WARNING: This server provides a static reference view of the NetKernel documentation. Links to dynamic content do not work. For the best experience we recommend you install NetKernel and view the documentation in the live system .

Endpoint
Name:PKISignStandard
Description:Sign binary stream with a private key
Id:PKISignStandard
Category:accessor
Identifier Syntax

PKISignStandard is an accessor using Active URI syntax with the following base identifiers:

Base
active:pkiSignStandard

and the following arguments: (for more details on argument passing details see here)

ArgumentRulesTypingDescription
operand
Mandatory
Representation (java.lang.Object)resource to sign
keystore
Mandatory
Representation (java.lang.Object)JKS Keystore
keystorePassword
Mandatory
Representation (java.lang.Object)password for keystore
keyID
Mandatory
Representation (java.lang.Object)Id of key in keystore
keyPassword
Optional
Representation (java.lang.Object)password for key
Request Verbs

The following verb is supported:

Verb
SOURCE
Response

The response representation of this accessor for SOURCE requests is unknown.

This accessor throws no documented exceptions.

Import Requirements

To use PKISignStandard accessor you must import the module urn:org:netkernel:mod:security:

<import>
  <uri>urn:org:netkernel:mod:security</uri>
</import>

Generates the signature of the operand resource which is SOURCEd as an IReadableBinaryStreamRepresentation.

Returns hexadecimal string representation of the standard RSA-SHA1 signature.

PKI Details

The tools default to the RSA algorithm and the signature is SHA1. The private and public keys should be RSA.

Java Key Store can be managed with the keytool application provided with Java. For more details here.

keytool example

Here is s simple recipe to generate a key pair, store it as "urn:my:key" in a new keystore. Export the public key as a certificate and import it into a second keystore. The first keystore should be kept private and the private key can be used for signing. The second keystore can be shared publicly and can be used for verifying signatures.

Generate an RSA public/private key pair - self signed certificate.

keytool -genkey -alias keyname -keyalg RSA -keysize 2048 -validity 1024 -keystore keystore

To export the public key as a self-signed certificate...

keytool -export -alias keyname -file public-key.cer -keystore keystore

To import the public key certficate into a new keystore that can be given to others...

keytool -import -alias keyname -keystore keystore2 -file public-key.cer