JavaScript to Encrypt with Certificate

I have been having touble debugging this code.  It fails on "this.encryptForRecipients".  Please help!!  I have double (triple) checked my typing, and I can't seem to find anything incorrect, excepting that I have one item in 'oGroup', not an array....  I am currently trying to execute this from the console, before i create a folder level JS.  I would prefer to use oEntity with out firstName, lastName, and fullName.
Thank you all for yout help!
var cerPath = "/C/Documents and Settings/rrh/Desktop/Sample/";
var cerFile = "01PCH004.cer";
var oCert = security.importFromFile("Certificate", cerPath + cerFile);
var oEntity = {firstName:"Fred", lastName:"Smith", fullName:"Fred Smith", certificates:oCert, defaultEncryptCert:oCert};
this.encryptForRecipients({oGroups:[{userEntities:oEntity, permissions:{allowPrinting:"highQuality"}}],
                bMetaData : true});
InvalidArgsError: Invalid arguments.
Doc.encryptForRecipients:7:Console undefined:Exec
undefined
-rogge

The variable oEntity was not an array.  Brackets were added to make the variable a one element array:
var oEntity = [{firstName:"Fred", lastName:"Smith", fullName:"Fred Smith", certificates:oCert, defaultEncryptCert:oCert}];

Similar Messages

  • File to SOAP (Synchronous) with certificates Encryption and Descryption

    Hi,
    Can anybody advice me how can I develop the scenario file to SOAP (Synchronous Process) with certificates encryption and descryption.
    Thanks,
    Naidu.

    For file to soap sync scenario without using BPM, you need to use the following adapter modules.
    http://help.sap.com/saphelp_nw04/helpdata/en/45/20c210c20a0732e10000000a155369/content.htm
    http://help.sap.com/saphelp_nw04/helpdata/en/45/20cc5dc2180733e10000000a155369/content.htm
    For applying certificates, you need to configure SSL on java stack.
    https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/197e6aec-0701-0010-4cbe-ad5ff6703c16
    Regards,
    Prateek

  • Does Adobe Reader for iOS and Android Support Encryption with PKI Solution?

    Hello there,
    I have been searching for an answer whether or not Adobe Reader for iOS and Android can read encrypted PDF files by public key infrastructure solution (encrypted by a public key, to be decrypted by its private key pair), but to date I have not found the answer.  From the Adobe web site, I understand that Adobe Reader for Android supports to read encrypted document by AES256 but it does not mention about PKI.  I had to guess that it does not support encryption with PKI but I would just like to get a formal answer, and would like to know whether Adobe Reader Mobile will support it. 
    Thanks!
    Masaya

    Hi there,
    Now we have Acrobat DC Mobile but I am still wondering if encryption/description using PKI solution (digital certificates) is supported.  Could anyone let me know?  Thank you.
    Masaya

  • Configuration/Setup for securing PI messages with certificates

    Hello Experts,
    I'm looking for some guidance/suggestions/direction in regards to installing and using certificates when exchanging data with trading partners via PI 7.0.  It's something new to us and it's been a bit of a struggle.
    In scenario 1, we want to send to, and receive from, xml documents with a partner.  We currently send from our PI system, but want to receive the messages back thru an F5 network (?) which would decrypt the message and pass it along to PI.  This also takes care of load-balancing.
    In scenario 2, we want to exchange EDI messages using the AS2 Adapter from Seeburger.  Again, messages would be sent from PI and received by the F5 network.
    The F5 would act as the SSL termination point (if that's the correct term), and pass the decrypted message to PI via a normal http transfer.
    We are storing our partners' certificates within PI, and configuring the communication channels to use them.  Is this correct?  Do they need to be stored on the F5 as well?  Do we then give them our certificate from the F5, or do they need a certificate from our PI server, or both?
    I guess what I'm looking for is some straight-forward SSL 101 documentation, especially where it applies to middleware like the F5.  Thanks in advance for any help you can give.

    Hi,
    Just a quick note on the certificates; if you want to encrypt messages sent from PI you need the public key of the receiver stored in PI (J2EE key store) with which to encrypt the messages. When receiving files back from partners, they would need to encrypt the messages with the public key of F5 certificate. F5 would then use its private key to decrypt the message before passing to PI.
    So, yes, you are correct to store the certificates of your partners in PI which will be used in encryption of outbound messages. F5 would only need the private keys of the certificate that your partners have encrypted with, no need for PI certificates to be stored in F5 (unless you also need digital signatures).
    Hope this helps.
    Br,
    Kenneth

  • Ability to sign emails with certificates

    Hi all,
    I was just wondering if anyone had been able to setup their email on the iphone (I am using a mobile me account which syncs - I don't know the terminology) with digital signatures.
    I have setup my macbook that, when I compose an email, I can sign it with a free certificate I got from Comodo.
    I was wondering if there was a way of setting up the iphone so that I can also sign the messages I compose when I am about?
    I had a look at the iphone configuration utility (briefly) but got scared that I might change some other setting and break my phone (everything else is working so nicely).
    Is there any guides as to how set this up (am happy to look at the iphone utility if I could get all the current settings I have loaded onto it and then just change the required changes). I don't know if this is even allowed in the device...
    Any information would be helpful
    Cheers
    AusQBall

    Hi Sean,
    Thanks for replying but I am not sure that the application does quite what I am after...
    I am not trying to add an image with my signature on it but rather add a cryptographic signature which allows the recipient to know that it came from me. My knowledge on this topic is a little sketchy but I think that, for it to work, a hash of the entire message would need to be calculated and then encrypted with a private key found in my signature certificate (which only I have). The recipient can then check that the message has not been altered using the public key (provided in the email and signed by a certificate authority) to confirm that the hashes match.
    Please reply if I have misunderstood something with the application.
    Also thank you for looking into this for me. Any help is appreciated.
    Cheers
    AusQBall

  • IKEv2 with certificates

    Example provided is on 1941 ISR routers with 15.2(2)T1 software.  One router has 15.3(1)T.
    IKEv2 with pre-shared key comes up fine.
    IKEv2 with certificates gives auth exchange fail error
    IKEv1 with same certificates comes up fine.
    The above were Microsoft CA certificates.
    I tried with IOS CA certificates, still auth exchange fail error.
    Same results with 3945 and 2911 routers on IOS 15.1(2)T

