is to ensure that specific objects are signed by
specific individuals (and none other) then you need to create distinct
keystores.  Bear in mind that there are many other issues involved if
your goal is non-repudiation.

If the objective is to just maintain the data integrity of the object,
then just a single generic key on the server should suffice.

Arshad Noor
StrongAuth, Inc.

m2 r2sj wrote:
>  
> 
> I am looking for efficient way to use the  keystore to create a private 
> key to sign the XML document for one or more persons  . When the person 
> signs the document , Lets assume 10 persons want to sign the document .
> 
>  
> 
> Should We
> 
>  
> 
> 1)Get the each person details and create a key store for each person on 
> their local computer and then generate a private key and then sign the 
> document as follows
> 
>  
> 
> keytool -genkey -alias test -keyalg RSA -dname "CN=Geuer, OU=FB12NUE, 
> O=Uni, C=DE" -keypass xmlsecurity -storepass xmlsecurity -keystore 
> keystoreRSA.jks -validity 2000
> 
>  
> 
> Or
> 
>  
> 
> 2)Keep the keystore on a server and use common user name and password to 
> get the private key for all the persons
> 
>  
> 
>  
> 
> Can any one suggest me the efficient way to do this.
> 

Mime
View raw message