Cipher vs signature algorithm?

Similar Messages

• What is the complexity of "Elliptic curve Pinstov Vanstone signature" algorithm?

  what is the complexity of "Elliptic curve Pinstov Vanstone signature" algorithm?

  Why do you ask? And why do you ask us?

• Help!!input pfx,p12 to jks keystore get error "Signature Algorithm mismach"

  The following is the question that I met ~ Who can help me to solve the problem?
  use j2sdk1.4.02
  I'm tring to use keytool to input my company's pfx file to jks format keystore ,
  and I'm getting keytool error "Signature Algorithm mismatch" .
  I also tried to import the pfx file to Netscape and export to p12 format ,
  and still got error "Signature Algorithm mismatch".
  When I using following command ..
  keytool -list -keystore xxx.p12 -storetype PKCS12
  It still throws keytool error "Signature Algorithm mismatch".
  And I checked the pfx(p12) file with IE , the Signature Algorithm Name is RSA.
  What problem whith the p12 file?
  Is keytool can't support RSA Signature Algorithm, or anything else??
  Finally,maybe all the problems are that I have wrong idea, and hope someone can instruct me.
  Thanks for help..(I'm looking for this question several days.)
  Vincent ...(from Taiwan)

  I'd just purchase and use KeyStore Explorer. $30 for single-user.
  It easily converts between pkcs12 and jks formats. I had no problems generating keys/certs in this tool and exporting them to JKS keystores for use with Java as well as into OpenSSL for use with Apache, etc.

• Unable to calculate a request signature: Algorithm HmacSHA1 not available

  I develop one javaFx application.
  which upload the files on amazon s3 server.
  The application work fine when the executable jar of the application is made.
  But when the native packaging of the application is done. The .msi file is created and after installing this .msi the application started correctly but at the time of uploading file on s3 the "Unable to calculate a request signature: Algorithm HmacSHA1 not available" error occur in log file and files are not uploaded.
  The creation of the jar and native application is done by the com.zenjava maven plugin.

  Got the solution.After creating native bundle the bundle have its own private copy of jre this private jre does not contain "ext" folder which is present in regular jre.
  This causes the problem of cryptography which is the reason for above problem.

• Generate SSL cert with stronger signature algorithm such as RSA-SHA 1 or SHA 2 from Certificate Authority Version: 5.2.3790.3959

  We have a Certificate Authority (Version: 5.2.3790.3959) configured on  Windows 2003 R2 server in our environment. How do i generated SSL cert with stronger signature algorithm such as with SHA1 or SHA2
  Currently i am only able to generate SSL cert with md5RSA.

  Hi,
  Since you are using Windows Server 2003 R2 as CA, the hash algorithm cannot be changed, while in Windows 2008 and 2008 R2, changing the hash algorithm is possible.
  Therefore, you need to build a new CA to use a new algorithm.
  More information for you:
  Is it possible to change the hash algorithm when I renew the Root CA
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/91572fee-b455-4495-a298-43f30792357e/is-it-possible-to-change-the-hash-algorithm-when-i-renew-the-root-ca?forum=winserversecurity
  Changing public key algorithm of a CA certificate
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/0fd19577-4b21-4bda-8f56-935e4d360171/changing-public-key-algorithm-of-a-ca-certificate?forum=winserversecurity
  modify CA configuration after Migration
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/0d5bcb76-3a04-4bcf-b317-cc65516e984c/modify-ca-configuration-after-migration?forum=winserversecurity
  Best Regards,
  Amy Wang

• SHA256 certificate with Signature Algorithm as RSASSA-PSS not supported in FireFox but it is the only option available