    This is details of how I got it working.
    sho   tech ipsec
    ------------------ show version ------------------
    Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(2)T1, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2012 by Cisco Systems, Inc.
    Compiled Wed 29-Feb-12 20:40 by prod_rel_team
    ROM: System Bootstrap, Version 15.0(1r)M15, RELEASE SOFTWARE (fc1)
    happy uptime is 30 minutes
    System returned to ROM by power-on
    System restarted at 20:26:58 UTC Fri Mar 1 2013
    System image file is "flash0:c2900-universalk9-mz.SPA.152-2.T1.bin"
    Last reload type: Normal Reload
    Last reload reason: power-on
    This product contains cryptographic features and is subject to United
    States and local country laws governing import, export, transfer and
    use. Delivery of Cisco cryptographic products does not imply
    third-party authority to import, export, distribute or use encryption.
    Importers, exporters, distributors and users are responsible for
    compliance with U.S. and local country laws. By using this product you
    agree to comply with applicable laws and regulations. If you are unable
    to comply with U.S. and local laws, return this product immediately.
    A summary of U.S. laws governing Cisco cryptographic products may be found at:
    http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
    If you require further assistance please contact us by sending email to
    [email protected].
    Cisco CISCO2911/K9 (revision 1.0) with 487424K/36864K bytes of memory.
    Processor board ID FTX1621AJFU
    3 Gigabit Ethernet interfaces
    1 terminal line
    1 Virtual Private Network (VPN) Module
    DRAM configuration is 64 bits wide with parity enabled.
    255K bytes of non-volatile configuration memory.
    250880K bytes of ATA System CompactFlash 0 (Read/Write)
    License Info:
    License UDI:
    Device#      PID            SN
    *0        CISCO2911/K9          FTX1621AJFU    
    Technology Package License Information for Module:'c2900'
    Technology    Technology-package           Technology-package
                  Current       Type           Next reboot 
    ipbase        ipbasek9      Permanent      ipbasek9
    security      securityk9    Permanent      securityk9
    uc            None          None           None
    data          None          None           None
    Configuration register is 0x2102
    ------------------ show running-config ------------------
    Building configuration...
    Current configuration : 6483 bytes
    ! Last configuration change at 20:56:07 UTC Fri Mar 1 2013 by csfc
    ! NVRAM config last updated at 20:55:05 UTC Fri Mar 1 2013 by csfc
    ! NVRAM config last updated at 20:55:05 UTC Fri Mar 1 2013 by csfc
    version 15.2
    service timestamps debug datetime msec
    service timestamps log datetime msec
    no service password-encryption
    hostname happy
    boot-start-marker
    boot-end-marker
    security passwords min-length 6
    logging buffered 51200 warnings
    no logging console
    enable secret 4 4Q5iiIH2YznVeGHA3p6Qjm8oBj4LWNDTHjsG21MxgXU
    no aaa new-model
    no ipv6 cef
    ip auth-proxy max-login-attempts 5
    ip admission max-login-attempts 5
    ip domain name csfc.com
    ip name-server 192.168.1.3
    no ip cef
    multilink bundle-name authenticated
    crypto pki token default removal timeout 0
    crypto pki trustpoint dc-ca
    enrollment terminal
    subject-name cn=happy.csfc,c=us
    revocation-check none
    crypto pki certificate map CRT 10
    issuer-name co csfc
    crypto pki certificate chain dc-ca
    certificate 3F51979A000000000012
      3082038E 30820333 A0030201 02020A3F 51979A00 00000000 12300A06 082A8648
      CE3D0403 02303B31 13301106 0A099226 8993F22C 64011916 03636F6D 31143012
      060A0992 268993F2 2C640119 16046373 6663310E 300C0603 55040313 0564632D
      6361301E 170D3133 30333031 31383532 35365A17 0D313530 33303131 38353235
      365A3022 310B3009 06035504 06130275 73311330 11060355 0403130A 68617070
      792E6373 66633059 30130607 2A8648CE 3D020106 082A8648 CE3D0301 07034200
      0429D4D8 F89E295B F7AF826F 86A3F29D EF48FCFF D2374B0F D39CD393 620D3EFD
      D484BFA4 3ED08E16 7FDF839D 0FF85690 26C0545C 1B56EC17 7A2E6C1D 5D1A6CD8
      DDA38202 36308202 32300B06 03551D0F 04040302 06C0301D 0603551D 0E041604
      142DCC8D 554A4853 C4C03B3D 2400E3EA 459406B5 AE301F06 03551D23 04183016
      80142389 F56583FC B73D3F11 79A47EAB 96721E76 81AA3081 BB060355 1D1F0481
      B33081B0 3081ADA0 81AAA081 A78681A4 6C646170 3A2F2F2F 434E3D64 632D6361
      2C434E3D 44432C43 4E3D4344 502C434E 3D507562 6C696325 32304B65 79253230
      53657276 69636573 2C434E3D 53657276 69636573 2C434E3D 436F6E66 69677572
      6174696F 6E2C4443 3D637366 632C4443 3D636F6D 3F636572 74696669 63617465
      5265766F 63617469 6F6E4C69 73743F62 6173653F 6F626A65 6374436C 6173733D
      63524C44 69737472 69627574 696F6E50 6F696E74 3081B406 082B0601 05050701
      010481A7 3081A430 81A10608 2B060105 05073002 8681946C 6461703A 2F2F2F43
      4E3D6463 2D63612C 434E3D41 49412C43 4E3D5075 626C6963 2532304B 65792532
      30536572 76696365 732C434E 3D536572 76696365 732C434E 3D436F6E 66696775
      72617469 6F6E2C44 433D6373 66632C44 433D636F 6D3F6341 43657274 69666963
      6174653F 62617365 3F6F626A 65637443 6C617373 3D636572 74696669 63617469
      6F6E4175 74686F72 69747930 3C06092B 06010401 82371507 042F302D 06252B06
      01040182 37150881 98D47A81 B6D74A87 A98B18DF C60887B8 D4794787 BCE00C86
      9D892C02 01640201 11301306 03551D25 040C300A 06082B06 01050508 0202301B
      06092B06 01040182 37150A04 0E300C30 0A06082B 06010505 08020230 0A06082A
      8648CE3D 04030203 49003046 022100E7 E5814B90 CE6EABE2 B12C818A 6323160D
      632C0551 B765DA29 0CA4BAAC 27325F02 2100E516 11985F3E CDB23FE7 BB91C836
      74C457BB 5EA87ED6 3D9DCF41 AE4CDD40 A28F
          quit
    certificate ca 2C8A76A7904BB4B341B3AAFA9ED387D3
      308201DC 30820183 A0030201 0202102C 8A76A790 4BB4B341 B3AAFA9E D387D330
      0A06082A 8648CE3D 04030230 3B311330 11060A09 92268993 F22C6401 19160363
      6F6D3114 3012060A 09922689 93F22C64 01191604 63736663 310E300C 06035504
      03130564 632D6361 301E170D 31333031 32333135 32383435 5A170D31 38303132
      33313533 3834345A 303B3113 3011060A 09922689 93F22C64 01191603 636F6D31
      14301206 0A099226 8993F22C 64011916 04637366 63310E30 0C060355 04031305
      64632D63 61305930 1306072A 8648CE3D 02010608 2A8648CE 3D030107 03420004
      EFA5B6B5 BC89C22A B91DDDBB 60034DB9 21655D71 3965177D 9D5956D0 8C45ABC9
      38EB4175 44AA06DC 19B94DAB 368AC06C 35077B97 24BE5879 758256FA 03838F2F
      A3693067 30130609 2B060104 01823714 0204061E 04004300 41300E06 03551D0F
      0101FF04 04030201 86300F06 03551D13 0101FF04 05300301 01FF301D 0603551D
      0E041604 142389F5 6583FCB7 3D3F1179 A47EAB96 721E7681 AA301006 092B0601
      04018237 15010403 02010030 0A06082A 8648CE3D 04030203 47003044 022010BD
      C2ADC8B7 C2C05DB2 CFE2E78A B3A47E2E 8A3193CA 607E4AE3 EEF105F0 42CE0220
      056C951C 45ECD966 DFA9BADB 9F1CC71E 8F029C12 F94593A6 21B50A49 C1E62581
          quit
    license udi pid CISCO2911/K9 sn FTX1621AJFU
    username csfc privilege 15 secret 4
    username admin privilege 15 secret 4
    username Happy privilege 15 secret 4
    redundancy
    crypto ikev2 proposal prop-1
    encryption aes-cbc-256
    integrity sha256
    group 19
    crypto ikev2 policy policy1
    proposal prop-1
    crypto ikev2 profile default
    match certificate CRT
    identity local dn
    authentication local ecdsa-sig
    authentication remote rsa-sig
    authentication remote ecdsa-sig
    pki trustpoint dc-ca
    no crypto ikev2 diagnose error
    no crypto ikev2 http-url cert
    crypto ikev2 certificate-cache 750
    crypto ikev2 fragmentation mtu 1400
    crypto logging ikev2
    crypto ipsec transform-set SEC esp-aes esp-sha256-hmac
    crypto ipsec profile default
    set transform-set SEC
    set ikev2-profile default
    interface Tunnel0
    no ip address
    interface Tunnel1
    ip address 192.168.100.1 255.255.255.0
    tunnel source GigabitEthernet0/1
    tunnel destination 192.168.11.42
    tunnel protection ipsec profile default
    interface Embedded-Service-Engine0/0
    no ip address
    shutdown
    interface GigabitEthernet0/0
    ip address 192.168.1.40 255.255.255.0
    duplex full
    speed auto
    interface GigabitEthernet0/1
    ip address 192.168.11.41 255.255.255.252
