Thanks very much!
But, to clearify - I'm not sure if there are some missunderstandings:
The client certificates data are stored in browsers database/keystore.
(assume it was requested from/with OpenCA and imported via download).
The only way to ask this certificate inside the applet is to
ask for this from the servlet (on the other side of communication
channel)? Or is this only the best/cheapest way?
What on other hand is then the way to decrypt data (encrypted with
public key of the client certificate and sent from the servlet to the
applet) inside the applet. Now the private key associated with the
client certificate and stored in the keystore of the browser/plugin
is needed?!?
Thanks in advance,
Best regards,
Erik
Arshad Noor schrieb:
There are a number of things that your application must do,
both on the client and server side, Erik:
1) You must have a servlet that has access to the key-pair
on the server side;
2) Your applet must communicate to the servlet and request
the certificate from the servlet (you are free to use
your own protocol for this communication, since you are
the creator of the applet and servlet);
3) Your applet must be given access to read sections of the
client computer *outside* the sandbox (unless the data
that you want to encrypt is keyed in into the applet in
a form) through changes in the java.policy file;
4) Your applet may now call the JCE to generate a symmetric
key, encrypt the form data, encrypt the symmetric key
with the certificate's public key and then transport it
to the servlet (I would recommend using the XML Encryption
standard to package your ciphertext content - see
http://www.w3.org/Encryption/2001/ for details);
5) Your servlet receives the ciphertext and using the
private key to which it is granted access, it decrypts
the symmetric key, and then using the symmetric key, it
decrypts the form content. Voila!
Except for the applet part, the complete source code to this
design is available, if you wish, at http://www.strongkey.org.
Hope that helps.
Arshad Noor
StrongAuth, Inc.
Erik Siegemund wrote:
Hi,
I'm not sure if this is the correct site. But possible
it is and somone can help ...
I look for an answer for following problem:
In the mozilla was imported a client certificate.
1.) How is the way to get this certificate inside an applet
for using for encryption? (Assuming java sun plugin
2.) How is the way to use this certificate for decryption
of data encrypted with certificates public key?
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
