mirror of
https://github.com/Jermolene/TiddlyWiki5
synced 2024-11-30 21:39:57 +00:00
323 lines
11 KiB
Plaintext
Executable File
323 lines
11 KiB
Plaintext
Executable File
|
|
Readme file for signing TiddlySaver applet
|
|
|
|
for verifying see verify.readme file
|
|
|
|
1 - HISTORY
|
|
|
|
2010 03 06 - BidiX : Signing TiddlySaver.jar with a new Signing Certificate
|
|
The files were updated with the new process used for signing (sorry my Macbook was configured in French)
|
|
New signed TiddlySaver.jar was tested with Safari 4.0.4 on MacOS 10.6.2
|
|
2008 04 06 - BidiX : documentation
|
|
2008 04 06 - BidiX : create TiddlySaverVerify.keystore
|
|
2008 03 27 - BidiX : Signing TiddlySaver.jar
|
|
2008 03 26 - BidiX : obtaining UnaMesa Signing Certificate
|
|
2008 03 17 - BidiX : Issuing a certificate request to Thawte with a BidiX CSR
|
|
2003 03 12 - BidiX : Create UnaMesa.keystore with BidiX alias and Private key
|
|
|
|
|
|
2 - UNAMESA.KEYSTORE CREATION
|
|
|
|
Using this command:
|
|
----------------
|
|
> keytool -genkey -keyalg RSA -alias BidiX -keystore UnaMesa.keystore
|
|
Tapez le mot de passe du Keystore :
|
|
Ressaisissez le nouveau mot de passe :
|
|
Quels sont vos pr?nom et nom ?
|
|
[Unknown] : BidiX
|
|
Quel est le nom de votre unit? organisationnelle ?
|
|
[Unknown] : TiddlyWiki
|
|
Quelle est le nom de votre organisation ?
|
|
[Unknown] : UnaMesa
|
|
Quel est le nom de votre ville de r?sidence ?
|
|
[Unknown] : Palo Alto
|
|
Quel est le nom de votre ?tat ou province ?
|
|
[Unknown] : California
|
|
Quel est le code de pays ? deux lettres pour cette unit? ?
|
|
[Unknown] : US
|
|
Est-ce CN=BidiX, OU=TiddlyWiki, O=UnaMesa, L=Palo Alto, ST=California, C=US ?
|
|
[non] : OUI
|
|
|
|
Sp?cifiez le mot de passe de la cl? pour <BidiX>
|
|
(appuyez sur Entr?e s'il s'agit du mot de passe du Keystore) :
|
|
Ressaisissez le nouveau mot de passe :
|
|
---------------
|
|
|
|
For security reasons the Keystore is kept in a safe place in BidiX environment (BidiX @ bidix.info)
|
|
|
|
|
|
3 - CERTICATE REQUEST
|
|
Using this command :
|
|
--------------
|
|
> keytool -certreq -alias BidiX -file certreq -keystore UnaMesa.keystore -storepass "???"
|
|
> cat certreq
|
|
-----BEGIN NEW CERTIFICATE REQUEST-----
|
|
MIIBrTCCARYCAQAwbTELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcT
|
|
...
|
|
sxoX+IbLVSs4Ye4HDqFodRkmehWBJsdWpQa/yji72pY+eA3fCgTt57VL+san9pPaLcwPfAiL23cD
|
|
R1j/y2RjQYLpE0PH+vQXn26xNeUDo2OONijyG0RLIX57yA==
|
|
-----END NEW CERTIFICATE REQUEST-----
|
|
---------------
|
|
Certificate received
|
|
-----BEGIN PKCS #7 SIGNED DATA-----
|
|
MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAyIwggKLoAMC
|
|
...