    duplex full
    speed auto
    interface GigabitEthernet0/2
    no ip address
    shutdown
    duplex auto
    speed auto
    ip forward-protocol nd
    ip http server
    ip http access-class 23
    ip http authentication local
    ip http secure-server
    ip http timeout-policy idle 60 life 86400 requests 10000
    ip route 192.168.2.0 255.255.255.0 Tunnel1
    no cdp advertise-v2
    control-plane
    banner login ^CCPLEEEESE!^C
    line con 0
    login local
    line aux 0
    line 2
    no activation-character
    no exec
    transport preferred none
    transport input all
    transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
    stopbits 1
    line vty 0 4
    privilege level 15
    password
    login local
    transport input ssh
    line vty 5 15
    access-class 23 in
    privilege level 15
    login local
    transport input telnet ssh
    scheduler allocate 20000 1000
    sntp server 192.168.1.3 version 3
    end
    ------------------ show crypto tech-support ------------------
    ------------------ show crypto isakmp sa count ------------------
    Active ISAKMP SA's: 0
    Standby ISAKMP SA's: 0
    Currently being negotiated ISAKMP SA's: 0
    Dead ISAKMP SA's: 0
    ------------------ show crypto ipsec sa count ------------------
    IPsec SA total: 2, active: 2, rekeying: 0, unused: 0, invalid: 0
    ------------------ show crypto isakmp sa detail ------------------
    Codes: C - IKE configuration mode, D - Dead Peer Detection
           K - Keepalives, N - NAT-traversal
           T - cTCP encapsulation, X - IKE Extended Authentication
           psk - Preshared key, rsig - RSA signature
           renc - RSA encryption
    IPv4 Crypto ISAKMP SA
    C-id  Local           Remote          I-VRF  Status Encr Hash   Auth DH Lifetime Cap.
    IPv6 Crypto ISAKMP SA
    ------------------ show crypto ipsec sa detail ------------------
    interface: Tunnel1
        Crypto map tag: Tunnel1-head-0, local addr 192.168.11.41
       protected vrf: (none)
       local  ident (addr/mask/prot/port): (192.168.11.41/255.255.255.255/47/0)
       remote ident (addr/mask/prot/port): (192.168.11.42/255.255.255.255/47/0)
       current_peer 192.168.11.42 port 500
         PERMIT, flags={origin_is_acl,}
        #pkts encaps: 271, #pkts encrypt: 271, #pkts digest: 271
        #pkts decaps: 275, #pkts decrypt: 275, #pkts verify: 275
        #pkts compressed: 0, #pkts decompressed: 0
        #pkts not compressed: 0, #pkts compr. failed: 0
        #pkts not decompressed: 0, #pkts decompress failed: 0
        #pkts no sa (send) 0, #pkts invalid sa (rcv) 0
        #pkts encaps failed (send) 0, #pkts decaps failed (rcv) 0
        #pkts invalid prot (recv) 0, #pkts verify failed: 0
        #pkts invalid identity (recv) 0, #pkts invalid len (rcv) 0
        #pkts replay rollover (send): 0, #pkts replay rollover (rcv) 0
        ##pkts replay failed (rcv): 0
        #pkts tagged (send): 0, #pkts untagged (rcv): 0
        #pkts not tagged (send): 0, #pkts not untagged (rcv): 0
        #pkts internal err (send): 0, #pkts internal err (recv) 0
         local crypto endpt.: 192.168.11.41, remote crypto endpt.: 192.168.11.42
         path mtu 1500, ip mtu 1500, ip mtu idb GigabitEthernet0/1
         current outbound spi: 0x1DF8CFFA(502845434)
         PFS (Y/N): N, DH group: none
         inbound esp sas:
          spi: 0xBF473CF2(3209116914)
            transform: esp-aes esp-sha256-hmac ,
            in use settings ={Tunnel, }
            conn id: 5, flow_id: SW:5, sibling_flags 80000040, crypto map: Tunnel1-head-0
            sa timing: remaining key lifetime (k/sec): (4181836/3479)
            IV size: 16 bytes
            replay detection support: Y
            Status: ACTIVE(ACTIVE)
         inbound ah sas:
         inbound pcp sas:
         outbound esp sas:
          spi: 0x1DF8CFFA(502845434)
            transform: esp-aes esp-sha256-hmac ,
            in use settings ={Tunnel, }
            conn id: 6, flow_id: SW:6, sibling_flags 80000040, crypto map: Tunnel1-head-0
            sa timing: remaining key lifetime (k/sec): (4181837/3479)
            IV size: 16 bytes
            replay detection support: Y
            Status: ACTIVE(ACTIVE)
         outbound ah sas:
         outbound pcp sas:
    ------------------ show crypto session summary ------------------
    ------------------ show crypto session detail ------------------
    Crypto session current status
    Code: C - IKE Configuration mode, D - Dead Peer Detection    
    K - Keepalives, N - NAT-traversal, T - cTCP encapsulation    
    X - IKE Extended Authentication, F - IKE Fragmentation
    Interface: Tunnel1
    Uptime: 00:02:00
    Session status: UP-ACTIVE    
    Peer: 192.168.11.42 port 500 fvrf: (none) ivrf: (none)
          Phase1_id: cn=grumpy.csfc,c=us
          Desc: (none)
      IKEv2 SA: local 192.168.11.41/500 remote 192.168.11.42/500 Active
              Capabilities:(none) connid:3 lifetime:23:58:00
      IPSEC FLOW: permit 47 host 192.168.11.41 host 192.168.11.42
            Active SAs: 2, origin: crypto map
            Inbound:  #pkts dec'ed 275 drop 0 life (KB/Sec) 4181836/3479
            Outbound: #pkts enc'ed 271 drop 0 life (KB/Sec) 4181837/3479
    ------------------ show crypto isakmp peers ------------------
    ------------------ show crypto ruleset detail ------------------
    Mtree:
    199 VRF 0  11 192.168.11.41/500 ANY Forward, Forward
    299 VRF 0  11 192.168.11.41/4500 ANY Forward, Forward
    200000199 VRF 0  11 ANY/848 ANY Forward, Forward
    200000299 VRF 0  11 ANY ANY/848 Forward, Forward
    6553700000000000101 VRF 0  2F 192.168.11.41 192.168.11.42 Discard/notify, Encrypt
    6553700000000000199 VRF 0  2F 192.168.11.41 192.168.11.42 Discard/notify, Discard/notify
    ------------------ show processes memory | include  Crypto IKMP ------------------
    260   0       5432        880      18424          3          3 Crypto IKMP    
    ------------------ show processes cpu |  include Crypto IKMP ------------------
    260           0           6          0  0.00%  0.00%  0.00%   0 Crypto IKMP     
    ------------------ show crypto eli ------------------
    Hardware Encryption : ACTIVE
    Number of hardware crypto engines = 1
    CryptoEngine Onboard VPN details: state = Active
    Capability    : IPPCP, DES, 3DES, AES, IPv6, GDOI, FAILCLOSE, HA
    IPSec-Session :     0 active,  3200 max, 0 failed
    ------------------ show cry engine accelerator statistic ------------------
    Device:   Onboard VPN
    Location: Onboard: 0
        :Statistics for encryption device since the last clear
         of counters 1826 seconds ago
                      0 packets in                           0 packets out          
                      0 bytes in                             0 bytes out            
                      0 paks/sec in                          0 paks/sec out         
                      0 Kbits/sec in                         0 Kbits/sec out        
                      0 packets decrypted                    0 packets encrypted    
                      0 bytes before decrypt                 0 bytes encrypted      
                      0 bytes decrypted                      0 bytes after encrypt  
                      0 packets decompressed                 0 packets compressed   
                      0 bytes before decomp                  0 bytes before comp    
                      0 bytes after decomp                   0 bytes after comp     
                      0 packets bypass decompr               0 packets bypass compres
                      0 bytes bypass decompres               0 bytes bypass compressi
                      0 packets not decompress               0 packets not compressed
                      0 bytes not decompressed               0 bytes not compressed 
                      1.0:1 compression ratio                1.0:1 overall
            Last 5 minutes:
                      0 packets in                           0 packets out          
                      0 paks/sec in                          0 paks/sec out         
                      0 bits/sec in                          0 bits/sec out         
                      0 bytes decrypted                      0 bytes encrypted      
                      0 Kbits/sec decrypted                  0 Kbits/sec encrypted  
                      1.0:1 compression ratio                1.0:1 overall
