Installing NDBS 2.0

These installation instructions assume that Java 2 is installed in c:\jdk1.3 on your specified platform. WinNT and Solaris platforms are used as examples.

You will need to substitute for your installation path.

Example:
WinNT PATH=c:\jdk1.3\bin;%PATH%
Solaris PATH=/usr/local/jdk1.3/bin:$PATH
Example:
WinNT C:\Program Files\JavaSoft\JRE\1.3\lib\ext
Solaris /usr/local/jdk1.3/jre/lib/ext

Specifying Providers

You must specify NDBS as a keystore service provider within the java.security file in order for NDBS 2.0 to work as stated below:
Example:
WinNT C:\Program Files\JavaSoft\JRE\1.3\lib\security
Solaris /usr/local/jdk1.3/jre/lib/security/java.security
Example entry in java.security
security.provider.5=edu.cmu.sei.cbs.ndbs.NDBS

Where 5 is the next one-up provider number from those providers already installed.

You must also install a JCE 1.2 compliant crypto provider that supports HMAC with SHA-1 and Triple DES with CBC and No Padding, such as SunJCE, IAIK, or JCSI. Follow the installtion instructions for the selected crypto provider.

Testing the Installation

This section describes the test to ensure that the installation is correct. Prior to running these tests, Netscape DB KeyStore installation instructions must be completed.

The attached Java test programs called signThis.java and verifyCert.java use the RSA algorithm name MD5withRSA that is supported by SunJCE. If the RSA provider installed uses another algorithm name, line 135 in signThis.java and line 197 in verifyCert.java must be changed and the programs need to be recompiled.

Included in the distribution is a script, runtests.bat, which is intended to demonstrate the tests described below. The script runtests.bat is to be run from a DOS command line window in the directory where the zip file was extracted.

NDBS Keystore Provider and JCE 1.2 Installation Test

This test will verify that the NDBS keystore provider and the JCE 1.2 compliant crypto have been properly installed. The output should look like this.

Example
java PBECryptoUtilityTest

Table 2: NDBS Keystore Provider and JCE 1.2 Installation Test

Keytool Test

This test will verify that the Netscape browser databases are accessible and that Netscape DB KeyStore is installed properly. If it is used with the sample cert7.db and key3.db files included in the distribution, the output should look like this.

Example:
keytool -list -v -storetype ndbs -keystore testdb -storepass testme
Where
ndbs Storetype that was installed in the java.security file denoting the keystore is a Netscape DB KeyStore.
testdb NDBS 2.0 configuration file.
testme Password for the key3.db files pointed to by the information contained in the testdb file. If there is no password assigned to the key3.db file, the password is ignored.

Table 3: Keytool Test

Signing Test

This test will verify that the Netscape browser databases are accessible and that NDBS as well as the provider for RSA are installed properly. If it is used with the sample cert7.db and key3.db files included in the distribution, the output should look like this.

Example:
java signThis -p testme -n testdb:"Test User's CMU ID" "Now is the time"
Where
testme Password for the key3.db files pointed to by the information contained in testdb, the NDBS 2.0 configuration file. If there is no password assigned to the key3.db file, the password is ignored.
testdb:"Test User's CMU ID" Certificate alias contained in the keystore, whose information will be used to sign the message.
"Now is the time" Message to be signed. The message signature is written to the output file, sign.out.

Table 4: Signing Test

Verifying Signature Test

This test will verify that the Netscape browser databases are accessible and that Netscape DB KeyStore as well as the provider for RSA are installed properly and that signing with Netscape keys works. If it is used with the sample cert7.db and key3.db files included in the distribution, the output should look like this.

Example:
java verifyCert -p testme -n testdb:"Test User's CMU ID" "CBS Shack" "Now is the time" sign.out
Where
testme Password for the key3.db files pointed to by the information contained in testdb, the NDBS 2.0 configuration file. If there is no password assigned to the key3.db file, the password is ignored.
testdb:"Test User's CMU ID" Contained in the keystore entity signed the message.
"CBS Shack" Certificate alias for the Certificate Authority (CA) that is contained in the keystore and issued "Test User's CMU ID"'s certificate.
"Now is the time" Message to be verified.
sign.out File containing the digital signature of the message to be verified (produced by the previous test).

Table 5: Verifying Signature Test