1
0
mirror of https://github.com/Jermolene/TiddlyWiki5 synced 2024-12-29 11:30:28 +00:00
TiddlyWiki5/editions/tw2/source/tiddlywiki/java/sign.readme

323 lines
11 KiB
Plaintext
Raw Normal View History

Readme file for signing TiddlySaver applet
for verifying see verify.readme file
1 - HISTORY
2010 03 06 - BidiX : Signing TiddlySaver.jar with a new Signing Certificate
The files were updated with the new process used for signing (sorry my Macbook was configured in French)
New signed TiddlySaver.jar was tested with Safari 4.0.4 on MacOS 10.6.2
2008 04 06 - BidiX : documentation
2008 04 06 - BidiX : create TiddlySaverVerify.keystore
2008 03 27 - BidiX : Signing TiddlySaver.jar
2008 03 26 - BidiX : obtaining UnaMesa Signing Certificate
2008 03 17 - BidiX : Issuing a certificate request to Thawte with a BidiX CSR
2003 03 12 - BidiX : Create UnaMesa.keystore with BidiX alias and Private key
2 - UNAMESA.KEYSTORE CREATION
Using this command:
----------------
> keytool -genkey -keyalg RSA -alias BidiX -keystore UnaMesa.keystore
Tapez le mot de passe du Keystore :
Ressaisissez le nouveau mot de passe :
Quels sont vos pr?nom et nom ?
[Unknown] : BidiX
Quel est le nom de votre unit? organisationnelle ?
[Unknown] : TiddlyWiki
Quelle est le nom de votre organisation ?
[Unknown] : UnaMesa
Quel est le nom de votre ville de r?sidence ?
[Unknown] : Palo Alto
Quel est le nom de votre ?tat ou province ?
[Unknown] : California
Quel est le code de pays ? deux lettres pour cette unit? ?
[Unknown] : US
Est-ce CN=BidiX, OU=TiddlyWiki, O=UnaMesa, L=Palo Alto, ST=California, C=US ?
[non] : OUI
Sp?cifiez le mot de passe de la cl? pour <BidiX>
(appuyez sur Entr?e s'il s'agit du mot de passe du Keystore) :
Ressaisissez le nouveau mot de passe :
---------------
For security reasons the Keystore is kept in a safe place in BidiX environment (BidiX @ bidix.info)
3 - CERTICATE REQUEST
Using this command :
--------------
> keytool -certreq -alias BidiX -file certreq -keystore UnaMesa.keystore -storepass "???"
> cat certreq
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIBrTCCARYCAQAwbTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcT
...
sxoX+IbLVSs4Ye4HDqFodRkmehWBJsdWpQa/yji72pY+eA3fCgTt57VL+san9pPaLcwPfAiL23cD
R1j/y2RjQYLpE0PH+vQXn26xNeUDo2OONijyG0RLIX57yA==
-----END NEW CERTIFICATE REQUEST-----
---------------
Certificate received
-----BEGIN PKCS #7 SIGNED DATA-----
MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAyIwggKLoAMC
...