|
|
PwnOVRks7+YHJOGv7AAAMQAAAAAAAAA=
|
|
-----END PKCS #7 SIGNED DATA-----
|
|
copied in UnaMesa-2.cer
|
|
|
|
4 - ADDING CERTICATE TO KEYSTORE
|
|
---------------
|
|
> keytool -import -alias BidiX -trustcacerts -file UnaMesa-2.cer -keystore UnaMesa.keystore
|
|
Tapez le mot de passe du Keystore :
|
|
R?ponse de certificat install?e dans le Keystore
|
|
---------------
|
|
List Keystore
|
|
---------------
|
|
> keytool -list -v -alias BidiX -keystore UnaMesa.keystore
|
|
Tapez le mot de passe du Keystore :
|
|
Nom d'alias : BidiX
|
|
Date de cr?ation : 6 mars 2010
|
|
Type dentr?e?: {0}
|
|
Longueur de cha?ne du certificat : 3
|
|
Certificat[1]:
|
|
Propri?taire?: CN=UnaMesa, OU=TiddlyWiki, O=UnaMesa, L=Palo Alto, ST=California, C=US
|
|
?metteur?: CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA
|
|
Num?ro de s?rie?: 4b727291e62550562934757e5b6e6588
|
|
Valide du?: Thu Mar 04 01:00:00 CET 2010 au?: Sun Mar 04 00:59:59 CET 2012
|
|
Empreintes du certificat?:
|
|
MD5?: 1B:79:CE:47:BE:A9:E4:04:2A:DD:04:F5:BA:62:64:AD
|
|
SHA1?: 42:A9:6F:4D:C3:20:F8:7F:90:1A:1F:A5:66:92:ED:06:38:19:1E:D4
|
|
Nom de lalgorithme de signature?: {7}
|
|
Version?: {8}
|
|
|
|
Extensions?:
|
|
|
|
#1: ObjectId: 2.5.29.19 Criticality=true
|
|
BasicConstraints:[
|
|
CA:false
|
|
PathLen: undefined
|
|
]
|
|
|
|
#2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
|
|
AuthorityInfoAccess [
|
|
[accessMethod: 1.3.6.1.5.5.7.48.1
|
|
accessLocation: URIName: http://ocsp.thawte.com]
|
|
]
|
|
|
|
#3: ObjectId: 2.5.29.4 Criticality=false
|
|
|
|
#4: ObjectId: 2.5.29.31 Criticality=false
|
|
CRLDistributionPoints [
|
|
[DistributionPoint:
|
|
[URIName: http://crl.thawte.com/ThawteCodeSigningCA.crl]
|
|
]]
|
|
|
|
#5: ObjectId: 2.5.29.37 Criticality=false
|
|
ExtendedKeyUsages [
|
|
codeSigning
|
|
1.3.6.1.4.1.311.2.1.22
|
|
]
|
|
|
|
#6: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
|
|
NetscapeCertType [
|
|
Object Signing
|
|
]
|
|
|
|
Certificat[2]:
|
|
Propri?taire?: CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA
|
|
?metteur?: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
|
|
Num?ro de s?rie?: a
|
|
Valide du?: Wed Aug 06 02:00:00 CEST 2003 au?: Tue Aug 06 01:59:59 CEST 2013
|
|
Empreintes du certificat?:
|
|
MD5?: D4:A7:BF:00:7B:6A:0C:20:D9:23:CD:5B:60:7B:7C:12
|
|
SHA1?: A7:06:BA:1E:CA:B6:A2:AB:18:69:9F:C0:D7:DD:8C:7D:E3:6F:29:0F
|
|
Nom de lalgorithme de signature?: {7}
|
|
Version?: {8}
|
|
|
|
Extensions?:
|
|
|
|
#1: ObjectId: 2.5.29.15 Criticality=true
|
|
KeyUsage [
|
|
Key_CertSign
|
|
Crl_Sign
|
|
]
|
|
|
|
#2: ObjectId: 2.5.29.19 Criticality=true
|
|
BasicConstraints:[
|
|
CA:true
|
|
PathLen:0
|
|
]
|
|
|
|
#3: ObjectId: 2.5.29.31 Criticality=false
|
|
CRLDistributionPoints [
|
|
[DistributionPoint:
|
|
[URIName: http://crl.thawte.com/ThawtePremiumServerCA.crl]
|
|
]]
|
|
|
|
#4: ObjectId: 2.5.29.37 Criticality=false
|
|
ExtendedKeyUsages [
|
|
clientAuth
|
|
codeSigning
|
|
]
|
|
|
|
#5: ObjectId: 2.5.29.17 Criticality=false
|
|
SubjectAlternativeName [
|
|
CN=PrivateLabel2-144
|
|
]
|
|
|
|
Certificat[3]:
|
|
Propri?taire?: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
|
|
?metteur?: EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
|
|
Num?ro de s?rie?: 1
|
|
Valide du?: Thu Aug 01 02:00:00 CEST 1996 au?: Fri Jan 01 00:59:59 CET 2021
|
|
Empreintes du certificat?:
|
|
MD5?: 06:9F:69:79:16:66:90:02:1B:8C:8C:A2:C3:07:6F:3A
|
|
SHA1?: 62:7F:8D:78:27:65:63:99:D2:7D:7F:90:44:C9:FE:B3:F3:3E:FA:9A
|
|
Nom de lalgorithme de signature?: {7}
|
|
Version?: {8}
|
|
|
|
Extensions?:
|
|
|
|
#1: ObjectId: 2.5.29.19 Criticality=true
|
|
BasicConstraints:[
|
|
CA:true
|
|
PathLen:2147483647
|
|
]
|
|
---------------
|
|
|
|
5 - SIGNING TIDDLYSAVER.JAR
|
|
|
|
Get TiddlySaver.jar from http://trac.tiddlywiki.org/browser/Trunk/core/java/TiddlySaver.jar.
