Brief Description
Background
A good j2_application finally does not need to prompt annoying messages when the program reads system resources (such as network, SMS, Pim, and file. The purpose of this article is to explore this knowledge.
Content
The j2's certificate can solve the above problems. This article mainly summarizes some solutions and experiences on the network.
Expected readers and Suggestions
Developers who need to have a visa for the j2_program, assuming they are already familiar with the j2_program.
Due to my limited level, there are some errors. I hope you can talk more.
Midlets visa
What is a Java digital certificate?
Original link http://www.blogjava.net/zpuser/archive/2006/07/22/59528.html
You may be unfamiliar with the concept of "Digital Certificate". In fact, digital certificates are a series of data that marks the identity information of network users. They are used to identify the identities of communication parties in network communication, that is to say, we need to solve the problem of "who I am" on the Internet, just as in reality, each of us needs an ID card or driver's license to prove our identity, to indicate our identity or certain qualifications.
Digital certificates are issued by an authoritative and impartial third-party organization, namely the CA center, encryption technology with digital certificates as the core can encrypt and decrypt the information transmitted over the network, digital signatures and signature verification to ensure the confidentiality and integrity of information transmitted over the Internet, as well as the authenticity of the transaction entity identity and the non-repudiation of signature information, thus ensuring the security of network applications.
The digital certificate uses a public key cryptography system, that is, using a pair of matching keys for encryption and decryption. Each user has a private key (Private Key) that is only owned by himself, which is used for decryption and signature. At the same time, a Public Key (Public Key) is available and can be made public to the outside world, used to encrypt and verify the signature. When a confidential file is sent, the sender encrypts the data using the public key of the receiver, while the receiver decrypts the data using its own private key. In this way, the information can arrive at the destination safely and without error, even if it is intercepted by a third party, it cannot be decrypted because it does not have the corresponding private key. The encryption process is irreversible by means of numbers, that is, only private keys can be used for decryption. In the public key cryptography system, an RSA System is commonly used.
You can also use your own private key to process the information. Because the key is only owned by yourself, a file cannot be generated by others, and a digital signature is formed. Using a digital signature, you can confirm the following two points:
(1) ensure that the information is sent by the signatory's own signature, and the signatory cannot deny or be hard to deny;
(2) ensure that no modification has been made to the information since it was issued and that the issued document is a real document.
Digital certificates can be used: send security emails, access security sites, online securities, online bidding and procurement, Online Signing, online office, online payment, online tax, and other online security electronic transaction activities.
The format of the certificate generally adopts the X.509 international standard. At present, the digital certificate certification center mainly issues Security Email certificates, personal and enterprise ID certificates, server certificates, and code signature certificates.
The digital certificate format follows the itutx.509 international standard. A standard X.509 digital certificate contains the following:
- The version of the certificate;
- The serial number of the Certificate. Each certificate has a unique serial number;
- The signature algorithm used by the certificate, such as the RSA algorithm;
- The name of the certificate issuer (CA). The naming rules are generally in the X.500 format;
- The validity period of the Certificate. Currently, general certificates generally use the UTC time format. The time range is from January 1, 1950 to January 1, 2049;
- Name of the certificate owner. The naming rules are generally in the X.500 format;
- Public Key of the certificate owner;
- The Certificate Authority (CA) digitally signs the certificate.
X.509 digital certificate structure (Third edition)
Version ...... the version ID of the certificate (for example, version 3)
The serial number ...... identifies the unique integer of the certificate.
Signature ........................ used for algorithm identification of the visa document
The Unique Identification name of the issuer ......
Validity Period ......
The Unique Identification name of the certificate owner.
Information about the subject's public key... the public key of the certificate owner (and the algorithm identifier)
Unique Identifier of the issuer ...... optional unique identifier of the issuer
Unique Identifier of the subject ...... unique identifier of the subject
Extensions... optional extensions
Field description:
① Version-indicates the version of the certificate (version 1, version 2, or version 3 ).
② Serial number-Unique Identifier of the certificate assigned by the certificate issuer.
③ Signature-signature algorithm identifier, which consists of object identifiers and related parameters. It is used to describe the digital signature algorithm used in this certificate. For example, the object identifiers of SHA-1 and RSA are used to indicate that the digital signature uses RSA to encrypt SHA-1.
④ Issuer-the identifiable name (DN) of the certificate issuer, which must be described.
⑤ Validity period-the period in which the certificate is valid. This field consists of "not before" and "not after", which are expressed by UTC time or general time (in rfc2459, there is a detailed time representation rule ).
⑥ Subject-the identifiable name of the certificate owner. This field must be non-empty unless you have an alias in the certificate Extension.
7. Subject public key information-Public Key of the subject (and algorithm identifier), which must be described.
Unique Identifier of the issuer-Unique Identifier of the issuer of the certificate. required only in version 2 and version 3. Optional.
Unique Identifier of the Principal-Unique Identifier of the certificate owner. required only for version 2 and 3. Optional.
Extensions-optional standard and dedicated extensions (used only in versions 2 and 3), including:
◆ Authority Key Identifier-Unique Identifier of the key contained in the certificate, used to distinguish multiple-pair keys of the same certificate owner.
◆ Key Usage-a bit string that specifies the functions or services that can be completed by the public key of the (limited) Certificate, such as Certificate Signature and data encryption.
◆ Extended Key Usage-composed of one or more Object Identifiers (oids), which can be used to describe the Special Purpose of the certificate key. For Internet policy restrictions and access descriptor restrictions [3], see rfc2459.
◆ CRL distribution point-specifies the distribution location of CRL.
