Readme file for signing TiddlySaver applet for verifying see verify.readme file 1 - HISTORY 2010 03 06 - BidiX : Signing TiddlySaver.jar with a new Signing Certificate The files were updated with the new process used for signing (sorry my Macbook was configured in French) New signed TiddlySaver.jar was tested with Safari 4.0.4 on MacOS 10.6.2 2008 04 06 - BidiX : documentation 2008 04 06 - BidiX : create TiddlySaverVerify.keystore 2008 03 27 - BidiX : Signing TiddlySaver.jar 2008 03 26 - BidiX : obtaining UnaMesa Signing Certificate 2008 03 17 - BidiX : Issuing a certificate request to Thawte with a BidiX CSR 2003 03 12 - BidiX : Create UnaMesa.keystore with BidiX alias and Private key 2 - UNAMESA.KEYSTORE CREATION Using this command: ---------------- > keytool -genkey -keyalg RSA -alias BidiX -keystore UnaMesa.keystore Tapez le mot de passe du Keystore : Ressaisissez le nouveau mot de passe : Quels sont vos pr?nom et nom ? [Unknown] : BidiX Quel est le nom de votre unit? organisationnelle ? [Unknown] : TiddlyWiki Quelle est le nom de votre organisation ? [Unknown] : UnaMesa Quel est le nom de votre ville de r?sidence ? [Unknown] : Palo Alto Quel est le nom de votre ?tat ou province ? [Unknown] : California Quel est le code de pays ? deux lettres pour cette unit? ? [Unknown] : US Est-ce CN=BidiX, OU=TiddlyWiki, O=UnaMesa, L=Palo Alto, ST=California, C=US ? [non] : OUI Sp?cifiez le mot de passe de la cl? pour (appuyez sur Entr?e s'il s'agit du mot de passe du Keystore) : Ressaisissez le nouveau mot de passe : --------------- For security reasons the Keystore is kept in a safe place in BidiX environment (BidiX @ bidix.info) 3 - CERTICATE REQUEST Using this command : -------------- > keytool -certreq -alias BidiX -file certreq -keystore UnaMesa.keystore -storepass "???" > cat certreq -----BEGIN NEW CERTIFICATE REQUEST----- MIIBrTCCARYCAQAwbTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcT ... sxoX+IbLVSs4Ye4HDqFodRkmehWBJsdWpQa/yji72pY+eA3fCgTt57VL+san9pPaLcwPfAiL23cD R1j/y2RjQYLpE0PH+vQXn26xNeUDo2OONijyG0RLIX57yA== -----END NEW CERTIFICATE REQUEST----- --------------- Certificate received -----BEGIN PKCS #7 SIGNED DATA----- MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAyIwggKLoAMC ... PwnOVRks7+YHJOGv7AAAMQAAAAAAAAA= -----END PKCS #7 SIGNED DATA----- copied in UnaMesa-2.cer 4 - ADDING CERTICATE TO KEYSTORE --------------- > keytool -import -alias BidiX -trustcacerts -file UnaMesa-2.cer -keystore UnaMesa.keystore Tapez le mot de passe du Keystore : R?ponse de certificat install?e dans le Keystore --------------- List Keystore --------------- > keytool -list -v -alias BidiX -keystore UnaMesa.keystore Tapez le mot de passe du Keystore : Nom d'alias : BidiX Date de cr?ation : 6 mars 2010 Type dentr?e?: {0} Longueur de cha?ne du certificat : 3 Certificat[1]: Propri?taire?: CN=UnaMesa, OU=TiddlyWiki, O=UnaMesa, L=Palo Alto, ST=California, C=US ?metteur?: CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA Num?ro de s?rie?: 4b727291e62550562934757e5b6e6588 Valide du?: Thu Mar 04 01:00:00 CET 2010 au?: Sun Mar 04 00:59:59 CET 2012 Empreintes du certificat?: MD5?: 1B:79:CE:47:BE:A9:E4:04:2A:DD:04:F5:BA:62:64:AD SHA1?: 42:A9:6F:4D:C3:20:F8:7F:90:1A:1F:A5:66:92:ED:06:38:19:1E:D4 Nom de lalgorithme de signature?: {7} Version?: {8} Extensions?: #1: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:false PathLen: undefined ] #2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false AuthorityInfoAccess [ [accessMethod: 1.3.6.1.5.5.7.48.1 accessLocation: URIName: http://ocsp.thawte.com] ] #3: ObjectId: 2.5.29.4 Criticality=false #4: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.thawte.com/ThawteCodeSigningCA.crl] ]] #5: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ codeSigning 1.3.6.1.4.1.311.2.1.22 ] #6: ObjectId: 2.16.840.1.113730.1.1 Criticality=false NetscapeCertType [ Object Signing ] Certificat[2]: Propri?taire?: CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA ?metteur?: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Num?ro de s?rie?: a Valide du?: Wed Aug 06 02:00:00 CEST 2003 au?: Tue Aug 06 01:59:59 CEST 2013 Empreintes du certificat?: MD5?: D4:A7:BF:00:7B:6A:0C:20:D9:23:CD:5B:60:7B:7C:12 SHA1?: A7:06:BA:1E:CA:B6:A2:AB:18:69:9F:C0:D7:DD:8C:7D:E3:6F:29:0F Nom de lalgorithme de signature?: {7} Version?: {8} Extensions?: #1: ObjectId: 2.5.29.15 Criticality=true KeyUsage [ Key_CertSign Crl_Sign ] #2: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:0 ] #3: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.thawte.com/ThawtePremiumServerCA.crl] ]] #4: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ clientAuth codeSigning ] #5: ObjectId: 2.5.29.17 Criticality=false SubjectAlternativeName [ CN=PrivateLabel2-144 ] Certificat[3]: Propri?taire?: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA ?metteur?: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA Num?ro de s?rie?: 1 Valide du?: Thu Aug 01 02:00:00 CEST 1996 au?: Fri Jan 01 00:59:59 CET 2021 Empreintes du certificat?: MD5?: 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A SHA1?: 62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A Nom de lalgorithme de signature?: {7} Version?: {8} Extensions?: #1: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:true PathLen:2147483647 ] --------------- 5 - SIGNING TIDDLYSAVER.JAR Get TiddlySaver.jar from http://trac.tiddlywiki.org/browser/Trunk/core/java/TiddlySaver.jar. TiddlySaver.jar contained classes compiled on Thu Dec 07 14:48:00 CET 2006 With UnaMesa.keystore in the current directory Signing jar on Sam 6 mar 2010 15:16:04 CET using this command : --------------- > jarsigner -keystore UnaMesa.keystore TiddlySaver.jar BidiX Enter Passphrase for keystore: --------------- 6 - VERIFYING SIGNATURE WITHOUT KEYSTORE --------------- > jarsigner -verify -verbose TiddlySaver.jar 284 Thu Mar 27 07:59:12 CET 2008 META-INF/MANIFEST.MF 395 Sat Mar 06 15:16:04 CET 2010 META-INF/BIDIX.SF 2798 Sat Mar 06 15:16:04 CET 2010 META-INF/BIDIX.RSA 0 Thu Dec 07 14:48:00 CET 2006 META-INF/ sm 1271 Thu Dec 07 14:48:00 CET 2006 TiddlySaver$1.class sm 1184 Thu Dec 07 14:48:00 CET 2006 TiddlySaver$2.class sm 775 Thu Dec 07 14:48:00 CET 2006 TiddlySaver.class s = signature was verified m = entry is listed in manifest k = at least one certificate was found in keystore i = at least one certificate was found in identity scope jar verified. --------------- 7 - CREATE TiddlySaverVerify.keystore KEYSTORE export SigningCertificate --------------- > keytool -export -alias BidiX -file UnaMesa-3.cer -keystore UnaMesa.keystore Tapez le mot de passe du Keystore : Certificat enregistr? dans le fichier --------------- create keystore "TiddlySaverVerify.keystore" with "tiddlywiki" as password and import SigningCertificate --------------- > keytool -import -alias BidiX -keystore TiddlySaverVerify.keystore -storepass tiddlywiki -file UnaMesa-3.cer Propri?taire?: CN=UnaMesa, OU=TiddlyWiki, O=UnaMesa, L=Palo Alto, ST=California, C=US ?metteur?: CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA Num?ro de s?rie?: 4b727291e62550562934757e5b6e6588 Valide du?: Thu Mar 04 01:00:00 CET 2010 au?: Sun Mar 04 00:59:59 CET 2012 Empreintes du certificat?: MD5?: 1B:79:CE:47:BE:A9:E4:04:2A:DD:04:F5:BA:62:64:AD SHA1?: 42:A9:6F:4D:C3:20:F8:7F:90:1A:1F:A5:66:92:ED:06:38:19:1E:D4 Nom de lalgorithme de signature?: {7} Version?: {8} Extensions?: #1: ObjectId: 2.5.29.19 Criticality=true BasicConstraints:[ CA:false PathLen: undefined ] #2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false AuthorityInfoAccess [ [accessMethod: 1.3.6.1.5.5.7.48.1 accessLocation: URIName: http://ocsp.thawte.com] ] #3: ObjectId: 2.5.29.4 Criticality=false #4: ObjectId: 2.5.29.31 Criticality=false CRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.thawte.com/ThawteCodeSigningCA.crl] ]] #5: ObjectId: 2.5.29.37 Criticality=false ExtendedKeyUsages [ codeSigning 1.3.6.1.4.1.311.2.1.22 ] #6: ObjectId: 2.16.840.1.113730.1.1 Criticality=false NetscapeCertType [ Object Signing ] Faire confiance ? ce certificat ? [non] : Y R?ponse incorrecte, recommencez Faire confiance ? ce certificat ? [non] : oui Certificat ajout? au Keystore --------------- 8 - VERIFYING SIGNATURE WITH TiddlySaverVerify.keystore --------------- > jarsigner -verify -verbose -certs -keystore TiddlySaverVerify.keystore TiddlySaver.jar 284 Thu Mar 27 07:59:12 CET 2008 META-INF/MANIFEST.MF 395 Sat Mar 06 15:16:04 CET 2010 META-INF/BIDIX.SF 2798 Sat Mar 06 15:16:04 CET 2010 META-INF/BIDIX.RSA 0 Thu Dec 07 14:48:00 CET 2006 META-INF/ smk 1271 Thu Dec 07 14:48:00 CET 2006 TiddlySaver$1.class X.509, CN=UnaMesa, OU=TiddlyWiki, O=UnaMesa, L=Palo Alto, ST=California, C=US (bidix) [certificate is valid from 04/03/10 01:00 to 04/03/12 00:59] X.509, CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA [certificate is valid from 06/08/03 02:00 to 06/08/13 01:59] [KeyUsage extension does not support code signing] X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA [certificate is valid from 01/08/96 02:00 to 01/01/21 00:59] smk 1184 Thu Dec 07 14:48:00 CET 2006 TiddlySaver$2.class X.509, CN=UnaMesa, OU=TiddlyWiki, O=UnaMesa, L=Palo Alto, ST=California, C=US (bidix) [certificate is valid from 04/03/10 01:00 to 04/03/12 00:59] X.509, CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA [certificate is valid from 06/08/03 02:00 to 06/08/13 01:59] [KeyUsage extension does not support code signing] X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA [certificate is valid from 01/08/96 02:00 to 01/01/21 00:59] smk 775 Thu Dec 07 14:48:00 CET 2006 TiddlySaver.class X.509, CN=UnaMesa, OU=TiddlyWiki, O=UnaMesa, L=Palo Alto, ST=California, C=US (bidix) [certificate is valid from 04/03/10 01:00 to 04/03/12 00:59] X.509, CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA [certificate is valid from 06/08/03 02:00 to 06/08/13 01:59] [KeyUsage extension does not support code signing] X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA [certificate is valid from 01/08/96 02:00 to 01/01/21 00:59] s = signature was verified m = entry is listed in manifest k = at least one certificate was found in keystore i = at least one certificate was found in identity scope jar verified. ---------------