|
|
Is Thawte trusted?
Hi,
I've built a JCE provider that works fine when the JAR file is signed
with a code signing certificate issued by Sun Microsystems, but when I
sign it with a code signing certificate issued by Thawte (their
Javasoft code signing certificate), then a java.util.jar.JarException
is thrown with error message "... is not signed by a trusted signer".
The strange thing is that I can sign whatever JAR file I like to and it
becomes trusted by both the JCE/security framework and the Java
Plug-in, except for when the JAR file contains code that implements the
'javax.crypto.CipherSpi' interface. To be more specific, if my JAR file
contains implementation for the interfaces 'java.security.KeyStoreSpi'
and 'javax.crypto.CipherSpi', then the following is ok:
KeyStore.getInstance("kstype", "Test");
but the following throws the JarException:
Cipher.getInstance("algorithm", "Test");
In short, whenever I try to create an instance of my cipher provider
(through JCE), the exception is thrown.
To simplify things, I've created an extremely small JCE Cipher provider
application that can be downloaded and tested from:
http://tommy.grandefors.com/thawte.zip
If you have the time and spirit (and a nice Java qualified code signing
certificate) I would appreciate it very much if you could help me out
with the following:
1. Download and unzip the file.
2. Execute the 'run.bat' file to see the exception I get when running
my program.
3. Replace my key store variables in the file 'compile.bat' with your
key store.
4. Execute the 'compile.bat' file to compile and sign the JAR file with
your specific code signing certificate.
5. Execute the 'run.bat' file to see if the exception is thrown once
again.
If no exception is thrown, then I'm really eager to know:
1. What kind of code signing cert did you use (CA issuer, brand etc)?
2. If you use the Thawte Javasoft code signing cert, then how did you
overcome the problem I stumbled into?
I've been in contact with Thawte Support for many weeks now, but
they're clueless in this particular case i.e. they have verified the
error but cannot find a solution (which is rather peculiar I think).
So, any help is appreciated.
Thank you.
Regards,
Tommy
|
|
0
|
|
|
|
Reply
|
 dala (2)
|
6/8/2005 8:08:10 PM |
|
Tommy, I get the same error after signing the code with a Thawte
Personal Email certificate (I use this cert to sign a Webstart app of
mine, and it works fine for that).
|
|
|
0
|
|
|
|
Reply
|
 Aidan
|
6/8/2005 10:17:55 PM
|
|
|
1 Replies
229 Views
(page loaded in 0.061 seconds)
|
|
|
|
|
|
|
|
|
Search |
Post Question |
Groups |
Stream |
About |
Register
1258 articles. 
2 followers. 