Skip to main content

online.sig and online.crt help

6 replies [Last post]
scottbates
Offline
Joined: 2008-07-27
Points: 0

Hi all,

looking for any guidance on how to create these files...

online.sig - BDSigner says it does it, but says the argument to pass in is app.discroot.crt. I would have thought based on the name that it was derived from the online.crt once you got that from the BDA. I tried running BDsigner and passing in my app.crt but got this error "The alias:onlinecert does not exist" ...that implies to me that even though I am passing in app.crt it is expecting to find the onlin.crt already loaded into the keystore. Anyone got any thoughts?

online.crt - currently my client is doing their paperwork with the BDA to get the online.crt and the BDA has asked them to provide their PGP Fingerprint. anyone have any idea what this is referring to. I would have assumed the BDA needed a standard csr. I'm baffled by this one... so anyone with any tips on what needs to be provided to the BDA for the online.crt is much appreciated.

thanks all for your time. and to those who built the cookbook tools, many extra thanks as they are awesome tools.

_scott

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
scottbates
Offline
Joined: 2008-07-27
Points: 0

One other resulting question...

If the app.discroot.crt gets modified, do I have to resign my jar after it's been modified?

_scott

jaya_h
Offline
Joined: 2005-07-11
Points: 0

Those who are interested in generating "online.sig" using BDSigner
please read on..

> online.sig - BDSigner says it does it, but says the
> argument to pass in is app.discroot.crt. I would
> have thought based on the name that it was derived
> from the online.crt once you got that from the BDA.

"online.crt" file does not contain the private key required for
signing in order to generate "online.sig" file.
The "online.crt" contains the public key useful during authentication
just like "appdiscroot.crt"

We added support for generation of "online.sig" into BDSigner upon
a request by a customer who already had the private online key
integrated into the keystore.

Unfortunately, BDA does not use standard format like PKCS#12
for private key distribution, and we here at Sun do not have access
to the format in which BDA distributes the private key.
Although, last year around this time, our tool user asked us to
help integrate the private key they got from BDA into the keystore.
I added a patch to the BDSigner based on the limited information I got from them.
However, that patch is not integrated into hdcookbook repository as it's not
completely tested. It works with our own generated keys in the format
that we assume BDA possibly uses. If more people try out this feature, we can
for SURE say that it works and make it available on hdcookbook.

I can send the patched BDSigner to you,using which you can try generating
"online.sig" file using the private key file that you get from BDA.

Thanks,
Jaya

scottbates
Offline
Joined: 2008-07-27
Points: 0

Hi Jaya,

Thank you much for responding. We have submitted our request to the BDA for the private key and online.crt. once I receive those I would very much like to try the alternate BDSigner that you have and attempt to import the key into the keystore and generate the online.sig

If you can, please email me at scott dot bates at 22greystreet dot com and let me know how, where I can get the modified version.

Can you confirm then whether the app.discroot.crt is modified in anyway during this process and if I would subsequently need to resign my jar after it is modified?

Thanks again for your help.

regards,
_scott

Joe Rice

On Jun 23, 2009, at 11:50 PM, bd-j-dev@mobileandembedded.org wrote:

> Hi all,
>
> looking for any guidance on how to create these files...
>
> online.sig - BDSigner says it does it, but says the argument to pass
> in is app.discroot.crt. I would have thought base dont eh name
> that it was based off the online.crt once you got that from the
> BDA. I tried running BDsigner and passing in my app.crt but got
> this error "The alias:onlinecert does not exist" ...that implies to
> me that even though I am passing in app.crt it is expecting to fine
> the onlin.crt already loaded into the keystore. Anyone got any
> thoughts?

Have only personally used Sonic's tools with online.crt, but it sounds
like you're on the right track. The online.crt is used to sign the
app.discroot.crt, creating a chain to the trusted BDA-CA root public
key in the player, so it does make sense that app.discroot.crt would
be an argument. Seems like there should be a way to import the key
you'll get from the BDA - hopefully Jaya will see this.

>
> online.crt - currently my client is doing their paperwork with the
> BDA to get the online.crt and the BDA has asked them to provide
> their PGP Fingerprint. anyone have any idea what this is referring
> to. I would have assumed the BDA needed a standard csr. I'm
> baffled by this one... so anyone with any tips on what needs to be
> provided to the BDA for the online.crt is much appreciated.

They'll encrypt the files that are delivered using the public PGP
provided (or obtained from a keyserver). The PGP fingerprint is a hash
of the key so they can verify they're using the right key to encrypt
it. We provided the public key along with the fingerprint when ordering.

http://en.wikipedia.org/wiki/Public_key_fingerprint

Cheers,
Joe

>
> thanks all for your time. and to those who build the cookbook
> tools, many extra thanks as they are awesome tools.
>
> _scott
> [Message sent by forum member 'scottbates' (scottbates)]
>

---------------------------------------------------------------------
To unsubscribe, e-mail: bd-j-dev-unsubscribe@hdcookbook.dev.java.net
For additional commands, e-mail: bd-j-dev-help@hdcookbook.dev.java.net

scottbates
Offline
Joined: 2008-07-27
Points: 0

Hey Joe,

thanks for responding. So the app.discroot.crt gets modified/updated once I have the online.crt ?

So remaining steps to be taken...

1. import online.crt into keystore (not sure this is even possible)
2. Use BDSigner with my app.crt as the parameter, which will then hopefully update it based on the online.crt and in the same step generate the online.sig

correct?

I'll attempt to contact Jaya...

Joe Rice

On Jun 24, 2009, at 9:57 AM, bd-j-dev@mobileandembedded.org wrote:

> Hey Joe,
>
> thanks for responding. So the app.discroot.crt gets modified/updated
> once I have the online.crt ?

No, it remains the same. It's hashed to create online.sig.

> So remaining steps to be taken...
>
> 1. import online.crt into keystore (not sure this is even possible)
> 2. Use BDSigner with my app.crt as the parameter, which will then
> hopefully update it based on the online.crt and in the same step
> generate the online.sig
>
> correct?

Sounds right, although I believe you'd actually import both online.crt
and the private key associated with it.

Cheers,
Joe

[att1.html]