You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by m2 r2sj <m2...@gmail.com> on 2006/03/30 02:38:02 UTC

Keystore

I am looking for efficient way to use the  keystore to create a private key
to sign the XML document for one or more persons  . When the person signs
the document , Lets assume 10 persons want to sign the document .



Should We



1)Get the each person details and create a key store for each person on
their local computer and then generate a private key and then sign the
document as follows



keytool -genkey -alias test -keyalg RSA -dname "CN=Geuer, OU=FB12NUE, O=Uni,
C=DE" -keypass xmlsecurity -storepass xmlsecurity -keystore
keystoreRSA.jks-validity 2000



Or



2)Keep the keystore on a server and use common user name and password to get
the private key for all the persons





Can any one suggest me the efficient way to do this.

Re: Keystore

Posted by Arshad Noor <ar...@strongauth.com>.

It depends on what your business objective is.

If the objective is to ensure that specific objects are signed by
specific individuals (and none other) then you need to create distinct
keystores.  Bear in mind that there are many other issues involved if
your goal is non-repudiation.

If the objective is to just maintain the data integrity of the object,
then just a single generic key on the server should suffice.

Arshad Noor
StrongAuth, Inc.

m2 r2sj wrote:
>  
> 
> I am looking for efficient way to use the  keystore to create a private 
> key to sign the XML document for one or more persons  . When the person 
> signs the document , Lets assume 10 persons want to sign the document .
> 
>  
> 
> Should We
> 
>  
> 
> 1)Get the each person details and create a key store for each person on 
> their local computer and then generate a private key and then sign the 
> document as follows
> 
>  
> 
> keytool -genkey -alias test -keyalg RSA -dname "CN=Geuer, OU=FB12NUE, 
> O=Uni, C=DE" -keypass xmlsecurity -storepass xmlsecurity -keystore 
> keystoreRSA.jks -validity 2000
> 
>  
> 
> Or
> 
>  
> 
> 2)Keep the keystore on a server and use common user name and password to 
> get the private key for all the persons
> 
>  
> 
>  
> 
> Can any one suggest me the efficient way to do this.
>