Requirements

Java Runtime Environment

BSE is a Java application so a Java Runtime Environment must be installed. All development and testing has been done on J2SE 1.4 but it might be possible to run BSE from J2SE version 1.2 onwards.

Bouncy Castle Crypto API

BSE uses the Bouncy Castle Crypto API, which has to be in the Java classpath. The Bouncy Castle API for JDK 1.4 is included in the BSE download.

General

All BSE features can be used either from the command line or a graphical user interface.

Broadcast Signing Engine, version 0.3.2
Feedback to bse-users@lists.sourceforge.net
 
Usage:  bse command arguments
   or:  bse -args argfile
   or:  bse -gui
 
Commands:
 
    root     Generate an MHP root certificate.
    request  Generate a request for an MHP leaf certificate.
    sign     Respond to a certificate request by signing an X509
             certificate.
    xlet     Sign an Xlet.
 
The arguments take the form of attribute/value pairs, like
"file: /tmp/myCert".  Used with -args, argfile must be a
text file, containing the arguments in the above format.
Quoted strings may appear in this file.
      

Sign Xlet

Command:  xlet
 
    Signs an MHP Xlet
 
    Arguments:
 
        certs:  Full names of all certificate files in the certificate
                chain, separated by the OS path separator.
                The file names must be in the correct ascending order:
                signing certificate first and root certificate last.
        key:    Full name of file containing signing private key
        src:    Base directory to copy Xlet files from
        dest:   Destination. If this is equal to src, the files will be
                added/modified in this directory. Otherwise,
                a directory with this name will be created and
                if the directory already exists and the optional rm
                argument is not set to "true" the command will fail.
 
    Plus, optionally:
 
        files:  Full names of all files to be signed, separated by the
                OS path separator. All other files will not be signed.
                If this argument is left out all files will be signed.
        rm:     If set to "true", the dest directory will be deleted
                in the case that it already exists. If set to "false"
                (or anything else) or left out, the command will fail if
                the dest directory already exists.
      

This command creates a ready to broadcast Xlet file structure under the dest directory.

Generate Root

Command:  root
 
    Generates an MHP root certificate
 
    Arguments:
 
        name:        Subject commonName of root CA
        country:     Subject countryName of root CA
        email:       Subject e-mail address of root CA
        validFrom:   Date cert is valid from, in dd/mm/yyyy format
        validUntil:  Date cert is valid until, in dd/mm/yyyy format
        serial:      Serial number of certificate
        strength:    Length of key in bits
        file:        Where to store the results
      

This command generates two files: one that contains the private key and one that contains the public certificate.

Generate Request

Command:  request
 
    Generates a request for an MHP leaf certificate
 
    Arguments:
 
        name:        Subject commonName of leaf (not including org id)
        country:     Subject countryName of leaf
        email:       Subject e-mail address of leaf
        strength:    Length of key in bits
        file:        Where to store the results.
 
    Plus, optionally:
 
        org:         Subject organisation specific text followed by a
                     dot and the organisation ID as eight hex digits
                     with leading zeroes
        validFrom:   Date cert to be valid from, in dd/mm/yyyy format
        validUntil:  Date cert to be valid until, in dd/mm/yyyy format
      

This command creates two files: one that contains the private key and one that contains the certificate request in DER encoded format.

Sign Certificate

Command:  sign
 
    Signs an MHP certificate
 
    Arguments:
 
        csrFile:     Certificate signing request file
        certFile:    File containing signer's X509 certificate
        keyFile:     File containing signer's private key
        validFrom:   Date cert to be valid from, in dd/mm/yyyy format
        validUntil:  Date cert to be valid until, in dd/mm/yyyy format
        file:        Where to store the results
 
    Optional arguments:
 
        leaf:        Whether the certificate is a leaf (true, default)
                     or not (false)