◆ Private Key usage period-specify the validity period of the private key associated with the public key in the certificate. It also consists of not before and not after. If this item does not exist, the validity period of the public/private key is the same.
◆ Certificate policy-consists of object identifiers and delimiters. These object identifiers indicate that the certificate is issued and used according to the policy.
◆ Policy ing-indicates the equivalence relationship between one or more policy object identifiers between two CA domains, which only exists in the CA certificate.
◆ Subject alias-the alias of the certificate owner, such as the email address and IP address. The alias is bound with the DN.
◆ Issuer alias-indicates the issuer's alias, such as the email address and IP address, but the issuer's DN must appear in the issuer field of the certificate.
◆ Subject directory attributes-indicates a series of attributes of the certificate owner. You can use this item to pass access control information.
The above article describes the basic knowledge of digital certificates. The following section describes how to use digital certificates in a Java environment.
Basically, there are two certificate issuing bodies for the j2's program.
Thwate. The address is www.thawte.com.
The Verisign address is www.verisign.com.
The difference between them is that Verisign has a wide range of versatility, but the price is relatively high. Thwate is almost universal, and the same certificate is not supported by Nokia s40 and s60 machines, but the price is relatively low.
Thawte domestic agent: http://thawte.wosign.com/Thawte_CodeSigning.htm
Verisign domestic agents: http://www.verisign.com/cn/authentication/
MIDlet code signing certificates certificate application process
Verisign application process
Certificate price: USD 400/year
A certificate, including a pair of keys (Public Key/private key pair)
The private key is used to encrypt the JAR file digest, and the public key is used for decryption.
User device authentication process:
We store the "JAR file summary encrypted information" in the Jad description file. When a user installs our program, the User device (mobile phone) automatically identifies this property, abstract The downloaded JAR file and check the validity of the certificate contained in the JAD file. If the certificate is invalid, exit the installation or prompt that the authorization fails, if it is valid, extract the public key to decrypt and compare the encrypted information of the JAR file digest. If it is the same, the installation continues. Otherwise, exit the installation.
To purchase a certificate, take the following steps:
Step 1: Enter the contact information of the specific technical department (person ).
* First name: Lee
* Last Name: James
* Title: Certificate ****
* Company: cping.net
* Address1: no140 wensan road Hangzhou City
* City: Hangzhou
* State/province: Zhejiang
* Zip/postal code: 310012
* Country: China
* Telephone: 0571 ********
Fax: 0571 ********
* E-mail: kenen@cping.net
Step 2: Enter the relevant certificate information.
Paste the Certificate Signature Application (Certificate Signing Request (CSR) file content, such as mbkey. CSR
The content is as follows:
----- Begin new certificate request -----
Miibqjccarmcaqawajelmakga1uebh mcq04xczajbgnvbagtalpkmrewdwyd vqqhewhiyw5nwmhv
Dtetmbega1uechmkymxv2znulmnvbt etmbega1uecxmkrgvwi9mihrlyzer ma8ga1ueaxmiamft
Zxnszwuwgz8bbqadgy0amigjaogbam dwu29wdqyjkozihvcnaqegs8c5uaa6 n4x3q4qp697vl17a
Jkqon3447dirdbn8xdnybxzpkequgz swhulnogy4 + dc4r6mvcfylt1_2sjutjabvsu + 3ubzkvva0
3u9i9rkry9ujxh1ejdq/uf7ivdi1ogz/7ord2yimzeun9tbpuzgiks + zupmrbbndagmbaaggadan
Bgkqhkig9w0baqufaaobgqcvgkcw zgnwzzbpti8d3dqnad7ec4tszzd + 40jobaxzql1ltkactn
PI/npk9qfxdgnv/qfs/bnk5yjch6ncdwz4gelil6v/i8zmisb1r7kzrkxvvntmaynnmqw1r9 481z
X0zmlqnxqiwxnfmmfiber p4trrz7cgzl o8vpejxhsgzq =
----- End new certificate request -----
Step 3: Check the Certificate Information and enter the password used for the certificate.
Step 4: Enter the company contact information ).
Step 5: Enter the payment method and related information.
Step 6: Confirm and submit the order
The applicant confirms the submission information.
Step 7: print the confirmation letter and view the Verisign signing process.
If you confirm that you have received the order and paid, Verisign signs the correctness of the information submitted by the applicant. About 5 to 15 business days. Depends on the actual situation. Once the signature is correct, the corresponding certificate is returned and the application is successfully completed.
The application is complete. Wait for Verisign and INC to sign the application.
Refer:
Https: // SecurityCenter. verisign.com/celp/enroll/ selectoptions? Bundle_id = javacs & originator = Java & application_locale = vrsn_us & checkprice = false & promocode =
Http://eclipseme.org/docs/ refsigning.html
The following is the thwate application address: https: // www. thawte.com/process/retail/new_ devel_collect_details
3u9i9rkry9ujxh1ejdq/uf7ivdi1ogz/7ord2yimzeun9tbpuzgiks + zupmrbbndagmbaaggadan
Bgkqhkig9w0baqufaaobgqcvgkcwzgnwzzbpti8d3dqnad7ec4tszzd + 40jobaxzql1ltkactn
PI/npk9qfxdgnv/qfs/bnk5yjch6ncdwz4gelil6v/i8zmisb1r7kzrkxvvntmaynnmqw1r9481z
X0zmlqnxqiwxnfmmfiber p4trrz7cgzlo8vpejxhsgzq =
----- End new certificate request -----
Step 3: Check the Certificate Information and enter the password used for the certificate.