|
|
TiddlySaver.jar contained classes compiled on Thu Dec 07 14:48:00 CET 2006
|
|
|
|
With UnaMesa.keystore in the current directory Signing jar on Sam 6 mar 2010 15:16:04 CET using this command :
|
|
---------------
|
|
> jarsigner -keystore UnaMesa.keystore TiddlySaver.jar BidiX
|
|
Enter Passphrase for keystore:
|
|
---------------
|
|
|
|
6 - VERIFYING SIGNATURE WITHOUT KEYSTORE
|
|
---------------
|
|
> jarsigner -verify -verbose TiddlySaver.jar
|
|
|
|
284 Thu Mar 27 07:59:12 CET 2008 META-INF/MANIFEST.MF
|
|
395 Sat Mar 06 15:16:04 CET 2010 META-INF/BIDIX.SF
|
|
2798 Sat Mar 06 15:16:04 CET 2010 META-INF/BIDIX.RSA
|
|
0 Thu Dec 07 14:48:00 CET 2006 META-INF/
|
|
sm 1271 Thu Dec 07 14:48:00 CET 2006 TiddlySaver$1.class
|
|
sm 1184 Thu Dec 07 14:48:00 CET 2006 TiddlySaver$2.class
|
|
sm 775 Thu Dec 07 14:48:00 CET 2006 TiddlySaver.class
|
|
|
|
s = signature was verified
|
|
m = entry is listed in manifest
|
|
k = at least one certificate was found in keystore
|
|
i = at least one certificate was found in identity scope
|
|
|
|
jar verified.
|
|
---------------
|
|
|
|
7 - CREATE TiddlySaverVerify.keystore KEYSTORE
|
|
export SigningCertificate
|
|
---------------
|
|
> keytool -export -alias BidiX -file UnaMesa-3.cer -keystore UnaMesa.keystore
|
|
Tapez le mot de passe du Keystore :
|
|
Certificat enregistr? dans le fichier <UnaMesa-3.cer>
|
|
---------------
|
|
create keystore "TiddlySaverVerify.keystore" with "tiddlywiki" as password and import SigningCertificate
|
|
---------------
|
|
> keytool -import -alias BidiX -keystore TiddlySaverVerify.keystore -storepass tiddlywiki -file UnaMesa-3.cer
|
|
Propri?taire?: CN=UnaMesa, OU=TiddlyWiki, O=UnaMesa, L=Palo Alto, ST=California, C=US
|
|
?metteur?: CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA
|
|
Num?ro de s?rie?: 4b727291e62550562934757e5b6e6588
|
|
Valide du?: Thu Mar 04 01:00:00 CET 2010 au?: Sun Mar 04 00:59:59 CET 2012
|
|
Empreintes du certificat?:
|
|
MD5?: 1B:79:CE:47:BE:A9:E4:04:2A:DD:04:F5:BA:62:64:AD
|
|
SHA1?: 42:A9:6F:4D:C3:20:F8:7F:90:1A:1F:A5:66:92:ED:06:38:19:1E:D4
|
|
Nom de lalgorithme de signature?: {7}
|
|
Version?: {8}
|
|
|
|
Extensions?:
|
|
|
|
#1: ObjectId: 2.5.29.19 Criticality=true
|
|
BasicConstraints:[
|
|
CA:false
|
|
PathLen: undefined
|
|
]
|
|
|
|
#2: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
|
|
AuthorityInfoAccess [
|
|
[accessMethod: 1.3.6.1.5.5.7.48.1
|
|
accessLocation: URIName: http://ocsp.thawte.com]
|
|
]
|
|
|
|
#3: ObjectId: 2.5.29.4 Criticality=false
|
|
|
|
#4: ObjectId: 2.5.29.31 Criticality=false
|
|
CRLDistributionPoints [
|
|
[DistributionPoint:
|
|
[URIName: http://crl.thawte.com/ThawteCodeSigningCA.crl]
|
|
]]
|
|