PwnOVRks7+YHJOGv7AAAMQAAAAAAAAA=
-----END PKCS #7 SIGNED DATA-----
copied in UnaMesa-2.cer
4 - ADDING CERTICATE TO KEYSTORE
---------------
> keytool -import -alias BidiX -trustcacerts -file UnaMesa-2.cer -keystore UnaMesa.keystore
Tapez le mot de passe du Keystore :
R?ponse de certificat install?e dans le Keystore
---------------
List Keystore
---------------
> keytool -list -v -alias BidiX -keystore UnaMesa.keystore
Tapez le mot de passe du Keystore :
Nom d'alias : BidiX
Date de cr?ation : 6 mars 2010
Type dentr?e?: {0}
Longueur de cha?ne du certificat : 3
Certificat[1]:
Propri?taire?: CN=UnaMesa, OU=TiddlyWiki, O=UnaMesa, L=Palo Alto, ST=California, C=US
?metteur?: CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA
Num?ro de s?rie?: 4b727291e62550562934757e5b6e6588
Valide du?: Thu Mar 04 01:00:00 CET 2010 au?: Sun Mar 04 00:59:59 CET 2012
Empreintes du certificat?:
MD5?: 1B:79:CE:47:BE:A9:E4:04:2A:DD:04:F5:BA:62:64:AD
SHA1?: 42:A9:6F:4D:C3:20:F8:7F:90:1A:1F:A5:66:92:ED:06:38:19:1E:D4
Nom de lalgorithme de signature?: {7}
Version?: {8}
Extensions?:
#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
#2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.thawte.com]
]
#3: ObjectId: 2.5.29.4 Criticality=false
#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.thawte.com/ThawteCodeSigningCA.crl]
]]
#5: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
codeSigning
1.3.6.1.4.1.311.2.1.22
]
#6: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
Object Signing
]
Certificat[2]:
Propri?taire?: CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA
?metteur?: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Num?ro de s?rie?: a
Valide du?: Wed Aug 06 02:00:00 CEST 2003 au?: Tue Aug 06 01:59:59 CEST 2013
Empreintes du certificat?:
MD5?: D4:A7:BF:00:7B:6A:0C:20:D9:23:CD:5B:60:7B:7C:12
SHA1?: A7:06:BA:1E:CA:B6:A2:AB:18:69:9F:C0:D7:DD:8C:7D:E3:6F:29:0F
Nom de lalgorithme de signature?: {7}
Version?: {8}
Extensions?:
#1: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
Key_CertSign
Crl_Sign
]
#2: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:0
]
#3: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.thawte.com/ThawtePremiumServerCA.crl]
]]
#4: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
clientAuth
codeSigning
]
#5: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
CN=PrivateLabel2-144
]
Certificat[3]:
Propri?taire?: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
?metteur?: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
Num?ro de s?rie?: 1
Valide du?: Thu Aug 01 02:00:00 CEST 1996 au?: Fri Jan 01 00:59:59 CET 2021
Empreintes du certificat?:
MD5?: 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
SHA1?: 62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A
Nom de lalgorithme de signature?: {7}
Version?: {8}
Extensions?:
#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:true
PathLen:2147483647
]
---------------
5 - SIGNING TIDDLYSAVER.JAR
Get TiddlySaver.jar from http://trac.tiddlywiki.org/browser/Trunk/core/java/TiddlySaver.jar.
TiddlySaver.jar contained classes compiled on Thu Dec 07 14:48:00 CET 2006
With UnaMesa.keystore in the current directory Signing jar on Sam 6 mar 2010 15:16:04 CET using this command :
---------------
> jarsigner -keystore UnaMesa.keystore TiddlySaver.jar BidiX
Enter Passphrase for keystore:
---------------
6 - VERIFYING SIGNATURE WITHOUT KEYSTORE
---------------
> jarsigner -verify -verbose TiddlySaver.jar
284 Thu Mar 27 07:59:12 CET 2008 META-INF/MANIFEST.MF
395 Sat Mar 06 15:16:04 CET 2010 META-INF/BIDIX.SF
2798 Sat Mar 06 15:16:04 CET 2010 META-INF/BIDIX.RSA
0 Thu Dec 07 14:48:00 CET 2006 META-INF/
sm 1271 Thu Dec 07 14:48:00 CET 2006 TiddlySaver$1.class