  I have just built a new PKI infrastructure for issuing SHA2 certificates. When I duplicate a template and set it up to use KSP instead of CSP to enable SHA2 signing, the only provider I have available is the Microsoft Software Key Storage Provider which
  translates into RSASSA-PSS. I am also allowing the Private Key to be exported due to the fact that the cert and Key need to be placed on multiple servers such as in a cluster.
  I am finding that FireFox does not support certificates which use RSASSA-PSS and have tracked it to a few Bugzilla reports. IE and Chrome appear to not have any problem with this.
  I want to change the provider to something that FireFox supports while still being able to issue SHA2 certs. I am finding that if I unmark the "Allow Key to be Exported" on the template when I build the it, other options for providers appear.
  I need to be able to support the big 3 browsers: IE, Firefox, and Chrome while still allowing the key to be exported. I used AlternateSignatureAlgorithms=1 for the capolicy.inf file on both the offline root and Intermediate CA's. I read a post somewhere
  that changing the Root to AlternateSignatureAlgorithms=0 and renewing the Intermediate CA certificate could solve the problem but I do not understand how I can obtain a HSA2 certificate for the Intermediate if that is not enabled.
  I could use some assistance with this if someone knows how to make this work. Many thanks.
  Brian B.

  Brian,
  There is no correlation at all between the
  AlternateSignatureAlgorithms=1  or 0 line and the use of SHA256. In my book, it is recommended when you get into the weirder combinations (Elliptical curve versions, etc.)
  If you do as you plan (using AlternateSignatureAlgorithms=0),
  then the CA certificates will show Sha256RSA as the signature algorithm, and be universally accepted.
  As you stated... 
  1) Change the capolicy.inf on the root CA and renew the root CA certificate.
  2) Change the CAPolicy.inf on the issuing CA and renew the issuing CA certificate
  Now start issuing the KSP certificates, they will be usable on Firefox
  Brian 

• Set Signature Algorithm to SHA-256 in CSR

  running 8.4(5) on ASA5550
  im trying to renew the certificate for webvpn, however we have a new requirement that  the signature  Algorithm should be SHA-256 but when i create the new RSA keys and enroll the trust-point to generate the CSR, i cant find where to change the signature Algorithm and it show
  "Signature Algorithm: SHA1 with RSA Encryption"
  any advice..

  You can't change that on the ASA .  Check with your CA the one who is signing the request for you .
  Moh.

• Signature algorithm SHA256

  NFE requires that CSR have the SHA256 algorithm instead of the usual SHA1... We generate key pair in the NWA key storage with 2048 RSA.. Unfortunately the signature algorithm on the key pair is SHA1 and not SHA256 as requested by government. As a result our CSR is rejected.
  Is there any way to generate the key pair with signature algorithm SHA256 from Keystorage view (in NWA) or how do we go about generating one?

  Can elaborate more on using -a with that option?  The only ones published are RSA (default) and DSA and when I tried explicitly what you wrote it was an invalid option.
  We had a situation where we requested our cert from the authority like we normally do with sapgenpse get_pse -p SAPSSLS.pse -r <certeq_name.req>-s 2048 "xxx.xxx.xxx, C=US"
  We would get the response back and import it with
  sapgenpse import_own_cert -c <cert file.crt> -r <intermed.crt> -r <root.crt> -p SAPSSLS.pse -x <pin>
  This time the cert request came back from our authority as G2 (SHA-2).  The import failed with an FCPath error, but when l looked at the subject, all the variables were in fact in the certificate chain.  The one thing that was odd was that the "C" variable in the error was in quotes (e.g. "company name, inc.") instead of C=comany name, inc.
  I asked the authority admin to reprocess my request as SHA-1.  He sent me a response and bundle of root+intermediate.  Ran the same command, and the SSL cert imported without incident.
  Do we need to specify something in the initial request (sapgenpse get_pse...) to insure we get use an SHA-2 cert?  Or is there another reason my SHA-1 cert imported when the SHA-2 one gave the FCPath error?

• MD2 signature algorithm on CSS

  Hello,
  Is the MD2 signature algorithm supported on a CSS?
  Thanks for a response.
  Kind regards,
  Kurt

  I am not sure why you are using MD2. MD2 is an old hashing algorithm and may be very weak compared to MD5, which is very widely used. I strongly suggest you to upgrade to MD5.

