headers
Zolfonoon, Riaz | 3 Feb 1999 16:17

RE: Access to Jonah library

As suggested by Andrew my problem was due to our firewall. It is all fixed
now. Got the kit.

Thanks,
Riaz

		-----Original Message-----
		From:	Andrew Gillis [mailto:andrewg <at> interdyn.com]
		Sent:	Monday, January 25, 1999 5:07 PM
		To:	'Zolfonoon, Riaz'
		Subject:	RE: Access to Jonah library

		You are probably behind a firewall.  Set your browser to use
an HTTP proxy.
		TYPE:  HTTP
		PROXY SERVER ADDRESS:  Address of your firewall/gateway (or
where ever proxy
		server is)
		PORT:	80

		> -----Original Message-----
		> From:	Zolfonoon, Riaz
[SMTP:rzolfonoon <at> securitydynamics.com]
		> Sent:	Monday, January 25, 1999 12:34 PM
		> To:	'imc-pfl <at> imc.org'
		> Subject:	Access to Jonah library
		> 
		> Hello,
		> 
		> I've been trying to copy the Jonah sources from MIT site
(Continue reading)

Permalink | Reply | 1 comment |
headers
Zolfonoon, Riaz | 3 Feb 1999 16:27

Jonah installation error

I installed Jonah R2 kit. The installation was pretty smooth. I simply
followed the instructions.

The only problem I ran into was the following. The build procedure could not
find jni_md.h. I copied the file from JDK include to my Jonah build tree and
every thing worked fine. Is this due to a problem in my environment
(incorrect envir variables, path, etc.) or is this due to a problem in the
build procedures?

Thanks a lot. Great job folks!
Riaz
====================================

Starting build in Y:/Src/JAPI
make: Warning -- Attempt to redefine macro `PWD' failed
echo Building jonah_base_JonahInterface.obj
Building jonah_base_JonahInterface.obj
cl -c -Ic:\jbuilder2\java\include -I/Obj/NT/include -I/src/include
-I/Obj/NT//JA
PI -IY:/Src/JAPI -IY:/Src/JAPI -IZ:c:\jbuilder2\java\include
-IZ:/Obj/NT/include
 -IZ:/src/include -IZ:/Obj/NT//JAPI -IZ:/Src/JAPI -IZ:/Src/JAPI /MDd /GX
-nologo
 /MTd /Zi -DWIN32 -D_WINDOWS -DJONAH
Y:/Src/JAPI/jonah_base_JonahInterface.cpp
Command line warning D4025 : overriding '/MDd' with '/MTd'
jonah_base_JonahInterface.cpp
/src/include\jni.h(44) : fatal error C1083: Cannot open include file:
'jni_md.h'
: No such file or directory
(Continue reading)

Permalink | Reply | 0 comments |
headers
Zolfonoon, Riaz | 3 Feb 1999 18:18

R2 features and documentation?

Hi,

I've installed R2 on NT. Here are few questions:

1)	When I start Jonahee, most of the menu options seem to be disabled.
I've tried Actions->CreateCertRequestre. It is expecting a preregistration
option file. What is this file and what's its format?
2)	What is the Action->Initialize for? Is it supposed to initialize my
virtual smart card? Or initialize the GUI tool? It does not seem to do
anything. 
3)	If I click on some buttons, say Help, Java runtime (jre.exe) seems
to go  into an infinite loop and consume almost 100% of CPU. Has anyone seen
this problem?
4)	Is there any documentation that describes the features, supported
algorithms, the GUI usage, etc.(or is the source code the ultimate spec:-))?
I have seen a paper on IBM site that describes the planned features for R1
and R2. I have enclosed extracts form this paper. Could someone from Jonah
team comment on the status of each feature listed below (implemented in Rx
or will be done later at such date).

Regards,
Riaz
=-=-=-=-=-=-=-=-
from: http://www.ibm.com/security/html/wp_pkix.html
<http://www.ibm.com/security/html/wp_pkix.html>  :

		The August (snap shot) version will provide the following: 

		          Ability to create client certs extensions (such as
key usage, basic constraints, name
(Continue reading)

Permalink | Reply | 0 comments |
headers
Zolfonoon, Riaz | 4 Feb 1999 15:16

RE: R2 features and documentation?

I did some more testing. I can now generate cert requests and approve them.
But now I have few more questions :-)

1)	When I click on Submit to send out my request, among other things,
EE prompts me for "exporting TO smart card". What is it trying export to the
card? I was expecting that at this point EE calls PKCS11 to generate the key
pair, reads the public key component out of the token and generates the cert
request. 
Is the prompt actually supposed to be "export FROM smart cadr"?

2)	If I make changes to my request during request generation, EE also
prompts me for saving the changed certificate. If I say YES, every thing
works. But if I say NO, key generation fails with error "key generation
parameters are missing". If I exit the program, reenter and this time accept
the prompt for saving the cert, every thing works.

3)	After the cert is issued, I cannot find a way to export the
certificte. There is an export option but it's grey'd out. Is this because
the feature is not implemented or am I missing something.

Any chance of getting the answers to my previous questions regarding
documentation and features in this drop?

Thanks,
Riaz
Permalink | Reply | 1 comment |
headers
Mark E. Schoneman | 4 Feb 1999 20:30

RE: R2 features and documentation?


	Hi,

	I'm having pretty much the same problems as Riaz. Also when I run the
test<whatever>
	programs they all fail. Could it be that those install dll programs failed.
Is there
	a way to check if they installed correctly. I issued one of them with
totally
	bogus parameters and it seemed happy.8-\

								Mark S.

