Creating First Delegator Certificate

Procedure to create First Delegator Certificate and Bootstrap it into JSDSIAuthorizationCache on "gpradius" 

-- review java code (part of the edu.dartmouth.greenpass.bootstrap package


cd /bootstraptools
source setenv.sh  --to set paths, especially JSDSI library in your $CLASSPATH

Source of Authority (SOA)

The source of Authority is a certificate that serves as the root of all the certification chains;
it may be a child of another SOA; thus, a single certificate issued by an institutional SOA could be used here.
The Greenpass admininistration needs access to the private keys of the SOA.

First, get cert.p12 file for the certificate to be used as the Greenpass SOA.

--make a PEM file from the P12  (can use same PW for PEM file)
# openssl pkcs12 -in cert.p12 -clcerts -out cert.pem
-- convert from PEM to DER
# openssl x509 -inform PEM -outform -DER -in cert.pem -out cert.der

--Step 1 ExtractKey from DER file
# java edu.dartmouth.greenpass.bootstrap.ExtractKey -x md5 -i cert.der
--Output is hex hash value needed below, copy and paste into bootstrap.sh
--Remember that this cert is the first delegator's certificate.

--Step 2 make SDSI/SPKI cert for First Delegator
-- java edu.dartmouth.greenpass.bootstrap.BootstrapTool (soa_cert.p12) (first_delegator_cert.der) (number of days) (output file in spki)
# java edu.dartmouth.greenpass.bootstrap.BootstrapTool gpradius-cert.p12 firstdelegator.der 365 GPRadiusTOfirst

--Note that the SOA's cert is in p12 format and first_delegator_cert is in DER 
format.

--to check it
# sexp -i GPRadiusTOfirst -a

-- to get .pub file (a .pub file is public key extracted from .der)
-- in greenpass, public keys identify end users
-- the .pub file is used??  (I'm not sure it is directly)
# java ExtractKey -i firstdelegator.der -o firstdelegator.pub

#Then you can just modify bootstrap.py with the hex hash value you got 
from step 1 and the spki cert you got from step 2 and run it.

#--edit copy of bootstrap.sh

--after JSDSIAuthServer (or IntroCache??) is running, install first entry by running:
# /home/gpadmin/jdaemons/scripts/bootstrap.sh

Last edited Apr. 29, 2005
Greenpass Home