    ------------------ show cry isakmp diagnose error ------------------
    Exit Path Table - status: disable, current entry 0, deleted 0, max allow 10
    ------------------ show cry isakmp diagnose error count ------------------
    Exit Trace counters
    ------------------ show crypto call admission statistics ------------------
                   Crypto Call Admission Control Statistics
    System Resource Limit:        0 Max IKE SAs:     0 Max in nego:  1000
    Total IKE SA Count:           0 active:          0 negotiating:     0
    Incoming IKE Requests:        0 accepted:        0 rejected:        0
    Outgoing IKE Requests:        0 accepted:        0 rejected:        0
    Rejected IKE Requests:        0 rsrc low:        0 Active SA limit: 0
                                                       In-neg SA limit: 0
    IKE packets dropped at dispatch:        0
    Max IPSEC SAs:     0
    Total IPSEC SA Count:           0 active:          0 negotiating:     0
    Incoming IPSEC Requests:        0 accepted:        0 rejected:        0
    Outgoing IPSEC Requests:        0 accepted:        0 rejected:        0
    Phase1.5 SAs under negotiation:         0
    sho ip int bri
    Interface                  IP-Address      OK? Method Status                Protocol
    Embedded-Service-Engine0/0 unassigned      YES NVRAM  administratively down down   
    GigabitEthernet0/0         192.168.1.40    YES NVRAM  up                    up     
    GigabitEthernet0/1         192.168.11.41   YES NVRAM  up                    up     
    GigabitEthernet0/2         unassigned      YES NVRAM  administratively down down   
    Tunnel0                    unassigned      YES unset  up                    down   
    Tunnel1                    192.168.100.1   YES NVRAM  up                    up     
    happy#
    happy#sho crypto pki cert verb
    Certificate
      Status: Available
      Version: 3
      Certificate Serial Number (hex): 3F51979A000000000012
      Certificate Usage: Signature
      Issuer:
        cn=dc-ca
        dc=csfc
        dc=com
      Subject:
        Name: happy.csfc
        cn=happy.csfc
        c=us
      CRL Distribution Points:
        ldap:///CN=dc-ca,CN=DC,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=csfc,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint
      Validity Date:
        start date: 18:52:56 UTC Mar 1 2013
        end   date: 18:52:56 UTC Mar 1 2015
      Subject Key Info:
        Public Key Algorithm: rsaEncryption
        EC Public Key:  (256 bit)
      Signature Algorithm: SHA256 with ECDSA
      Fingerprint MD5: BF234623 9E7F2C73 EBE07B0A 9E89FC76
      Fingerprint SHA1: DB8A8D50 23D9E2DD AC2ED2DC 5A857569 279F44D5
      X509v3 extensions:
        X509v3 Key Usage: C0000000
          Digital Signature
          Non Repudiation
        X509v3 Subject Key ID: 2DCC8D55 4A4853C4 C03B3D24 00E3EA45 9406B5AE
        X509v3 Authority Key ID: 2389F565 83FCB73D 3F1179A4 7EAB9672 1E7681AA
        Authority Info Access:
        Extended Key Usage:
            1.3.6.1.5.5.8.2.2
      Associated Trustpoints: dc-ca
      Storage: nvram:dc-ca#12.cer
      Key Label: happy.csfc.com
      Key storage device: private config
    CA Certificate
      Status: Available
      Version: 3
      Certificate Serial Number (hex): 2C8A76A7904BB4B341B3AAFA9ED387D3
      Certificate Usage: Signature
      Issuer:
        cn=dc-ca
        dc=csfc
        dc=com
      Subject:
        cn=dc-ca
        dc=csfc
        dc=com
      Validity Date:
        start date: 15:28:45 UTC Jan 23 2013
        end   date: 15:38:44 UTC Jan 23 2018
    --More--           Subject Key Info:
        Public Key Algorithm: rsaEncryption
        EC Public Key:  (256 bit)
      Signature Algorithm: SHA256 with ECDSA
      Fingerprint MD5: 1F937411 4DB57036 73D54124 E50E83FC
      Fingerprint SHA1: E78FE0BF DF5F168A 67860C48 78EC427C 66FE551A
      X509v3 extensions:
        X509v3 Key Usage: 86000000
          Digital Signature
          Key Cert Sign
          CRL Signature
        X509v3 Subject Key ID: 2389F565 83FCB73D 3F1179A4 7EAB9672 1E7681AA
        X509v3 Basic Constraints:
            CA: TRUE
        Authority Info Access:
      Associated Trustpoints: dc-ca
      Storage: nvram:dc-ca#87D3CA.cer
    happy#sho crypt key mypubkey all
    % Key pair was generated at: 18:44:07 UTC Mar 1 2013
    Key name: eckey
    Key type: EC KEYS
    Storage Device: private-config
    Usage: Signature Key
    Key is not exportable.
    Key Data:
      30593013 06072A86 48CE3D02 0106082A 8648CE3D 03010703 4200049A 28E9709A
      2F81DEE9 9ED27787 B790D3B4 487B3F2D DBA06E95 43298A54 19A3B0B7 E9107223
      5CB9F3CD 9D8BD0E9 9AB9FFC4 698C1912 CBADC469 9E7CD6D3 46E5A2
    % Key pair was generated at: 18:49:21 UTC Mar 1 2013
    Key name: happy.csfc.com
    Key type: EC KEYS
    Storage Device: private-config
    Usage: Signature Key
    Key is not exportable.
    Key Data:
      30593013 06072A86 48CE3D02 0106082A 8648CE3D 03010703 42000429 D4D8F89E
      295BF7AF 826F86A3 F29DEF48 FCFFD237 4B0FD39C D393620D 3EFDD484 BFA43ED0
      8E167FDF 839D0FF8 569026C0 545C1B56 EC177A2E 6C1D5D1A 6CD8DD
    happy#  sho crypto ike2 v2 session detail
    IPv4 Crypto IKEv2 Session
    Session-id:1, Status:UP-ACTIVE, IKE count:1, CHILD count:1
    Tunnel-id Local                 Remote                fvrf/ivrf            Status
    3         192.168.11.41/500     192.168.11.42/500     none/none            READY 
          Encr: AES-CBC, keysize: 256, Hash: SHA256, DH Grp:19, Auth sign: ECDSA, Auth verify: ECDSA
          Life/Active Time: 86400/339 sec
          CE id: 1084, Session-id: 1
          Status Description: Negotiation done
          Local spi: 239BE9D173BFD509       Remote spi: C7A295975E26147B
          Local id: cn=happy.csfc,c=us
          Remote id: cn=grumpy.csfc,c=us
          Local req msg id:  0              Remote req msg id:  2        
          Local next msg id: 0              Remote next msg id: 2        
          Local req queued:  0              Remote req queued:  2        
          Local window:      5              Remote window:      5        
          DPD configured for 0 seconds, retry 0
          NAT-T is not detected 
          Cisco Trust Security SGT is disabled
    Child sa: local selector  192.168.11.41/0 - 192.168.11.41/65535
              remote selector 192.168.11.42/0 - 192.168.11.42/65535
              ESP spi in/out: 0xBF473CF2/0x1DF8CFFA 
              AH spi in/out: 0x0/0x0 
              CPI in/out: 0x0/0x0 
              Encr: AES-CBC, keysize: 128, esp_hmac: SHA256
              ah_hmac: None, comp: IPCOMP_NONE, mode tunnel
    IPv6 Crypto IKEv2 Session
    happy#sho crypto ikev2 session sa detail
    IPv4 Crypto IKEv2  SA
    Tunnel-id Local                 Remote                fvrf/ivrf            Status
    3         192.168.11.41/500     192.168.11.42/500     none/none            READY 
          Encr: AES-CBC, keysize: 256, Hash: SHA256, DH Grp:19, Auth sign: ECDSA, Auth verify: ECDSA
          Life/Active Time: 86400/386 sec
          CE id: 1084, Session-id: 1
          Status Description: Negotiation done
          Local spi: 239BE9D173BFD509       Remote spi: C7A295975E26147B
          Local id: cn=happy.csfc,c=us
          Remote id: cn=grumpy.csfc,c=us
          Local req msg id:  0              Remote req msg id:  2        
          Local next msg id: 0              Remote next msg id: 2        
          Local req queued:  0              Remote req queued:  2        
          Local window:      5              Remote window:      5        
          DPD configured for 0 seconds, retry 0
          NAT-T is not detected 
          Cisco Trust Security SGT is disabled
    IPv6 Crypto IKEv2  SA
    happy#sho crypto ikev2 sa detail         stats
                              Crypto IKEv2 SA Statistics
    System Resource Limit:   0        Max IKEv2 SAs: 0        Max in nego: 1000   
    Total IKEv2 SA Count:    1        active:        1        negotiating: 0    
    Incoming IKEv2 Requests: 34       accepted:      34       rejected:    0      
    Outgoing IKEv2 Requests: 50       accepted:      50       rejected:    0      
    Rejected IKEv2 Requests: 0        rsrc low:      0        SA limit:    0      
    IKEv2 packets dropped at dispatch: 0      
    Incoming IKEV2 Cookie Challenged Requests: 0      
        accepted: 0        rejected: 0        rejected no cookie: 0      
    happy#exit

