JiscMail Logo
Email discussion lists for the UK Education and Research communities

Help for PERMIS-USERS Archives


PERMIS-USERS Archives

PERMIS-USERS Archives


PERMIS-USERS@JISCMAIL.AC.UK


View:

Message:

[

First

|

Previous

|

Next

|

Last

]

By Topic:

[

First

|

Previous

|

Next

|

Last

]

By Author:

[

First

|

Previous

|

Next

|

Last

]

Font:

Proportional Font

LISTSERV Archives

LISTSERV Archives

PERMIS-USERS Home

PERMIS-USERS Home

PERMIS-USERS  October 2007

PERMIS-USERS October 2007

Options

Subscribe or Unsubscribe

Subscribe or Unsubscribe

Log In

Log In

Get Password

Get Password

Subject:

Re: ACE Format

From:

Marc Stoecklin <[log in to unmask]>

Reply-To:

For users/administrators of the PERMIS authorisation software <[log in to unmask]>

Date:

Mon, 22 Oct 2007 13:02:24 +0100

Content-Type:

text/plain

Parts/Attachments:

Parts/Attachments

text/plain (99 lines)

Dear David

many thanks for the reply.

Do you see any chance to load an AC on a smart card with the AuthentIC
Manager?  

I have as well the IAIK PKCS#11 Wrapper at hand that defines
iaik.pkcs.pkcs11.objects.X509AttributeCertificate.  However, I wonder
whether a issrg.ac.AttributeCertificate object can be mapped easily into a
X509AttributeCertificate object?  If that would be the case, I could write a
tool to load (createObject) an AC on the card using this object.  Are there
any code snippets of such a mapping available?

Best regards,
Marc.


On Mon, 22 Oct 2007 11:40:31 +0100, David Chadwick <[log in to unmask]>
wrote:

>Hi Marc
>
>An AC is not a PKC. They are both defined in X.509, but are
>syntactically different. Much software such as OpenSSL only supports
>PKCs and not ACs. So renaming a .ace file as .cer or .p7c wont help I am
>afraid.
>
>Other software such as IAIK and Bouncy Castle will support ACs. So you
>will need to use these. We have just about got Bouncy Castle working and
>plan to issue a version of PERMIS with this instead of IAIK in due course.
>
>One tool you can easily use to see the contents of an AC is the general
>ASN.1 tool BERViewer. A pointer to downloading this is on our website.
>
>regards
>
>David
>
>
>Marc Stoecklin wrote:
>> Dear list,
>>
>> I successfully installed and setup PERMIS in a testing environment
>> (Ubuntu Linux, Java SE RE 1.6.0_03).  I created a new AC for a user and
>> exported it as a file (.ace).  The ultimate goal is to test whether the
>> AC can be saved on a smart card.
>>
>> However, I struggle to see the contents (-text) of the .ace file with
>> openssl.  I also tried to inspect the sample AC (1/user0.ace) provided
>> in the testing application:
>>
>> <---
>> $ openssl x509 -inform der -noout -text -in user0.ace
>>
>> unable to load certificate
>> 6758:error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong
>> tag:tasn_dec.c:1294:
>> 6758:error:0D06C03A:asn1 encoding routines:ASN1_D2I_EX_PRIMITIVE:nested
>> asn1 error:tasn_dec.c:830:
>> 6758:error:0D08303A:asn1 encoding
>> routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
>> error:tasn_dec.c:749:Field=algorithm, Type=X509_ALGOR
>> 6758:error:0D08303A:asn1 encoding
>> routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
>> error:tasn_dec.c:749:Field=signature, Type=X509_CINF
>> 6758:error:0D08303A:asn1 encoding
>> routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1
>> error:tasn_dec.c:749:Field=cert_info, Type=X509
>> --->
>>
>> Importing the .ace file on the smart card is not possible either as the
>> software (AuthentIC Manager from Oberthur) does expect .cer, .crt, or
>> .p7c files (renaming .ace to .cer does not work ...).
>>
>> What am I doing wrong here?  Is there a way to convert the .ace file
>> into a .cer file so as to import the latter to the smart card?
>>
>> Thanks in advance,
>> Marc Stoecklin.
>>
>
>--
>
>*****************************************************************
>David W. Chadwick, BSc PhD
>Professor of Information Systems Security
>The Computing Laboratory, University of Kent, Canterbury, CT2 7NF
>Skype Name: davidwchadwick
>Tel: +44 1227 82 3221
>Fax +44 1227 762 811
>Mobile: +44 77 96 44 7184
>Email: [log in to unmask]
>Home Page: http://www.cs.kent.ac.uk/people/staff/dwc8/index.html
>Research Web site: http://www.cs.kent.ac.uk/research/groups/iss/index.html
>Entrust key validation string: MLJ9-DU5T-HV8J
>PGP Key ID is 0xBC238DE5
>
>*****************************************************************

Top of Message | Previous Page | Permalink

JiscMail Tools


RSS Feeds and Sharing


Advanced Options


Archives

September 2017
May 2014
June 2013
April 2013
November 2012
September 2012
July 2012
February 2012
November 2011
October 2011
September 2011
June 2011
May 2011
April 2011
March 2011
February 2011
November 2010
October 2010
August 2010
July 2010
April 2010
March 2010
February 2010
January 2010
December 2009
October 2009
August 2009
June 2009
March 2009
February 2009
January 2009
November 2008
October 2008
May 2008
April 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
May 2007
March 2007
February 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006


JiscMail is a Jisc service.

View our service policies at https://www.jiscmail.ac.uk/policyandsecurity/ and Jisc's privacy policy at https://www.jisc.ac.uk/website/privacy-notice

Secured by F-Secure Anti-Virus CataList Email List Search Powered by the LISTSERV Email List Manager