Hi,
I use the bcprov.jar to provide rijndael algorithm in my applet.
The signature can't be verified, I think I have to put somewhere the certificate of bouncy castle, but where ?
In addition, I can't find Bouncy Castle certificate,
have you got any ideas ?
Thanks a lot,
Nicolas.
Nicolas,
You don't need the BouncyCastle's certificate to verify its JAR's signature. The version (1.2.1) that I have, get from bouncycastle's site, is a JAR signed (bcprov-jdk14-121.jar).
I could verify it using the command:
jarsigner -certs -verbose -verify bcprov-jdk14-121.jar
And the result proved that it was a valid signed JAR:
....
sm2765 Sat Dec 06 14:06:52 GMT 2003 org/bouncycastle/util/encoders/test/EncoderTest.class
X.509, CN=The Legion of the Bouncy Castle, OU=Java Software Code Signing, O=Sun Microsystems Inc
X.509, CN=JCE Code Signing CA, OU=Java Software Code Signing, O=Sun Microsystems Inc, L=Palo Alto, ST=CA, C=US
s = signature was verified
m = entry is listed in manifest
k = at least one certificate was found in keystore
i = at least one certificate was found in identity scope
jar verified.
....
So, I don't know why you are facing this problem. Try to download the last version from bouncycastle.
[ ]'s
Luciano Coelho
mentes@esec.com.br
thanks a lot Luciano.
I had a old bug version of bouncy castle this works fine with the last one now.
In fact I use Java Web Start to launch my application it checks bouncy castle signature but shows a warning telling that the jar is well signed and the authentification is unverified. It's normal cause the certificate of bouncy castle is not in the cacerts.
Is there a mean to extract the certificate from the jar or to download this certificate somewhere ?
Thanks for answer.