wiki:KrakenCA
Last modified 2 years ago

Kraken CA

Quick Start

  • Download and install  BouncyCastle 1.45 to $JAVA_HOME/jre/lib/ext
    • bcprov has no OSGi manifest but it cannot be modified. Because JCA must be signed by Sun.
    • add following line to $JAVA_HOME/jre/lib/security/java.security
      • security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider
      • increase other provider's priority like this: 
        security.provider.1=org.bouncycastle.jce.provider.BouncyCastleProvider
security.provider.2=sun.security.provider.Sun
security.provider.3=sun.security.rsa.SunRsaSign
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider
security.provider.7=com.sun.security.sasl.Provider
security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.9=sun.security.smartcardio.SunPCSC
  • Download  latest Kraken Core and start it.
    • java -jar kraken-core-VERSION-package.jar
  • Connect to Kraken Shell
    • telnet localhost 7004
    • ssh localhost 7022
  • Type pkg.install kraken-ca
    • Expected output: 
      kraken> pkg.install kraken-ca
Resolving {groupId: org.apache.felix, artifactId: org.apache.felix.ipojo, version: 1.4.0}
  -> trying to download from http://repo1.maven.org/maven2/
  -> resolved
  -> installing: org.apache.felix.ipojo 1.4.0

Resolving {groupId: org.krakenapps, artifactId: kraken-ipojo, version: 1.0.0}
  -> trying to download from http://repo1.maven.org/maven2/
  -> resolved
  -> installing: org.krakenapps.ipojo 1.0.0

Resolving {groupId: org.krakenapps, artifactId: kraken-ca, version: 1.0.0}
  -> trying to download from http://repo1.maven.org/maven2/
  -> trying to download from http://download.krakenapps.org/
  -> resolved
  -> installing: org.krakenapps.ca 1.0.0

Starting Bundles
  -> [OK] org.apache.felix.ipojo 1.4.0
  -> [OK] org.krakenapps.ipojo 1.0.0
  -> [OK] org.krakenapps.ca 1.0.0

Complete!
  • Create CA root certificate using ca.createRootCa
    • Expected output: 
      kraken> ca.createRootCa
Common Name (CN)? krakenapps.org
Organization Unit (OU)? R&D
Organization (O)? NCHOVY
City (L)? Guro
State (ST)? Seoul
Country Code (C)? KR
Select Signature Algorithm:
[1] MD5withRSA
[2] MD5withRSA
[3] SHA1withRSA
[4] SHA224withRSA
[5] SHA256withRSA
[6] SHA384withRSA
[7] SHA512withRSA
Select [1~7] (default 7)? 7
Days (default 3650)?
Generating key pairs...
  [0]         Version: 1
         SerialNumber: 1
             IssuerDN: CN=krakenapps.org,OU=R&D,O=NCHOVY,L=Guro,ST=Seoul,C=KR
           Start Date: Mon Jul 19 00:20:09 KST 2010
           Final Date: Thu Jul 16 00:20:09 KST 2020
            SubjectDN: CN=krakenapps.org,OU=R&D,O=NCHOVY,L=Guro,ST=Seoul,C=KR
           Public Key: RSA Public Key
            modulus: b7dded7d79bf489858f1b4d47ba1c97d04503259e768e6d2ff593dbf1e74efe2e0a8a593ff0dfa2f745606f40470d3c7b07e1cc5a3bfdec1ed5efeba4c4e4d100756ca02374a24b294ebf1228a24e15a3fdea122e25de17502439e2e5beefae6fee74a7db5a46e3da10f6f7517dd1354093c4f4460a5dc642c2fcabd5bb8029aade599a2a28320764dfebc483d9cf07aabb0f8f1d5c0f5c22bb1704c8c4c5a0ae39cfb4b8063dcc0a438b3db58195ac0b324ca26ea55ef01579cccdbf00d0d444055e1d71fa1bfd4e4dbd377d7a461c99972b4773781c6c501be520d01f43df1853d28a810046a34a883c935aa2b6de9a21df5520969dbd51370b32552485509
    public exponent: 10001

  Signature Algorithm: SHA512WithRSAEncryption
            Signature: 3da9bcb5c0752c9bd90555baf40add0c3f962077
                       da4bd484d356b3dca3f669f9cedf7c03ed2f6b94
                       4888227a018c03cefe5aa09f17ce6e9388c7765b
                       32e636783ce1a2a866d6e4ef491db84a95dc3d9d
                       19b082618b6d573baae95aa4a86ec6f8fbc45762
                       b8e4bb231835165915177186c1ec7d7f6a1f300f
                       f8408289cb207da89e6ffe31fde89469d558f032
                       8247e33f5897fd70f75f5b2d4b664f4cc36ce1fe
                       73505f85b36512d61f04196e3a67cd066db7e903
                       7b840ae6b0e43a99a59094f33922e6b28e094a1f
                       c836257026dd5e4bc23f4416c185b5ae20ab4df2
                       ab3b29b288b62ee5bc5a5fef884f7b5d00d684fe
                       75ad5f8c910a7f1e9f2d438e37065a04

PrivateKey Password?
KeyStore Password?

