hi
i want to know how to creat a key. in fact i have successed in signing and
crypting with the keys which i found in the wss4j. now i want to creat my
key. so i want to know how to do a key like the key x509.PFX.MSFT. what is
the type of it?
thx for answer to me
regards
ying

We use the following for creating pkcs12 stores for saml signing with
openssl

and a simple servlet to do the same.

-Mike

zhou ying wrote:
hi
i want to know how to creat a key. in fact i have successed in signing
and crypting with the keys which i found in the wss4j. now i want to
creat my key. so i want to know how to do a key like the key
x509.PFX.MSFT. what is the type of it?
thx for answer to me

regards

ying

To unsubscribe, e-mail: wss4j-dev-unsubscribe (AT) ws (DOT) apache.org
For additional commands, e-mail: wss4j-dev-help (AT) ws (DOT) apache.org

thx; i have bad my key. there is no probleme now.
but i have a question. what type is it the x509.PFX.MSFT? it is a key or a
certificate. how can i creat something to instead of it?
i need your help
thx

ragards

ying

5/11/06, Mike Smorul <toaster (AT) umiacs (DOT) umd.eduwrote:
--
We use the following for creating pkcs12 stores for saml signing with
openssl

and a simple servlet to do the same.

-Mike

zhou ying wrote:
hi
i want to know how to creat a key. in fact i have successed in signing
and crypting with the keys which i found in the wss4j. now i want to
creat my key. so i want to know how to do a key like the key
x509.PFX.MSFT. what is the type of it?
thx for answer to me

regards

ying
>
>
>

HI ying,

x509.PFX.MSFT is a PKCS12 keystore with which holds the priate key and
the public key certificate.

You can try the following command to see the contents of the
x509.PFX.MSFT file (from the same dir that the file is in).

keytool -list -keystore x509.PFX.MSFT -storepass security -storetype pkcs12 -v

you should see this output : [1]

HTH

Thanks,
Ruchith

[1]

thx; i have bad my key. there is no probleme now.
but i have a question. what type is it the x509.PFX.MSFT? it is a key or a
certificate. how can i creat something to instead of it?
i need your help
thx

ragards
--
ying
>
>
>
>
>
5/11/06, Mike Smorul <toaster (AT) umiacs (DOT) umd.edu wrote:

We use the following for creating pkcs12 stores for saml signing with
openssl

and a simple servlet to do the same.
--

-Mike

zhou ying wrote:
hi
i want to know how to creat a key. in fact i have successed in signing
and crypting with the keys which i found in the wss4j. now i want to
creat my key. so i want to know how to do a key like the key
x509.PFX.MSFT. what is the type of it?
thx for answer to me

regards

ying
>
>
>
>
>
>

To unsubscribe, e-mail: wss4j-dev-unsubscribe (AT) ws (DOT) apache.org
For additional commands, e-mail: wss4j-dev-help (AT) ws (DOT) apache.org

hi ruchith
thx very much. i can see it now
in fact i have many question. i don't understand.
what's means of keystore. what is the defferents entre keystore key et
certificate?
can i make a keystore like x509.PFX.MSFT? i should use openssl or keytool?
can we make the same key using openssl and keytool?
i know that i have many quesions naive. but i want to understand
thx for answer to me
regards
ying

5/12/06, Ruchith Fernando <ruchith.fernando (AT) gmail (DOT) comwrote:

HI ying,

x509.PFX.MSFT is a PKCS12 keystore with which holds the priate key and
the public key certificate.

You can try the following command to see the contents of the
x509.PFX.MSFT file (from the same dir that the file is in).

keytool -list -keystore x509.PFX.MSFT -storepass security -storetype
pkcs12 -v

you should see this output : [1]

HTH

Thanks,
Ruchith

[1]
--
thx; i have bad my key. there is no probleme now.
but i have a question. what type is it the x509.PFX.MSFT? it is a key or
a
certificate. how can i creat something to instead of it?
i need your help
thx

ragards
--
ying
>
>
>
>
>
5/11/06, Mike Smorul <toaster (AT) umiacs (DOT) umd.edu wrote:

We use the following for creating pkcs12 stores for saml signing
with
openssl

and a simple servlet to do the same.
--

-Mike

zhou ying wrote:
hi
i want to know how to creat a key. in fact i have successed in
signing
and crypting with the keys which i found in the wss4j. now i want
to
creat my key. so i want to know how to do a key like the key
x509.PFX.MSFT. what is the type of it?
thx for answer to me

regards

ying
>
>
>
>
>
>
>

Hi ying,

what's means of keystore. what is the defferents entre keystore key et
certificate?