  • Issue with SharePoint foundation 2010 to use Claims Based Auth with Certificate authentication method with ADFS 2.0

    I would love some help with this issue.  I have configured my SharePoint foundation 2010 site to use Claims Based Auth with Certificate authentication method with ADFS 2.0  I have a test account set up with lab.acme.com to use the ACS.
    When I log into my site using Windows Auth, everything is great.  However when I log in and select my ACS token issuer, I get sent, to the logon page of the ADFS, after selected the ADFS method. My browser prompt me which Certificate identity I want
    to use to log in   and after 3-5 second
     and return me the logon page with error message “Authentication failed” 
    I base my setup on the technet article
    http://blogs.technet.com/b/speschka/archive/2010/07/30/configuring-sharepoint-2010-and-adfs-v2-end-to-end.aspx
    I validated than all my certificate are valid and able to retrieve the crl
    I got in eventlog id 300
    The Federation Service failed to issue a token as a result of an error during processing of the WS-Trust request.
    Request type: http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue
    Additional Data
    Exception details:
    Microsoft.IdentityModel.SecurityTokenService.FailedAuthenticationException: MSIS3019: Authentication failed. ---> System.IdentityModel.Tokens.SecurityTokenValidationException:
    ID4070: The X.509 certificate 'CN=Me, OU=People, O=Acme., C=COM' chain building failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed
    correctly, but one of the CA certificates is not trusted by the policy provider.
    at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
    at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
    at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
    at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
    at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
    --- End of inner exception stack trace ---
    at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
    at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.BeginGetScope(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
    at Microsoft.IdentityModel.SecurityTokenService.SecurityTokenService.BeginIssue(IClaimsPrincipal principal, RequestSecurityToken request, AsyncCallback callback, Object state)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.DispatchRequestAsyncResult..ctor(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginDispatchRequest(DispatchContext dispatchContext, AsyncCallback asyncCallback, Object asyncState)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.ProcessCoreAsyncResult..ctor(WSTrustServiceContract contract, DispatchContext dispatchContext, MessageVersion messageVersion, WSTrustResponseSerializer responseSerializer, WSTrustSerializationContext
    serializationContext, AsyncCallback asyncCallback, Object asyncState)
    at Microsoft.IdentityModel.Protocols.WSTrust.WSTrustServiceContract.BeginProcessCore(Message requestMessage, WSTrustRequestSerializer requestSerializer, WSTrustResponseSerializer responseSerializer, String requestAction, String responseAction, String
    trustNamespace, AsyncCallback callback, Object state)
    System.IdentityModel.Tokens.SecurityTokenValidationException: ID4070: The X.509 certificate 'CN=Me, OU=People, O=acme., C=com' chain building
    failed. The certificate that was used has a trust chain that cannot be verified. Replace the certificate or change the certificateValidationMode. 'A certification chain processed correctly, but one of the CA certificates is not trusted by the policy provider.
    at Microsoft.IdentityModel.X509CertificateChain.Build(X509Certificate2 certificate)
    at Microsoft.IdentityModel.Tokens.X509NTAuthChainTrustValidator.Validate(X509Certificate2 certificate)
    at Microsoft.IdentityModel.Tokens.X509SecurityTokenHandler.ValidateToken(SecurityToken token)
    at Microsoft.IdentityModel.Tokens.SecurityTokenElement.GetSubject()
    at Microsoft.IdentityServer.Service.SecurityTokenService.MSISSecurityTokenService.GetOnBehalfOfPrincipal(RequestSecurityToken request, IClaimsPrincipal callerPrincipal)
    thx
    Stef71

