LAMPIRAN 1 Tabel Hasil pengujian
No
Deskripsi Uji
Kondisi Awal
Skenario Uji
Hasil yang
diharapkan
Hasil Uji
1
Membangkitkan
pasangan kunci untuk
root
root tidak
memiliki
pasangan kunci
running file
PrototypeCA.jar
root memiliki
pasangan kunci
publik/pribadi
Berhasil
2
Membangkitkan self
signed sertifikat untuk
root
root memiliki
pasangan
kunci, tapi
belum
memiliki
sertifikat untuk
pasangan kunci
tersebut
running file
PrototypeCA.jar
root memiliki
sertifikat yang
ditandatangani
oleh root sendiri
Berhasil
3
Membangkitkan private
credential untuk root
Pasangan kunci
untuk root dan
sertifikatnya
masih terpisah,
belum
disimpan
dalam satu
tempat
running file
PrototypeCA.jar
Pasangan kunci
root dan
sertifikatnya
disimpan dalam
satu private
credential
dengan alias
root
Berhasil
4
Membangkitkan
pasangan kunci untuk
intermediate
intermediate
belum
memiliki
pasangan kunci
publik/pribadi
running file
PrototypeCA.jar
intermediate
memiliki
pasangan kunci
Berhasil
5
Membangkitkan sertifikat
digital untuk
intermediate
Pasangan kunci
intermediate
belum
memiliki
sertifikat
digital
running file
PrototypeCA.jar
Pasangan kunci
intermediate
disertifikasi oleh
root
Berhasil
6
Membangkitkan private
credential untuk
intermediate
Pasangan kunci
dan sertifikat
untuk
intermediate
terpisah, belum
disimpan
dalam sebuah
tempat
running file
PrototypeCA.jar
Pasangan kunci
dan sertifikat
untuk
intermediate
disimpan dalam
satu private
credential
dengan alias
intermediate
Berhasil
7
Membangkitkan
pasangan kunci untuk
end/pelanggan
end belum
memiliki
pasangan kunci
running
PrototypeCA.jar
end memiliki
pasangan kunci
Berhasil
8
Membangkitkan sertifikat
untuk end/pelanggan
Pasangan kunci
untuk end
belum
disertifikasi
running
PrototypeCA.jar
Pasangan kunci
untuk end
disertifikasi
dengan adanya
No
Deskripsi Uji
Kondisi Awal
Skenario Uji
Hasil yang
diharapkan
Hasil Uji
sertifikat
9
Membangkitkan private
credential untuk end
Pasangan kunci
dan sertifikat
untuk end
masih
disimpan
terpisah
running
PrototypeCA.jar
Pasangan kunci
dan sertifikatnya
disimpan dalam
private
credential
dengan alias
end
Berhasil
10
Membangkitkan keystore
untuk menyimpan
private credential root,
intermediate, dan end
keystore untuk
menyimpan
private
credential
belum ada
running
PrototypeCA.jar
private
credential root,
intermediate,
dan end
disimpan dalam
sebuah keystore
Berhasil
11
Menyimpan keystore
dalam sebuah file dengan
nama file
<nomor_telepon>.cert
file keystore
<nomor_telepo
n>.cert tidak
terdapat dalam
root folder CA
running file
PrototypeCA.jar
Terdapat file
dengan nama
<nomor_telepon
>.cert dalam
root folder CA
Berhasil
12
Menyimpan path menuju
file keystore dalam tabel
sertifikat
record dengan
subject_name
<nomor_telepo
n> dan ID
<serial_number
> tidak terdapat
dalam tabel
sertifikat
running file
PrototypeCA.jar
Terdapat record
dengan id
<serial_number
> dan
subject_name
<nomor_telepon
>
dalam tabel
sertifikat
Berhasil
13
Membangkitkan
pasangan kunci root
root tidak
memiliki
pasangan kunci
pribadi
running file
PrototypeCA.jar
CA memiliki
pasangan kunci
Berhasil
14
Membangkitkan CRL
untuk pasangan kunci
yang akan di-revoke
CRL untuk
pasangan kunci
belum ada
running file
PrototypeCA.jar
Terdapat file
CRL dengan
nama
<serial_number
>.crl dalam
folder crl di
root CA
Berhasil
15
Menyimpan path menuju
file CRL dalam basis data
record dengan
serial
<serial_number
> sertifikat
yang di-revoke
tidak terdapat
dalam tabel crl
dalam basis
data
Running
PrototypeCA.jar
Terdapat record
dengan serial
<serial_number
> sertifikat
dalam tabel crl
di basis data.
