Mark Swanson wrote:
>
> Hello,
>
> I've generated DSA and RSA certificates with openssl-0.9.6 and JDK1.3
> can't seem to read them. No matter what I do I get this:
>
> ./certTest
> Exception in thread "main" java.security.spec.InvalidKeySpecException:
> Inappropriate key specification: invalid key format
> at
> sun.security.provider.DSAKeyFactory.engineGeneratePublic(DSAKeyFactory.java:70)
> at java.security.KeyFactory.generatePublic(KeyFactory.java:186)
> at com.tfn.autex.analysis.security.CertTest.main(CertTest.java:39)
>
> To generate my DSA key I do:
>
> > openssl dsaparam -inform PEM -outform PEM -rand random-bits -out
> dsaparam.out 1024
> > openssl gendsa -out ca.key -rand random-bits dsaparam.out
> > openssl req -new -x509 -days 3650 -config $CONFIG -key ca.key -out ca.crt
>
> The resulting ca.crt just isn't understood by java.
> I can make this work perfectly: just cut all the text that openssl
> placed above the "-----BEGIN CER..." line.
>
> Should I be calling different Java libraries? Why can't the default
> JDK1.3 java.security.cert.* classes handle the "stuff?" that openssl
> places at the beginning of an X.509 certificate?
>
Eh? That command shouldn't put anything before the BEGIN line. Other
commands can place some info before that line but its only
informational. The certificate is the stuff between the BEGIN and END
lines so anything else isn't necessary. Its quite possible that some
libraries wont tolerate this.
Steve.
--
Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/
Personal Email: [EMAIL PROTECTED]
Senior crypto engineer, Celo Communications: http://www.celocom.com/
Core developer of the OpenSSL project: http://www.openssl.org/
Business Email: [EMAIL PROTECTED] PGP key: via homepage.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