• Issuing CA's signature algorithm changed from sha1RSA to RSASSA-PSS

  Hi all,
  We found the root cause of why one of our Issuing CA's all of a sudden started issuing certs with a signature algorithm of RSASSA-PSS instead of sha1RSA (the signature algorithm it was originally set up to use).  Turns out one of our techs ran the following
  command a few months ago on the Issuing CA while trying to get it to issue a custom Polycom device cert:
  Certutil -setreg CA\csp\AlternateSignatureAlgorithm 1
  After that, the Issuing CA started kicking out certs with RSASSA-PSS as the signature algorithm.  I imagine the fix to get this Issuing CA back to using sha1RSA as the signature algorithm is to set that reg entry to 0 or just delete it altogether. 
  However, my question is, what about all the certs this Issuing CA has issued
  since the signature algorithm changed?  If I change it back to sha1RSA, will that somehow invalidate or cause an issue with all of the certs issued with RSASSA-PSS?  That could be an issue since this CA has issued many many certs to
  laptops for NPS 802.1x auth!
  Any help is appreciated!
  BD

  Hi,
  changing the CA signature algorithm will not invalid the existing certificates. They just stay as they are. That's why you haven't experienced any issues as your your tech made the change for RSASSA-PSS.
  @moderator: Please move this post to Windows Security forum - http://social.technet.microsoft.com/Forums/en-US/winserversecurity
  Hope that helps,
  Lutz

• RSASSA-PSS certificate signature algorithm support

  Hi,
  does anyone know if the certificate signature algorithm RSASSA-PSS is supported by Mac OS X?
  Currently I have an issue with integrating Mac OS X in SCCM due to an certificate error - bad certificate format!
  THanks!

  Brian,
  There is no correlation at all between the
  AlternateSignatureAlgorithms=1  or 0 line and the use of SHA256. In my book, it is recommended when you get into the weirder combinations (Elliptical curve versions, etc.)
  If you do as you plan (using AlternateSignatureAlgorithms=0),
  then the CA certificates will show Sha256RSA as the signature algorithm, and be universally accepted.
  As you stated... 
  1) Change the capolicy.inf on the root CA and renew the root CA certificate.
  2) Change the CAPolicy.inf on the issuing CA and renew the issuing CA certificate
  Now start issuing the KSP certificates, they will be usable on Firefox
  Brian 