Berhasil
LAMPIRAN 2 Format X509 Certificate
X509 Sertifikat v1
Certificate fields
Interpretation of contents
Version
Version of certificate format
Serial Number
Certificate Serial Number
Signature Algorithm
Signature Algorithm identifier for certificate
issuer's signature
Issuer
CA's X509 name
Validity period
Start and Expiry dates/times
Subject name
Subject X509 name
Subject public-key information
Algorothm identifier and subject public-key
value
Issuer's signature
Certificate authoritys' digital signature
X509 Sertifikat v2
Certificate fields
Interpretation of two more added fields
v1=v2
(for seven fields )
Version, serial number, signature Algorithm,
issuer, validity period, subject name, subject's
public-key information
Issuer unique identifier
To handle the possibility of reuse of issuer and/or
subject names through time
Subject unique identifier
v1=v2
(for last field)
Issuer's signature
X509 Sertifikat v3
Certificate fields
Interpretation of contents
v1=v2=v3
(for seven fields)
Version, serial number, signature Algorithm,
issuer, validity period, subject name, subject's
public-key information
v2=v3
(for two fields)
Issuer unique identifier, subject unique identifier
Extension
Key and policy information, subject and
issuerattributes, certificateion path constraints,
extension related CRL's
v1=v2=v3
LAMPIRAN 3 Implementasi Utils.java
/* * To change this template, choose Tools | Templates * and open the template in the editor. */ package ui; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.SecureRandom; import java.security.MessageDigest; import java.security.KeyPair; import java.security.PublicKey; import java.security.PrivateKey; import java.security.KeyPairGenerator; import java.math.BigInteger; //import java.security.*; import java.security.cert.X509Certificate; import java.util.Date; //import java.security.KeyPair; //import java.security.PrivateKey; //import java.security.cert.X509Certificate; import javax.security.auth.x500.X500PrivateCredential; import javax.security.auth.x500.X500Principal; import javax.crypto.KeyGenerator; import javax.crypto.SecretKey; import javax.crypto.spec.IvParameterSpec; import org.bouncycastle.asn1.x509.*; import org.bouncycastle.x509.*; import org.bouncycastle.x509.extension.*; /** * * @author aboy */ public class Utils { //from chapter2 utils private static String digits="0123456789abcdef"; public static String toHex(byte[] data, int length) { StringBuffer buff=new StringBuffer(); for (int i=0;i!=length; i++) { int v=data[i] & 0xff; buff.append(digits.charAt(v>>4)); buff.append(digits.charAt(v&0xf)); } return buff.toString(); } public static String toHex(byte[] data) { return toHex(data, data.length); } //chapter3 utils public static SecretKey createKeyForAES(int bitLength, SecureRandom random) throws NoSuchAlgorithmException, NoSuchProviderException { KeyGenerator generator=KeyGenerator.getInstance("AES","BC"); generator.init(256, random); return generator.generateKey(); } public static IvParameterSpec createCtrIvForAES(int messageNumber, SecureRandom random) { byte[] ivBytes=new byte[16]; random.nextBytes(ivBytes); ivBytes[0]=(byte)(messageNumber >>24);ivBytes[1]=(byte)(messageNumber >>16); ivBytes[2]=(byte)(messageNumber >>8); ivBytes[3]=(byte)(messageNumber >>0); for (int i=0;i!=7;i++) { ivBytes[8+i]=0; } ivBytes[15]=1; return new IvParameterSpec(ivBytes); } public static String toString(byte[] bytes, int Length) { char[] chars=new char[Length]; for (int i=0;i!=chars.length;i++) { chars[i]=(char)(bytes[i] &0xff); } return new String(chars); } public static String toString(byte[] bytes) { return toString(bytes, bytes.length); } public static byte[] toByteArray(String string) { byte[] bytes=new byte[string.length()]; char[] chars=string.toCharArray(); for (int i=0;i!=chars.length;i++) { bytes[i]=(byte)chars[i]; } return bytes; } //chapter 4 private static class FixedRand extends SecureRandom { MessageDigest sha; byte[] state; FixedRand() { try { this.sha=MessageDigest.getInstance("SHA1","BC"); this.state=sha.digest(); } catch(Exception e) { throw new RuntimeException("Cant find SHA1"); } } public void nextBytes(byte[] bytes) { int off=0; sha.update(state); while (off < bytes.length) { state=sha.digest(); if (bytes.lengthoff>state.length) { System.arraycopy(state, 0, bytes, off, state.length); } else { System.arraycopy(state, 0, bytes, off, bytes.lengthoff); } off+= state.length; sha.update(state); } }