    This is perfectly correct on my case I was not adding the root properly you must add the CA and the ADFS as well, which is twice you can see below my results.
    on my case was :
    PS C:\Users\administrator.domain> $root = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
    cer\SP2K10\ad0001.cer")
    PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "domain.ad0001" -Certificate $root
    Certificate                 : [Subject]
                                    CN=domain.AD0001CA, DC=domain, DC=com
                                  [Issuer]
                                    CN=domain.AD0001CA, DC=portal, DC=com
                                  [Serial Number]
                                    blablabla
                                  [Not Before]
                                    22/07/2014 11:32:05
                                  [Not After]
                                    22/07/2024 11:42:00
                                  [Thumbprint]
                                    blablabla
    Name                        : domain.ad0001
    TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
    DisplayName                 : domain.ad0001
    Id                          : blablabla
    Status                      : Online
    Parent                      : SPTrustedRootAuthorityManager
    Version                     : 17164
    Properties                  : {}
    Farm                        : SPFarm Name=SharePoint_Config
    UpgradedPersistedProperties : {}
    PS C:\Users\administrator.domain> $cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\
    cer\SP2K10\ADFS_Signing.cer")
    PS C:\Users\administrator.domain> New-SPTrustedRootAuthority -Name "Token Signing Cert" -Certificate $cert
    Certificate                 : [Subject]
                                    CN=ADFS Signing - adfs.domain
                                  [Issuer]
                                    CN=ADFS Signing - adfs.domain
                                  [Serial Number]
                                    blablabla
                                  [Not Before]
                                    23/07/2014 07:14:03
                                  [Not After]
                                    23/07/2015 07:14:03
                                  [Thumbprint]
                                    blablabla
    Name                        : Token Signing Cert
    TypeName                    : Microsoft.SharePoint.Administration.SPTrustedRootAuthority
    DisplayName                 : Token Signing Cert
    Id                          : blablabla
    Status                      : Online
    Parent                      : SPTrustedRootAuthorityManager
    Version                     : 17184
    Properties                  : {}
    Farm                        : SPFarm Name=SharePoint_Config
    UpgradedPersistedProperties : {}
    PS C:\Users\administrator.PORTAL>