-----Original Message-----
From: owner-imc-pfl <at> imc.org [mailto:owner-imc-pfl <at> imc.org]On Behalf Of
Zolfonoon, Riaz
Sent: Thursday, February 04, 1999 8:17 AM
To: 'JonahList'
Subject: RE: R2 features and documentation?

I did some more testing. I can now generate cert requests and approve them.
But now I have few more questions :-)

1)	When I click on Submit to send out my request, among other things,
EE prompts me for "exporting TO smart card". What is it trying export to the
card? I was expecting that at this point EE calls PKCS11 to generate the key
pair, reads the public key component out of the token and generates the cert
request.
Is the prompt actually supposed to be "export FROM smart cadr"?
(Continue reading)

Permalink | Reply | 0 comments |
headers
Michael_Shanzer | 4 Feb 1999 21:25

RE: R2 features and documentation?


> 1) When I click on Submit to send out my request, among other things,
> EE prompts me for "exporting TO smart card". What is it trying export to the
> card? I was expecting that at this point EE calls PKCS11 to generate the key
> pair, reads the public key component out of the token and generates the cert
> request.
> Is the prompt actually supposed to be "export FROM smart cadr"?

Right now the virtual smart card is just a data store, the key is not
generated on the card. So the export to smart card function takes the key
that the EE generated and stores it onto the card.

> 2) If I make changes to my request during request generation, EE also
> prompts me for saving the changed certificate. If I say YES, every thing
> works. But if I say NO, key generation fails with error "key generation
> parameters are missing". If I exit the program, reenter and this time accept
> the prompt for saving the cert, every thing works.
We'll have to look into this ...

> 3) After the cert is issued, I cannot find a way to export the
> certificte. There is an export option but it's grey'd out. Is this because
> the feature is not implemented or am I missing something?
This feature is not yet implemented.

> Any chance of getting the answers to my previous questions regarding
> documentation and features in this drop?
Unfortunately, for the most part the code is the ultimate spec.
Each code drop to MIT does have a readme that does give a very brief description
of what is in the drop. The code that is on the MIT web site now supports
requesting
(Continue reading)

Permalink | Reply | 0 comments |
headers
Michael_Shanzer | 4 Feb 1999 21:34

RE: R2 features and documentation?


> I'm having pretty much the same problems as Riaz. Also when I run the
> test<whatever> programs they all fail. Could it be that those install
> dll programs failed. Is there a way to check if they installed correctly.
> I issued one of them with totally bogus parameters and it seemed happy.8-\

If you run regedit and look at:
HKEY_LOCAL_MACHINE --> SOFTWARE --> IBM --> CSSM
There should be a few sub-folders there. They should each
have a location entry which should be where the DLL lives
for that particular provider.  If the DLL is not there,
that'll cause problems.

                              Mike
Permalink | Reply | 0 comments |
headers
David Skyberg | 5 Feb 1999 05:15

building without mks

Sorry if this has been asked, but I'm new to the list.  

Has anyone built Jonah on NT without mks?  I have tchs and a bunch of
unix utils (including make).  Before I go to the trouble of re-writing
the makefiles, I am wondering if anyone has already done this for
sans-mks environmenst?
--

-- 
----------------------------------------------------------------------
               Look both ways before crossing the net!
----------------------------------------------------------------------
David Skyberg  -  Senior Developer
Xcert International Inc.
1981 North Broadway                     Tel:  1-925-274-9300
Suite 330                               Fax:  1-925-974-0657
Walnut Creek CA 94596                 email:  sky <at> xcert.com  
http://www.xcert.com                 direct:  1-423-691-1783 

                    Internet Security Technologies
  Press coverage - http://www.xcert.com/corp/clippings/index.html
Attachment (sky.vcf): text/x-vcard, 290 bytes
Permalink | Reply | 0 comments |
headers
Zolfonoon, Riaz | 5 Feb 1999 15:38

RE: R2 features and documentation?

Michael,

Thanks for your reply.

Could you also shed some light on the PKIX parts that are currently
implemented in R2. For example, how much of the communication between
CA<->RA<->EE conforms in this release. Could these components be
distributed? So far, I have only tested all pieces on the same system.

Regards,
Riaz

		-----Original Message-----
		From:	Michael_Shanzer <at> iris.com
[mailto:Michael_Shanzer <at> iris.com]
		Sent:	Thursday, February 04, 1999 3:25 PM
		To:	Zolfonoon, Riaz
		Cc:	'JonahList'
		Subject:	RE: R2 features and documentation?

		> 1) When I click on Submit to send out my request, among
other things,
		> EE prompts me for "exporting TO smart card". What is it
trying export to the
		> card? I was expecting that at this point EE calls PKCS11
to generate the key
		> pair, reads the public key component out of the token and
generates the cert
		> request.
		> Is the prompt actually supposed to be "export FROM smart
(Continue reading)

Permalink | Reply | 0 comments |
headers
Michael_Shanzer | 5 Feb 1999 18:45

RE: R2 features and documentation?


R2 uses CMP CertReq ,CertRep messages over TCP between the EE and the RA and the
RA and the CA.
Unfortunately POP is not implemented yet. We also only support one request per
message. The next drop
adds support for  RevRepContent, RevReqContent, and CRLAnnContent  messages. All
still over TCP using
the TCP protocol defined in CMP. In R2 (and R3) the protocol messages are not
protected.

You can run all three components on different machines. There should be
directions in the README on how to set this
up. It requires a few simple INI file changes.

                         Mike
Permalink | Reply | 5 comments |

Gmane