|
|
#5: ObjectId: 2.5.29.37 Criticality=false
|
|
ExtendedKeyUsages [
|
|
codeSigning
|
|
1.3.6.1.4.1.311.2.1.22
|
|
]
|
|
|
|
#6: ObjectId: 2.16.840.1.113730.1.1 Criticality=false
|
|
NetscapeCertType [
|
|
Object Signing
|
|
]
|
|
|
|
Faire confiance ? ce certificat ? [non] : Y
|
|
R?ponse incorrecte, recommencez
|
|
Faire confiance ? ce certificat ? [non] : oui
|
|
Certificat ajout? au Keystore
|
|
---------------
|
|
|
|
8 - VERIFYING SIGNATURE WITH TiddlySaverVerify.keystore
|
|
---------------
|
|
> jarsigner -verify -verbose -certs -keystore TiddlySaverVerify.keystore TiddlySaver.jar
|
|
284 Thu Mar 27 07:59:12 CET 2008 META-INF/MANIFEST.MF
|
|
395 Sat Mar 06 15:16:04 CET 2010 META-INF/BIDIX.SF
|
|
2798 Sat Mar 06 15:16:04 CET 2010 META-INF/BIDIX.RSA
|
|
0 Thu Dec 07 14:48:00 CET 2006 META-INF/
|
|
smk 1271 Thu Dec 07 14:48:00 CET 2006 TiddlySaver$1.class
|
|
|
|
X.509, CN=UnaMesa, OU=TiddlyWiki, O=UnaMesa, L=Palo Alto, ST=California, C=US (bidix)
|
|
[certificate is valid from 04/03/10 01:00 to 04/03/12 00:59]
|
|
X.509, CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA
|
|
[certificate is valid from 06/08/03 02:00 to 06/08/13 01:59]
|
|
[KeyUsage extension does not support code signing]
|
|
X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
|
|
[certificate is valid from 01/08/96 02:00 to 01/01/21 00:59]
|
|
|
|
smk 1184 Thu Dec 07 14:48:00 CET 2006 TiddlySaver$2.class
|
|
|
|
X.509, CN=UnaMesa, OU=TiddlyWiki, O=UnaMesa, L=Palo Alto, ST=California, C=US (bidix)
|
|
[certificate is valid from 04/03/10 01:00 to 04/03/12 00:59]
|
|
X.509, CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA
|
|
[certificate is valid from 06/08/03 02:00 to 06/08/13 01:59]
|
|
[KeyUsage extension does not support code signing]
|
|
X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
|
|
[certificate is valid from 01/08/96 02:00 to 01/01/21 00:59]
|
|
|
|
smk 775 Thu Dec 07 14:48:00 CET 2006 TiddlySaver.class
|
|
|
|
X.509, CN=UnaMesa, OU=TiddlyWiki, O=UnaMesa, L=Palo Alto, ST=California, C=US (bidix)
|
|
[certificate is valid from 04/03/10 01:00 to 04/03/12 00:59]
|
|
X.509, CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA
|
|
[certificate is valid from 06/08/03 02:00 to 06/08/13 01:59]
|
|
[KeyUsage extension does not support code signing]
|
|
X.509, EMAILADDRESS=premium-server@thawte.com, CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
|
|
[certificate is valid from 01/08/96 02:00 to 01/01/21 00:59]
|
|
|
|
|
|
s = signature was verified
|
|
m = entry is listed in manifest
|
|
k = at least one certificate was found in keystore
|
|
i = at least one certificate was found in identity scope
|
|
|
|
jar verified.
|
|
--------------- |