This will answer the above questions : [1]

can i make a keystore like x509.PFX.MSFT? i should use openssl or keytool?
can we make the same key using openssl and keytool?

Yes you can make your own keystore similar to x509.PFX.MSFT. You can
use "openssl pkcs12" R "keytool" to do this. If you are looking for
a tool with a GUI you can try "protecle" [2]

i know that i have many quesions naive. but i want to understand

No problem :-)

Thanks,
Ruchith

To unsubscribe, e-mail: wss4j-dev-unsubscribe (AT) ws (DOT) apache.org
For additional commands, e-mail: wss4j-dev-help (AT) ws (DOT) apache.org

5/15/06, zhou ying <zhou2000.622 (AT) gmail (DOT) comwrote:
hi ruchith
i have changed the
too. because
is in the file
saml3.properties. and
is in
the file crypto.properties. i need both of them.
by the way, is it possible that i can attribue saml using wss4j?

I'm not sure whether you can do it with the default SAML issuer impl [1]

If not you can consider writing your own issuer (which implements
) WSS4J uses the opensaml
library and it should probably have support for saml attribute
statements.

[1]

To unsubscribe, e-mail: wss4j-dev-unsubscribe (AT) ws (DOT) apache.org
For additional commands, e-mail: wss4j-dev-help (AT) ws (DOT) apache.org

Attempt #3 : should work since the infra guys just fixed the problem
with the list

5/15/06, Ruchith Fernando <ruchith.fernando (AT) gmail (DOT) comwrote:
Hi ying,

Try using "" instead of
""

Please have a look at this [1] as well .

Thanks,
Ruchith

[1]

5/15/06, zhou ying <zhou2000.622 (AT) gmail (DOT) comwrote:
Hi Ruchith

i don't think that i need to put the value of the "user", because i use the
confirmation method with sender-vous. so i hava no parameter "user". for the
parameter
, i
have changed.
maybe it's the probleme of my private key
i show you the information of the key

Keystore type: jks
Keystore provider: SUN

Your keystore contains 1 entry

Alias name: carreservie
Creation date: Mar 8, 2006
Entry type: keyEntry
Certificate chain length: 1
Certificate[1]:
: CN=Service, U=bu, =bu, L=ps, ST=ps, C=FR
Issuer: CN=Service, U=bu, =bu, L=ps, ST=ps, C=FR
Serial number: 440eb944
Valid from: Wed Mar 08 12:00:20 CET 2006 until: Tue Jun 06 13:00:20 CEST
2006
Certificate fingerprints:
MD5:

SHA1:

regards
ying
>
>
>
5/15/06, Ruchith Fernando < ruchith.fernando (AT) gmail (DOT) comwrote:
Hi ying,

The value of the "user" parameter in your configuration must be the
alias of the private key in the keystore that you created.

Thanks,
Ruchith

5/15/06, zhou ying < zhou2000.622 (AT) gmail (DOT) comwrote:
hi Ruchith

thank you for your help.
i made un keystore using keytool with type jks. i want to use it for
sign
saml. but i have some error liks this

Exception in thread "main"
WSHandler:
Signed SAML: error during message

General security error (Unexpected number of X509Data: for Signature)
at

(WSHandlerjava:370)
at

(WSHandler.java:155)
at

(WSDoAllSender.java:161)
at

(InvocationStrategy.java:32)
at

(SimpleChain.java:118)
at
(SimpleChain.java:83)
at

(AxisClient.java:121)
at

(Call.java:2765)
at
(Call.java:2748)
at
(Call.java:2424)
at
(Call.java:2347)
at
(Call.java:1804)
at

(
:103)
at client.Client.main(Client.java:19)

i have tried to find solution on internet. i find that you had the same
probleme as me. so i want to know how you could deal with this probleme.

thx

ragards

ying
>
>
>
>
>

To unsubscribe, e-mail: wss4j-dev-unsubscribe (AT) ws (DOT) apache.org
For additional commands, e-mail: wss4j-dev-help (AT) ws (DOT) apache.org