: Class CA

Class

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: INNER | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

orbasec.tools
Class CA

java.lang.Object
  |
  +--orbasec.tools.Subject
        |
        +--orbasec.tools.CA

public class CA
extends orbasec.tools.Subject

A little mini Certificate Authority for generating and veriying X509Certificates. This class has only 1 public main method. It is designed to be a stand-alone tool for manipulating certificates.

The syntax for this program is:

java orbasec.tools.CA (generate|verify|dump) [options] where options are given below. ORBAsec comes with 3 script/batch files, generate, verify, and dump, which serve as front-ends for the 3 CA comamnds:

generate Generate a PrivateKey and a X509Certificate in a IAIK KeyAndCertificateFile.

verify Verify the certificate chain in a key/cert file

dump Display the contents of a key/cert file

The options for these commands are:

 Commands: 
 help                      Print this screen
 generate 
     -ca                   Generate a Certificate Authority; CAs sign their 
                           own certificates
     -use-ca <ca-file>     Use the CA defined in <ca-file> as the signing
                           authority for the certficate
     -kpa <alg>            Use Algorithm <alg> for KeyPair generation,
                           where <alg> is DSA, RSA, or DH (default: DSA)
     -filename <value>     Filename for cert file (Default: cert)
     -passwd <password>    Use <password> to encrypt the private key in the
                           generated cert-file.  (Default: mypassword).
     -encoding pem|der     Encoding for cert file (Default: pem)
     -country <value>      The country field for generated X509Certificate
                           (Default: US)
     -locality <value>     The locality field for generated X509Certificate
                           (Default: Syracuse)
     -organization <value> The organization field for generated X509Certificate
                           (Default: Adiron)
     -commonName <value>   The commonName field for generated X509Certificate
     -expiry #m | #h | #o  The expiration time for generated X509Certificate, 
                           given in minutes (m), hours (h), or months (o)
                           (Default: 6 months)
 dump <key-cert-file>          Dumps the contents of <key-cert-file>
 verify <key-cert-file>        Verify the certificates in <key-cert-file>
  
  
 NOTES: 
     o If a key-cert-file private key is signed with "mypassword" (the default),
       then the key-cert-file can be automatically read; otherwise, you will
       be prompted for a password.
     o Do not use the -ca and -use-ca options simultaneously; first make
       a CA using the -ca option, and then use the CA defined in the cert
       file to sign certificates.
     o Do not use DH as a KeyPair generation algorithm for CAs, since the
       CA will not then be able to sign X509Certificates.
     o In this simple program, you can only supply single tokens as values
       to the command-line arguments.

 The generate function creates an IAIK KeyAndCertificate File. 
 Use kac2keystore (java orbasec.tools.KAC2KeyStore) 
 to load it into a keystore file.

Method Summary
`static void`	`main(java.lang.String[] argv)`

Methods inherited from class orbasec.tools.Subject

toString

Methods inherited from class java.lang.Object

equals, 
getClass, 
hashCode, 
notify, 
notifyAll, 
wait, 
wait, 
wait

Method Detail

main

public static void main(java.lang.String[] argv)