  • Windows Server 2008 R2 with multiple Roles OS Rebuild, Need help with Certificates.

    Hi,
    I have rebuilt a Server for my client and I require help with certificates..
    I am unsure exactly what to do to get this server working as it was.
    Example, The Windows Server 2008 R2 has Microsoft Exchange, DNS, DHCP, ADDS, FileServices,Network Policy and access Services and Webservices roles installed on a single box.
    Since the Server OS Rebuild I am getting 2 issues that pop up usually when Outlook in opened on a client Workstation,
    I have not dont anything certificate wise to the server since OS Install, and the messages I get and best described here
    I seen on a backdrive, a few certificate files I dont know if we can use these files for anything but we have the following files of drive E (Backup)
    e:\server.xxxx.com.au\gd_iis_intermediates.p7b
    e:\server.xxxx.com.au\server.xxxx.com.au.crt
    e:\ssl\2013-2018.cer
    1st Message is about a Proxy certificate I dont get this often but saw it today and my client clicked ok too quickly.
    I have seen it and didnt see it again after trying to close outlook and reopen
    I looked up google images and tried to find it...
    It's like this, (There is a problem with the proxy server's security certificate.
    The security certificate is not from a trusted certifying authority.)
    2nd Message is about Security Alert, Autodiscover.xxxx.com.au Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the sites security certificate.
    -X- The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certificating authority
    -TICK- The security certificate date is valid
    -X- The name on the security certificate is invalid or does not match the name of the site
    Do you want to preceed
    [Yes][No][View Certificate ...]
    3rd Message is very Close to the 2nd Message, is about Security Alert, xxxx-server.xxxx.local, Information you exchange with this site cannot be viewed or changed by others. However, there is a problem with the sites security certificate.
    -X- The security certificate was issued by a company you have not chosen to trust. View the certificate to determine whether you want to trust the certificating authority
    -TICK- The security certificate date is valid
    -TICK- The name on the security certificate is invalid or does not match the name of the site
    Do you want to preceded
    [Yes][No][View Certificate ...]
    If you can help guide me thou this as I'm very new to setting up certificates. I had a friend tell me about something in DNS.. but he has been super busy and I want to learn what to do.
    Thank-You.

    Hiya,
    quite a lot has the same confusions as you do, so I've written a simple explanation on the subjet of certificates
    http://jesperarnecke.wordpress.com/2014/03/22/certificates-simple-explanation/
    Let me know if that helps you and if you need further assistance.

  • How to update "Encrypt with UserKey" after Windows User Profile replacement?

    A problem with my User Profile required that the files be backed up, the profile deleted, a new profile created and my files restored. I have several SSIS projects built in Visual Studio 2012 that use "EncryptSensitiveWithUserKey". I assume the
    "UserKey" is based on the SID or GUID of my User Profile. Now when I open these projects I get the Warning:
    Warning 2 Warning loading SSISProject.dtproj: Warning: Failed to decrypt sensitive data in project with a user key. You may not be the user who encrypted this project, or you are not using the same machine that was used to save the project. If the sensitive data is a parameter value, the value may be required to run the package on the Integration Services server. SSISProject.dtproj 0 0
    Is there a way to reset the UserKey in an existing project to the key for my new Profile? Is the value derived and used for encryption stored in the .dtproj file? If so can I copy that value from a new SSIS project into the .dtproj file for my old projects?
    There has to be some way to "transfer ownership" of an SSIS project.
     

    There has to be some way to transfer "ownership" of SSIS projects between developers. Forget about my specific case of my profile being recreated. Let's say I built this SSIS project and was required to use Encrypt with UserKey. I leave
    the company. They ask another developer to make changes to the project. My old "ownership" of the project should be somehow transferable to the new developer. It shouldn't be tied to my ID (which no longer exists at the company) in perpetuity. Microsoft
    has to have some way to transfer "ownership" of SSIS Projects with "Encrypt with UserKey". It's such a common use case I can't believe they wouldn't provide for it.
    No, there is no way . This option is the default and it is actually the worst option precisely because it is useless in team development environment. Use
    EncryptSensitiveWithPassword option just like Arthur suggested and you should be fine.
    SSIS Tasks Components Scripts Services | http://www.cozyroc.com/

  • Error in authentication with ldap server with certificate

    Hi,
    i have a problem in authentication with ldap server with certificate.
    here i am using java API to authenticate.
    Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed.
    I issued the new certificate which is having the up to 5 years valid time.
    is java will authenticate up to one year only?
    Can any body help on this issue...
    Regards
    Ranga

    sorry i am gettting ythe same error
    javax.naming.CommunicationException: simple bind failed: servername:636 exception is javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: timestamp check failed]
    here when i am using the old certificate and changing the system date means i can get the authentication.
    can you tell where we can concentrate and solve the issue..
    where is the issue
    1. need to check with the ldap server only
    2. problem in java code only.
    thanks in advance

  • Cryptsetup: Swap encryption with supend-to-disk doesn't work

    Hello Community,
    i'm trying to get swap encryption with suspend-to-disk support to a working state.
    On my system only the /home partition is encrypted with cryptsetup-LUKS.
    I'm using the howto on "Using a swap file" (with /home/swapfile as swap file) in the wiki: https://wiki.archlinux.org/index.php/Dm … sk_support
    I followed exactly the given instructions:
    From /etc/mkinitcpio.conf
    HOOKS="base udev autodetect encrypt block resume filesystems keymap fsck"
    From /etc/default/grub
    GRUB_CMDLINE_LINUX="pcie_aspm=force pcie_aspm.policy=powersave pcie_port=native ipv6.disable=1 init=/usr/lib/systemd/systemd resume=/dev/mapper/crypthome resume_offset=16721572"
    From /etc/fstab:
    /home/swapfile none swap defaults 0 0
    The swapfile is working. Suspend-to-disk also works. But when resuming, I always get:
    ERROR: failed to open encryption mapping
    The device UUID=... is not a LUKS volume and the crypto= parameter was not specified
    running hook [resume]
    Waiting 10 seconds for /dev/mapper/crypthome
    ERROR: resume: hibernation device /dev/mapper/crypthome not found
    Then the system recovers the filesystem of / and later after the passphrase input of /dev/mapper/home it is forced to recover the filesystem of /home.
    Shouldn't I get a passphrase input when running the [resume] hook?
    Where is the problem I have missed?
    Thanks in advance!
    Last edited by indianahorst (2014-01-23 17:39:31)

    ball wrote:It seems that you've specified your home partition for the resume parameter, that is wrong. It should be the swap partition: https://wiki.archlinux.org/index.php/Su … parameters
    No. Have you read my posting completely?
    I don't use a swap partition.  I'm using a Swapfile on my encrypted home partition. See the link in the first posting and go to "Using a swap file".