} public static SecureRandom createFixedRandom() { return new FixedRand(); } //chapter5 public static KeyPair generateRSAKeyPair() throws Exception { KeyPairGenerator kpGen=KeyPairGenerator.getInstance("RSA","BC" ); kpGen.initialize(1024, new SecureRandom()); return kpGen.generateKeyPair(); } public static KeyPair generateElGamalKeyPair() throws Exception { KeyPairGenerator kpGen=KeyPairGenerator.getInstance("ElGamal","BC"); kpGen.initialize(256,new SecureRandom()); return kpGen.generateKeyPair(); } public static KeyPair generateDSAKeyPair() throws Exception { KeyPairGenerator kpGen=KeyPairGenerator.getInstance("DSA", "BC"); kpGen.initialize(512, new SecureRandom()); return kpGen.generateKeyPair(); } public static KeyPair generaterootDSAKeyPair()throws Exception { KeyPairGenerator kpGen=KeyPairGenerator.getInstance("DSA","BC"); kpGen.initialize(512, Utils.createFixedRandom()); return kpGen.generateKeyPair(); } //chapter7 private static final int VALIDITY_PERIOD=7*24*60*60*1000; public static X509Certificate generateRootCert(KeyPair pair) throws Exception { X509V1CertificateGenerator certGen=new X509V1CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(1)); certGen.setIssuerDN(new X500Principal("CN=Test CA Certificate")); certGen.setNotBefore(new Date(System.currentTimeMillis())); certGen.setNotAfter(new Date(System.currentTimeMillis()+VALIDITY_PERIOD)); certGen.setSubjectDN(new X500Principal("CN=Test CA Certificate")); certGen.setPublicKey(pair.getPublic()); certGen.setSignatureAlgorithm("SHA1WithDSA"); return certGen.generateX509Certificate(pair.getPrivate(),"BC"); } public static X509Certificate generateIntermediateCert(PublicKey intKey, PrivateKey caKey, X509Certificate caCert ) throws Exception { X509V3CertificateGenerator certGen=new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(1)); certGen.setIssuerDN(caCert.getSubjectX500Principal()); certGen.setNotBefore(new Date(System.currentTimeMillis())); certGen.setNotAfter(new Date(System.currentTimeMillis()+VALIDITY_PERIOD)); certGen.setSubjectDN(new X500Principal("CN=TEST Intermediate Certificate")); certGen.setPublicKey(intKey); certGen.setSignatureAlgorithm("SHA1WithDSA"); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(intKey)); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(0)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature|KeyUsage.keyCertSign|KeyUsage.cRLSign));
return certGen.generateX509Certificate(caKey, "BC"); } public static X509Certificate generateEndEntityCert(PublicKey entityKey, PrivateKey caKey, X509Certificate caCert)throws Exception { X509V3CertificateGenerator certGen=new X509V3CertificateGenerator(); certGen.setSerialNumber(BigInteger.valueOf(1)); certGen.setIssuerDN(caCert.getSubjectX500Principal()); certGen.setNotBefore(new Date(System.currentTimeMillis())); certGen.setNotAfter(new Date(System.currentTimeMillis()+VALIDITY_PERIOD)); certGen.setSubjectDN(new X500Principal("CN=test end Certificate")); certGen.setPublicKey(entityKey); certGen.setSignatureAlgorithm("SHA1WithDSA"); certGen.addExtension(X509Extensions.AuthorityKeyIdentifier, false, new AuthorityKeyIdentifierStructure(caCert)); certGen.addExtension(X509Extensions.SubjectKeyIdentifier, false, new SubjectKeyIdentifierStructure(entityKey)); certGen.addExtension(X509Extensions.BasicConstraints, true, new BasicConstraints(false)); certGen.addExtension(X509Extensions.KeyUsage, true, new KeyUsage(KeyUsage.digitalSignature|KeyUsage.keyEncipherment)); return certGen.generateX509Certificate(caKey,"BC"); } //chapter 8 public static String ROOT_ALIAS="root"; public static String INTERMEDIATE_ALIAS="intermediate"; public static String END_ENTITY_ALIAS="end"; //generate a x500privatecredential for the root entity. public static X500PrivateCredential createRootCredential()throws Exception { KeyPair rootPair=generateDSAKeyPair(); X509Certificate rootCert=generateRootCert(rootPair); return new X500PrivateCredential(rootCert, rootPair.getPrivate(), ROOT_ALIAS); } //generate a x500Privatecredential for the intermediate centity public static X500PrivateCredential createIntermediateCredential(PrivateKey caKey, X509Certificate caCert) throws Exception { KeyPair interPair=generateDSAKeyPair(); X509Certificate interCert=generateIntermediateCert(interPair.getPublic(), caKey, caCert); return new X500PrivateCredential(interCert, interPair.getPrivate(), INTERMEDIATE_ALIAS); } //generate a x500Privatecredential for the end entity public static X500PrivateCredential createEndEntityCredential(PrivateKey caKey,X509Certificate caCert) throws Exception { KeyPair endPair=generateDSAKeyPair(); X509Certificate endCert=generateEndEntityCert(endPair.getPublic(), caKey, caCert); return new X500PrivateCredential(endCert, endPair.getPrivate(), END_ENTITY_ALIAS); } }