At 02:20 PM 11/6/2012, Vincent Ryan wrote:
>> A certificate unpaired with a private key will not be imported with existing
>> tools. (MS certmgr and firefox/thunderbird). If its paired with a private
>> key, it gets imported into the personal cert portion of the certificate
>> store. It's po
On 6 Nov 2012, at 14:21, Michael StJohns wrote:
> At 03:52 PM 11/5/2012, Vincent Ryan wrote:
>> On 05/11/2012 18:28, Michael StJohns wrote:
>>> At 09:17 AM 11/5/2012, Vincent Ryan wrote:
Thanks for your suggestion Mike. I quite like that approach but I'm
concerned that existing tools a
At 03:52 PM 11/5/2012, Vincent Ryan wrote:
>On 05/11/2012 18:28, Michael StJohns wrote:
>>At 09:17 AM 11/5/2012, Vincent Ryan wrote:
>>>Thanks for your suggestion Mike. I quite like that approach but I'm
>>>concerned that existing tools and
>>>browsers do not support this new type of PKCS12 safe b
On 05/11/2012 18:28, Michael StJohns wrote:
At 09:17 AM 11/5/2012, Vincent Ryan wrote:
Thanks for your suggestion Mike. I quite like that approach but I'm concerned
that existing tools and
browsers do not support this new type of PKCS12 safe bag.
I went back and took a look at the PKCS12 stan
At 09:17 AM 11/5/2012, Vincent Ryan wrote:
>Thanks for your suggestion Mike. I quite like that approach but I'm concerned
>that existing tools and
>browsers do not support this new type of PKCS12 safe bag.
I went back and took a look at the PKCS12 standard. The ASN1 defining the list
of bag typ
Thanks for your suggestion Mike. I quite like that approach but I'm concerned
that existing tools and
browsers do not support this new type of PKCS12 safe bag.
If we could overcome the issue with using extendedKeyUsage as a bag attribute
then I think that the
current proposal using cert bag woul
At 11:14 PM 11/1/2012, Michael StJohns wrote:
>The appeal of re-purposing the extendedKeyUsage attribute is that it is
>already well known as a certificate extension. And in addition, it can be used
>by keystore owners to limit a cert's trust level to quite specific purposes.
>
>This is one of th
On 2 Nov 2012, at 04:14, Michael StJohns wrote:
> At 02:26 PM 11/1/2012, Vincent Ryan wrote:
>
>> On 1 Nov 2012, at 17:50, Michael StJohns wrote:
>>
>>> At 12:55 PM 10/31/2012, Vincent Ryan wrote:
>>>
Before considering migrating the platform default keystore format to
PKCS12 its ke
ax
>
>>
>> Bruce A Rich
>> brich at-sign us dot ibm dot com
>>
>>
>>
>>
>> From: Weijun Wang
>> To:security-dev@openjdk.java.net
>> Date:10/31/2012 09:27 PM
>> Subject:Re: Transitioning the default ke
At 02:26 PM 11/1/2012, Vincent Ryan wrote:
>On 1 Nov 2012, at 17:50, Michael StJohns wrote:
>
>> At 12:55 PM 10/31/2012, Vincent Ryan wrote:
>>
>>> Before considering migrating the platform default keystore format to PKCS12
>>> its keystore implementation
>>> must at least match the functionalit
KS, which
> is the format used by cacerts, for example.
I see.
Thanks
Max
>
> Bruce A Rich
> brich at-sign us dot ibm dot com
>
>
>
>
> From:Weijun Wang
> To:security-dev@openjdk.java.net
> Date: 10/31/2012 09:27 PM
> Subject:
On 1 Nov 2012, at 17:50, Michael StJohns wrote:
> At 12:55 PM 10/31/2012, Vincent Ryan wrote:
>
>> Before considering migrating the platform default keystore format to PKCS12
>> its keystore implementation
>> must at least match the functionality of JKS.
>>
>> I have developed a prototype of a
At 12:55 PM 10/31/2012, Vincent Ryan wrote:
>Before considering migrating the platform default keystore format to PKCS12
>its keystore implementation
>must at least match the functionality of JKS.
>
>I have developed a prototype of a multi-format keystore that understands both
>JKS and PKCS12
>f
bject: Re: Transitioning the default keystore format to PKCS#12
Sent by:security-dev-boun...@openjdk.java.net
A little off topic:
Do we still care about the JCEKS storetype? Maybe no one stores secret
keys in a keystore?
Thanks
Max
On 11/01/2012 12:55 AM, Vincent Ryan
I think storing secret keys, and passwords, is still important. We intend to
add support for SecretKeyEntry to the
PKCS12 implementation but there are no plans to make changes to JCEKS.
On 1 Nov 2012, at 02:08, Weijun Wang wrote:
> A little off topic:
>
> Do we still care about the JCEKS store
A little off topic:
Do we still care about the JCEKS storetype? Maybe no one stores secret
keys in a keystore?
Thanks
Max
On 11/01/2012 12:55 AM, Vincent Ryan wrote:
Before considering migrating the platform default keystore format to PKCS12 its
keystore implementation
must at least match
Before considering migrating the platform default keystore format to PKCS12 its
keystore implementation
must at least match the functionality of JKS.
I have developed a prototype of a multi-format keystore that understands both
JKS and PKCS12
formats - it checks for the JKS magic number to dete
17 matches
Mail list logo