  • Receiving bitlocker error in Event Viewer whenever i attach an external HD to my desktop (non are encrypted with bitlocker)

    Hello All,
    Seem to be having a problem recently.  Whenever I attach any external drive to my Desktop I receive the following error in Even Viewer.  I never encrypted any of the drives in question with bitlocker.
    Encrypted volume check: Volume information on \\?\Volume{7cc70383-5d6b-11e0-855c-001c25a5a540} cannot be read.
    Event ID: 24620
    And I cannot access my drive information.    At first i thought it may be an issue with one of the drives I have partially encrypted with TrueCrypt but I tried several other unencrypted drives and I receive the same error and I cannot access the
    data on my drives.
    I tried to access the Bit Locker Recovery tool program (downloaded the VISTA Version since there was no Windows 7 Version that I could find), but it did not allow me to install the recovery tool to attempt some kind of fixing.
    The strange thing is that I do not have Windows 7 Ultimate installed (which from what I understand is the only way to have Bitlocker).  I have windows 7 professional and I never encrypted my drives with bitlocker, 1 out of the 3 drives is partially
    encrypted with TrueCrypt, the other 2 are not encrypted with anything.
    The stranger thing is that I can plug the external drives to another laptop and I can access the data fine with no problem or errors.  I searched the forum for simliar problems, but did not see any responses with fixes to this issue.
    The only thing I can think of is that my Desktop downloaded and installed a bunch of Windows Updates within the last 4-5 days.
    heres is the update list
    http://farm6.static.flickr.com/5304/5890096650_431b0f3627_b.jpg
    Any assistance in attempting to figure this out would be appreciated.

    Hi,
    According to the error message, it should use
    BitLocker Repair Tool to fix it, refer:
    http://technet.microsoft.com/en-us/library/cc734057(WS.10).aspx
    What error message did you receive when you use BitLocker repair Tool?
    I notice one drive is encrypted with TrueCrypt, please use that program to unencrypt the drive for test.
    If it doesn’t work, since the issue didn’t appear before, you can try to perform a system restore to see the result.
    Hope that helps.
    Regards,
    Leo  
    Huang
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

  • How can I retrieve the password hint of an external drive encrypted with FileVault 2?

    Hi,
    I'm running on 10.7.3, I have an external HDD that is fully encrypted with FileVault 2.  When encrypting an external drive, FileVault 2 doesn't provide a recovery key, but it gives you the opportunity to give a hint at the time you enter the password.  My question is: how can I get this hint?
    I'm asking because I can't mount the drive anymore.  I keep getting prompted to enter the password, and although I believe I'm sure what the password is, it keeps getting refused.  The weird thing is that I have never been asked this password because the drive has always been automatically mounted after reboots, I guess because the password was in my Keychain.  I have no idea why it no longer auto-mounts and none of the passwords I tried worked.
    In Disk Utility, when I tried to "verify" the locked volume, Disk Utility logs an error in system.log with no other user visible action.  I filed a bug with Apple about this (#11286871) but I'm still waiting to hear back from them.  The error logged is:
    Apr 20 22:53:17 nowwhat Disk Utility[1508]: -[__NSCFDictionary setObject:forKey:]: attempt to insert nil value (key: diskIdentifier)
    Apr 20 22:53:17 nowwhat Disk Utility[1508]: (
                        0   CoreFoundation                      0x00007fff915bffc6 __exceptionPreprocess + 198
                        1   libobjc.A.dylib                     0x00007fff87a37d5e objc_exception_throw + 43
                        2   CoreFoundation                      0x00007fff915bfdfa +[NSException raise:format:arguments:] + 106
                        3   CoreFoundation                      0x00007fff915bfd84 +[NSException raise:format:] + 116
                        4   CoreFoundation                      0x00007fff9157cf3b -[__NSCFDictionary setObject:forKey:] + 219
                        5   DFA                                 0x000000010a1aa1b8 DFA + 25016
                        6   DFA                                 0x000000010a1ad701 DFA + 38657
                        7   DFA                                 0x000000010a1a61de DFA + 8670
                        8   CoreFoundation                      0x00007fff915af75d -[NSObject performSelector:withObject:] + 61
                        9   AppKit                              0x00007fff8e507cb2 -[NSApplication sendAction:to:from:] + 139
                        10  AppKit                              0x00007fff8e507be6 -[NSControl sendAction:to:] + 88
                        11  AppKit                              0x00007fff8e507b11 -[NSCell _sendActionFrom:] + 137
                        12  AppKit                              0x00007fff8e506fd4 -[NSCell trackMouse:inRect:ofView:untilMouseUp:] + 2014
                        13  AppKit                              0x00007fff8e586d04 -[NSButtonCell trackMouse:inRect:ofView:untilMouseUp:] + 489
                        14  AppKit                              0x00007fff8e505bde -[NSControl mouseDown:] + 786
                        15  AppKit                              0x00007fff8e4d06e0 -[NSWindow sendEvent:] + 6306
                        16  AppKit                              0x00007fff8e46916d -[NSApplication sendEvent:] + 5593
                        17  AppKit                              0x00007fff8e3ff1f2 -[NSApplication run] + 555
                        18  AppKit                              0x00007fff8e67db88 NSApplicationMain + 867
                        19  Disk Utility                        0x0000000104c4e475 Disk Utility + 9333
                        20  Disk Utility                        0x0000000104c4e270 Disk Utility + 8816

    Even if you succeed with the difficult instructions to do this, if you are running Mavericks (10.9.x) on your Mac, count on it to start over with a whole new backup of your Mac, so you will have two separate backup files for the Mac on the Time Capsule.
    Realistically, few of us ever need to go back months or years to retrieve a file from Time Machine. My recommendation would be to keep the external hard drive around for a few months until you have a good backup history established for the Mac....and then delete the backups from the drive and use it as a spare hard drive.

  • I have my iPhone 4s backed up on my mac but it seems it was encrypted with a password which i do not remember is there any other option to retrieve to the backup without restoring the device as a new one. Also I do not have access to a windows system.

    I have my iPhone 4s backed up on my mac but it seems it was encrypted with a password which i do not remember is there any other option to retrieve to the backup without restoring the device as a new one. Also I do not have access to a windows system.

    Sorry no, if you don't knnow the encrypted password, then you can't use that backjup.

  • Office 2010 created PDF only bringing up Work with Certificates option with Signing

    When creating PDF documents with Microsoft Word 2010, the only Sign option showing is Work With Certificates and is greyed, I Need To Sign and Get Others to Sign is missing.  My previous PC with Windows 7/Office 2010 and Reader Xi was able to sign documents.  I'm also able on my old XP machine to create a dummy pdf in Word 2010 and sign it in Reader, and on my Windows8/Office 2013/Reader Xi PC.  Any idea as to where this might have been broken?
    With the PDF file created in 2013, I Ctrl+D'd to get the security settings as it's commonly suggested that electronic signatures is failing because of a setting there, however I'm still able to sign it with Signing: Not Allowed and get the full signing menu instead of the Work With Certificates.

    Hi,
    If you meet any problems when using our products, you can post the question here. Please post one question in a single thread, and the question should be posted in the proper forum.
    The current forum is for Office 2010 - Planning, Deployment, and Compatibility.
    Just as Don mentioned, you may have multiple questions and some of them are not well placed, post them to the correct forum to get the specific support.
    Regards,
    Melon Chen
    TechNet Community Support

Maybe you are looking for