Introduction
When a developer is using secure protocols such as SSL he needs certificates in order to be able to
autenticate the identity of the server.
Some tools sush as Java Keytool, can generate this certificates but there is not any way to generate
a root Certificate Authority certificate and use it for sign another user certificates. It should be
usefull to mentioned developers.
Java Keytool is able to save certificates and public/private keys in containers called JKS (Java Key
Store). This containers are not compatible with other software such as Internet navigators (Internet
Explorer, Mozilla, Mozilla Phoenix, Netscape, Opera).
JaBaCats is now a command line aplicattion witch can generate root Certificate Authority certificates
easily and store them on PKCS12 (.pfx or .p12) and / or CER format. It's usefull for compatibility with the
most popular software. JaBaCats can easily generate a keypair, store the private key in a pfx file and
generate a PKCS10 Certificate Request file (.DER). JaBaCATs is able to sign PKCS10 certificate request
files (.DER) and generate the (.CER) user file without know the user private key. JaBacats can generate
Certificate Revocation Lists and store it in .CRL files in order to revocate certificates.
So, this tool can, nowadays, generate all the necesary files that both the Certificate Authority and User,
need. We are currently using RSA/MD5 algoritms for generate keys. We are working in order to let user and
C.A. choose their favorite Critographic and Hash algoritms.
This software is capable of generate Cp852 Charset Encoding certificates in order to view all characters when
install it in a Microsoft Operating System.
We are looking for PKCS8 implementation in order to store private keys while you are waiting for CA sign your certificate request. Certificate request module does not work properly. We are working hard about it.
Versions
Version 0.1 Beta
You can now generate basic certificates using RSA/MD5 algorithms for asymetric criptography and message digest. The generated keypair is 1024. Things you can do:
- You can generate a root Certificate Authority certificate and the PFX file containing the private key.
- You can generate a user Certificate using the Certificate Authority.
Version 0.2 Beta
You can generate PKCS7 certificate request using RSA/MD5 algorithms for generating the user keypair. The generated keypair is 1024. This is the only new thing that you can do.
Version 0.3 Beta
Some bugs has been fixed and there are new funcionalities:
- Sign a certificate request in order to create a certificate.
- Generate certificate revocation lists.
- More customizable certificates.
Version 0.4 Beta
Some bugs has been fixed and we are trying to make jabacats more usable in this ways:
- Support multilanguage via Java i18n Support. Spanish, and English resourcebundles has been developed.
- You can select the key sizes generated with asymetric algoritms.
- You can select the asymetric algoritms for generate key pairs.
- You can select the sing algoritm for generate certificates, certificate revocation lists and certificate requests.
- Some source code has been cleaned.
Version 0.5 Beta
We have probed certificates generated with Outlook and The Bat. It works fine!!! (Don't use ElGamal with win32. Win 2000 doesn't support it. I don't know if Windows 2003 and XP supports it.). Some bugs has been fixed and we are trying to make jabacats more usable in this ways:
- Support for certificate renew.
- New Java I18N resource bundles with easyer than older one's.
- Dinamic module loading so JaBaCATs is now a litle bit faster.
- Fixed bug in CA's certificate v3 extensions. (If you had create a CA certificate with it and you want to correct it, please contact us. We can help you. We can develop a small aplication for fix this problem).
- Certificate X509 Subject parsing for recovering Cp852 fields and store it correctly in new certificates.
- I think we had cleaned all source code. When you are compiling it, there is no warnigs for using deprecated classes, methods, ...
How to use this software?
Install the software is very simple. This software is a Prerelease version and all the funcionalities have
been not implemented yet.
For install this software follow next steps:
- Download the software now. You
can download src or binary package.
- If you download src package compile the software: With this software there are two compilation scripts
called compile.sh
and compile.bat. If you want to run them put your javac's dir on the PATH environment
variable.
- Execute the software. If you are going to run this sofware on an Unix based OS use the
execute.sh bash script.If not and you are going to run this sofware on a Microsoft based OS
use the execute.bat
- For usage of this software you should type in command line the arguments --newCA if you want to create
a Certificate Authority or --newUser if you want to create a user of a Certificate Authority.
- Then follow the steps.
- Sorry about english support at the application. I couldn't do it yet but we are currently working on
multilanguage support.
Other software we need
We are currently using Bouncy Castle Java Security Provider. You can download the latest version from
http://www.bouncycastle.org. We currently are working with jdk1.3
and we have included the Bouncy Castle Java Security Provider and the Bouncy Castle JCE Implementacion for
jdk1.3. If you are using jdk1.4 you should download this packages optimized for JDK1.4 at Bouncy Castle Web Site.
Our webpage
We had translate contents into english. We think we had translate contents into a language that seems english :DD. We hope you can understand us. :DD. Sorry about it.
The source code
We think our source is now better. We are working doing documentation. We are using Dia and UML for doing it. It's not Rational Rose but we think it's enouth for us.
Notes
This software is distributed under the terms of GNU General Public Licence. We hope this software to be
usefull for you but you must use it at your own risk.
