generate full CMC request (full PKI request) using BouncyCastle APIs

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

generate full CMC request (full PKI request) using BouncyCastle APIs

Na Yu
Hello,

I'm trying to generate full CMC request (full PKI request) defined in RFC 5272 for a certificate enrollment Android App. 
I have used BouncyCastle PKCS10CertificationRequestBuilder​ API to generate simple CMC request, but I cannot find APIs to generate the full CMC request. 
Could you let me know if it is possible to use the existing BouncyCastle APIs to generate full CMC request?
Has someone implemented something similar?
Thank you so much!

Best regards,
Na​


Reply | Threaded
Open this post in threaded view
|

Re: generate full CMC request (full PKI request) using BouncyCastle APIs

David Hook-3

Have a look at the latest beta. We've actually been sponsored to do some work on EST (RFC 7030), and we've put together some classes for CMC as part of this (mainly the asn.1 objects, but there is some additional work in the pkix package as well).

https://www.bouncycastle.org/betas

Regards,

David

On 15/03/17 12:43, Na Yu wrote:
Hello,

I'm trying to generate full CMC request (full PKI request) defined in RFC 5272 for a certificate enrollment Android App. 
I have used BouncyCastle PKCS10CertificationRequestBuilder​ API to generate simple CMC request, but I cannot find APIs to generate the full CMC request. 
Could you let me know if it is possible to use the existing BouncyCastle APIs to generate full CMC request?
Has someone implemented something similar?
Thank you so much!

Best regards,
Na​



Reply | Threaded
Open this post in threaded view
|

RE: generate full CMC request (full PKI request) using BouncyCastle APIs

Na Yu

Hi David,


Thank you so much for your help!

I checked bcpkix-jdk15on-157b08.tar.gz and bcprov-jdk15on-157b08.tar.gz​.

I have the following questions:


1. Is the package org.bouncycastle.asn1.cmc​ in bcprov-jdk15on-157b08.tar.gz fully implemented for RFC 5272?

2. Looks like the package  org.bouncycastle.cmc in bcpkix-jdk15on-157b08.tar.gz​ is not implemented yet in this beta release.

    Do you plan to implement the FullCMCRequestBuilder (something similar as PKCS10CertificationRequestBuilder)​?

    Could you let me know when will this implementation be released?


It will be great help if Full CMC Request can be fully implemented in the future BouncyCastle release. 

Thanks again for your help!


Best regards,

Na




From: David Hook <[hidden email]>
Sent: Friday, March 17, 2017 1:49 PM
To: [hidden email]
Subject: Re: [dev-crypto] generate full CMC request (full PKI request) using BouncyCastle APIs
 

Have a look at the latest beta. We've actually been sponsored to do some work on EST (RFC 7030), and we've put together some classes for CMC as part of this (mainly the asn.1 objects, but there is some additional work in the pkix package as well).

https://www.bouncycastle.org/betas

Regards,

David

On 15/03/17 12:43, Na Yu wrote:
Hello,

I'm trying to generate full CMC request (full PKI request) defined in RFC 5272 for a certificate enrollment Android App. 
I have used BouncyCastle PKCS10CertificationRequestBuilder​ API to generate simple CMC request, but I cannot find APIs to generate the full CMC request. 
Could you let me know if it is possible to use the existing BouncyCastle APIs to generate full CMC request?
Has someone implemented something similar?
Thank you so much!

Best regards,
Na​



Reply | Threaded
Open this post in threaded view
|

RE: generate full CMC request (full PKI request) using BouncyCastle APIs

Zertifikatinator
This post has NOT been accepted by the mailing list yet.
Hello guys,

I am facing the same problem, I need to build a full pki request. I couldnt find any classes which create a PKCS7 request for full pki. In the latest beta jars there is only a org.bouncycastle.pkcs.PKCS10CertificationRequest for the simple pki request.

Since noone answered the previous question, i ask this question again. Its very important to support a full pki request defined in RFC-5272.

Let me know if there are some news about the implementation.


Regards,
Zertifikatinator