Complete!
  • Export CA certificate as a .crt file format using ca.exportCaCrt
    • .crt file will be created at working directory of kraken core.
    • Expected output: 
      kraken> ca.exportCaCrt
CA Common Name? krakenapps.org
CA keystore password?
  • Issue certificate using new self-signed CA certificate.
    • Type ca.createCert
    • Expected output: 
      kraken> ca.createCert
CA Common Name? krakenapps.org
CA keystore password?
CA private-key password?
Common Name (CN)? xeraph
Organization Unit (OU)? R&D
Organization (O)? NCHOVY
City (L)? Guro
State (ST)? Seoul
Country Code (C)? KR
Select Signature Algorithm:
[1] MD5withRSA
[2] MD5withRSA
[3] SHA1withRSA
[4] SHA224withRSA
[5] SHA256withRSA
[6] SHA384withRSA
[7] SHA512withRSA
Select [1~7] (default 7)?
Days (default 365)?
Attribute Name (press enter to skip)? emailaddress
Attribute Value? xeraph@nchovy.com
Attribute Name (press enter to skip)?
Generating key pairs...
  [0]         Version: 3
         SerialNumber: 1
             IssuerDN: CN=krakenapps.org,OU=R&D,O=NCHOVY,L=Guro,ST=Seoul,C=KR
           Start Date: Mon Jul 19 02:09:39 KST 2010
           Final Date: Tue Jul 19 02:09:39 KST 2011
            SubjectDN: CN=xeraph,OU=R&D,O=NCHOVY,L=Guro,ST=Seoul,C=KR,E=xeraph@nchovy.com
           Public Key: RSA Public Key
            modulus: bea5a9ca3e22af5a2609fec12f7b389433858c93094d7fce6a4b8c57f13da0d530886bb5584345d0062c74da88cbf019eb4cc10590f9e1b76f7f5e234b14d43f8b3e0a5d3f78ba7b5d06e6b1113b1eaaf370859ea5b2bab08f176ff117340bd904dd83857b4e9323fd7ce47969e2d32046f2edd71767a3edbcbf8408f9cf6b9bd28f17b9bc7748586678a91de127bd62199c86df7d132cbfbbc58ea9ee312a54fc98b9e25121dbc264305431e8202697006f505ff236d7b3dbfe3ac4ff9dad556f62219eafcad84d6ba3c5a6ffdd468e2deab29c1a163cf43f0e650a7a4e6821be2fe9910fd953a726940c7a7af26d33cda0b52fce10aaa45591714813c8c80f
    public exponent: 10001

  Signature Algorithm: SHA512WithRSAEncryption
            Signature: 3becdc8587a1152ae3644ac48d71900d71f34ac2
                       752d95e9fa98b8f7fea7ec8a996e65c417aa6280
                       ccaec2eee6e5ca21d4ed881becfcb71fba64e3e2
                       869059e9901090cdbe3b3193db697020a9cfa2e2
                       edd22927015e7d0113cabbcd191e525694f6d75f
                       c4bfea7dd7f149a2d9747adae5ce2c7965dc97fb
                       e4d2158453a604329d7f22ece2ca877d66add877
                       6516e2d8e9dab249cb4ebc455bcac68b8295c137
                       19bcf0e3b99daa49dc511b542cf0df3191782298
                       ad5619d690f2276cfb12d407de68f22355e52911
                       a3ce5cb39371b35fed70e8ab63bce6375f441385
                       d29d61e5f472889fe18a8704d6652c8e2daddb43
                       32461de5114c30d1ae827e34ff75c4d2

Key Alias? xeraph
Key password?
Writing pfx file to C:\Users\xeraph\kraken\kraken-core\target\data\kraken-ca\CA\krakenapps.org\xeraph.pfx
Completed

Supported Attribute Names

("c", C);
("o", O);
("t", T);
("ou", OU);
("cn", CN);
("l", L);
("st", ST);
("sn", SN);
("serialnumber", SN);
("street", STREET);
("emailaddress", E);
("dc", DC);
("e", E);
("uid", UID);
("surname", SURNAME);
("givenname", GIVENNAME);
("initials", INITIALS);
("generation", GENERATION);
("unstructuredaddress", UnstructuredAddress);
("unstructuredname", UnstructuredName);
("uniqueidentifier", UNIQUE_IDENTIFIER);
("dn", DN_QUALIFIER);
("pseudonym", PSEUDONYM);
("postaladdress", POSTAL_ADDRESS);
("nameofbirth", NAME_AT_BIRTH);
("countryofcitizenship", COUNTRY_OF_CITIZENSHIP);
("countryofresidence", COUNTRY_OF_RESIDENCE);
("gender", GENDER);
("placeofbirth", PLACE_OF_BIRTH);
("dateofbirth", DATE_OF_BIRTH);
("postalcode", POSTAL_CODE);
("businesscategory", BUSINESS_CATEGORY);
("telephonenumber", TELEPHONE_NUMBER);
("name", NAME);