sm 1184 Thu Dec 07 14:48:00 CET 2006 TiddlySaver$2.class
sm 775 Thu Dec 07 14:48:00 CET 2006 TiddlySaver.class
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
---------------
7 - CREATE TiddlySaverVerify.keystore KEYSTORE
export SigningCertificate
---------------
> keytool -export -alias BidiX -file UnaMesa-3.cer -keystore UnaMesa.keystore
Tapez le mot de passe du Keystore :
Certificat enregistr? dans le fichier <UnaMesa-3.cer>
---------------
create keystore "TiddlySaverVerify.keystore" with "tiddlywiki" as password and import SigningCertificate
---------------
> keytool -import -alias BidiX -keystore TiddlySaverVerify.keystore -storepass tiddlywiki -file UnaMesa-3.cer
Propri?taire?: CN=UnaMesa, OU=TiddlyWiki, O=UnaMesa, L=Palo Alto, ST=California, C=US
?metteur?: CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA
Num?ro de s?rie?: 4b727291e62550562934757e5b6e6588
Valide du?: Thu Mar 04 01:00:00 CET 2010 au?: Sun Mar 04 00:59:59 CET 2012
Empreintes du certificat?:
MD5?: 1B:79:CE:47:BE:A9:E4:04:2A:DD:04:F5:BA:62:64:AD
SHA1?: 42:A9:6F:4D:C3:20:F8:7F:90:1A:1F:A5:66:92:ED:06:38:19:1E:D4
Nom de lalgorithme de signature?: {7}
Version?: {8}
Extensions?:
#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
CA:false
PathLen: undefined
]
#2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.thawte.com]
]
#3: ObjectId: 2.5.29.4 Criticality=false
#4: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://crl.thawte.com/ThawteCodeSigningCA.crl]
]]
#5: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
codeSigning
1.3.6.1.4.1.311.2.1.22
]
#6: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
NetscapeCertType [
Object Signing
]
Faire confiance ? ce certificat ? [non] : Y
R?ponse incorrecte, recommencez
Faire confiance ? ce certificat ? [non] : oui
Certificat ajout? au Keystore
---------------
8 - VERIFYING SIGNATURE WITH TiddlySaverVerify.keystore
---------------
> jarsigner -verify -verbose -certs -keystore TiddlySaverVerify.keystore TiddlySaver.jar
284 Thu Mar 27 07:59:12 CET 2008 META-INF/MANIFEST.MF
395 Sat Mar 06 15:16:04 CET 2010 META-INF/BIDIX.SF
2798 Sat Mar 06 15:16:04 CET 2010 META-INF/BIDIX.RSA
0 Thu Dec 07 14:48:00 CET 2006 META-INF/
smk 1271 Thu Dec 07 14:48:00 CET 2006 TiddlySaver$1.class
X.509, CN=UnaMesa, OU=TiddlyWiki, O=UnaMesa, L=Palo Alto, ST=California, C=US (bidix)
[certificate is valid from 04/03/10 01:00 to 04/03/12 00:59]
X.509, CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA
[certificate is valid from 06/08/03 02:00 to 06/08/13 01:59]
[KeyUsage extension does not support code signing]
X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
[certificate is valid from 01/08/96 02:00 to 01/01/21 00:59]
smk 1184 Thu Dec 07 14:48:00 CET 2006 TiddlySaver$2.class
X.509, CN=UnaMesa, OU=TiddlyWiki, O=UnaMesa, L=Palo Alto, ST=California, C=US (bidix)
[certificate is valid from 04/03/10 01:00 to 04/03/12 00:59]
X.509, CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA
[certificate is valid from 06/08/03 02:00 to 06/08/13 01:59]
[KeyUsage extension does not support code signing]
X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
[certificate is valid from 01/08/96 02:00 to 01/01/21 00:59]
smk 775 Thu Dec 07 14:48:00 CET 2006 TiddlySaver.class
X.509, CN=UnaMesa, OU=TiddlyWiki, O=UnaMesa, L=Palo Alto, ST=California, C=US (bidix)
[certificate is valid from 04/03/10 01:00 to 04/03/12 00:59]
X.509, CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA
[certificate is valid from 06/08/03 02:00 to 06/08/13 01:59]
[KeyUsage extension does not support code signing]
X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
[certificate is valid from 01/08/96 02:00 to 01/01/21 00:59]
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
---------------