• Java Client AUthentication to IIS 5 server throwing no IV for Cipher error

  I have trying to do Java client authentication. Got the Certificate from CA and loaded it in server. When I run the JavaClient program I get the
  error no IV for Cipher.
  I am using JDK 1.5.0_06 and JSSE 1.0.3_03.
  Any help is greatly appreciated.
  Thanks
  Here is the debug report
  trustStore is: C:\JTEST\cacerts
  trustStore type is : JKS
  trustStore provider is :
  init truststore
  adding as trusted cert:
  Subject: CN=devclient.test.com, OU=Mycompany, O=Second Data Corporation., L=San Francisco, ST=California, C=US
  Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  Algorithm: RSA; Serial number: 0x5b0bf
  Valid from Thu Feb 16 06:23:37 PST 2006 until Sat Feb 17 06:23:37 PST 2007
  adding as trusted cert:
  Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
  Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
  Algorithm: RSA; Serial number: 0x1
  Valid from Fri Jun 25 17:19:54 PDT 1999 until Tue Jun 25 17:19:54 PDT 2019
  adding as trusted cert:
  Subject: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
  Issuer: CN=Baltimore CyberTrust Code Signing Root, OU=CyberTrust, O=Baltimore, C=IE
  Algorithm: RSA; Serial number: 0x20000bf
  Valid from Wed May 17 07:01:00 PDT 2000 until Sat May 17 16:59:00 PDT 2025
  adding as trusted cert:
  Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
  Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), O=Entrust.net, C=US
  Algorithm: RSA; Serial number: 0x374ad243
  Valid from Tue May 25 09:09:40 PDT 1999 until Sat May 25 09:39:40 PDT 2019
  adding as trusted cert:
  Subject: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
  Issuer: CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
  Algorithm: RSA; Serial number: 0x20000b9
  Valid from Fri May 12 11:46:00 PDT 2000 until Mon May 12 16:59:00 PDT 2025
  adding as trusted cert:
  Subject: CN=devclient.paymap.com, OU=First Data Corp, O=Paymap Inc, L=San Francisco, ST=California, C=USA
  Issuer: CN=Thawte Test CA Root, OU=TEST TEST TEST, O=Thawte Certification, ST=FOR TESTING PURPOSES ONLY, C=ZA
  Algorithm: RSA; Serial number: 0xe2501de73ac37428
  Valid from Mon Feb 20 15:51:25 PST 2006 until Mon Mar 13 15:51:25 PST 2006
  adding as trusted cert:
  Subject: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer: CN=VeriSign Class 3 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x9b7e0649a33e62b9d5ee90487129ef57
  Valid from Thu Sep 30 17:00:00 PDT 1999 until Wed Jul 16 16:59:59 PDT 2036
  adding as trusted cert:
  Subject: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
  Issuer: OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Tue Jun 29 10:39:16 PDT 2004 until Thu Jun 29 10:39:16 PDT 2034
  adding as trusted cert:
  Subject: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
  Issuer: [email protected], CN=Thawte Personal Basic CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x0
  Valid from Sun Dec 31 16:00:00 PST 1995 until Thu Dec 31 15:59:59 PST 2020
  adding as trusted cert:
  Subject: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Issuer: OU=Class 3 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x70bae41d10d92934b638ca7b03ccbabf
  Valid from Sun Jan 28 16:00:00 PST 1996 until Tue Aug 01 16:59:59 PDT 2028
  adding as trusted cert:
  Subject: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
  Issuer: OU=Equifax Secure eBusiness CA-2, O=Equifax Secure, C=US
  Algorithm: RSA; Serial number: 0x3770cfb5
  Valid from Wed Jun 23 05:14:45 PDT 1999 until Sun Jun 23 05:14:45 PDT 2019
  adding as trusted cert:
  Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  Algorithm: RSA; Serial number: 0x35def4cf
  Valid from Sat Aug 22 09:41:51 PDT 1998 until Wed Aug 22 09:41:51 PDT 2018
  adding as trusted cert:
  Subject: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
  Issuer: [email protected], CN=Thawte Personal Freemail CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x0
  Valid from Sun Dec 31 16:00:00 PST 1995 until Thu Dec 31 15:59:59 PST 2020
  adding as trusted cert:
  Subject: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
  Issuer: CN=Equifax Secure eBusiness CA-1, O=Equifax Secure Inc., C=US
  Algorithm: RSA; Serial number: 0x4
  Valid from Sun Jun 20 21:00:00 PDT 1999 until Sat Jun 20 21:00:00 PDT 2020
  adding as trusted cert:
  Subject: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
  Issuer: [email protected], CN=Thawte Personal Premium CA, OU=Certification Services Division, O=Thawte Consulting, L=Cape Town, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x0
  Valid from Sun Dec 31 16:00:00 PST 1995 until Thu Dec 31 15:59:59 PST 2020
  adding as trusted cert:
  Subject: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
  Issuer: CN=GTE CyberTrust Root 5, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
  Algorithm: RSA; Serial number: 0x1b6
  Valid from Fri Aug 14 07:50:00 PDT 1998 until Wed Aug 14 16:59:00 PDT 2013
  adding as trusted cert:
  Subject: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Issuer: OU=Class 1 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0xcdba7f56f0dfe4bc54fe22acb372aa55
  Valid from Sun Jan 28 16:00:00 PST 1996 until Tue Aug 01 16:59:59 PDT 2028
  adding as trusted cert:
  Subject: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
  Issuer: CN=GTE CyberTrust Root, O=GTE Corporation, C=US
  Algorithm: RSA; Serial number: 0x1a3
  Valid from Fri Feb 23 15:01:00 PST 1996 until Thu Feb 23 15:59:00 PST 2006
  adding as trusted cert:
  Subject: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
  Issuer: CN=Entrust.net Secure Server Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/SSL_CPS incorp. by ref. (limits liab.), O=Entrust.net
  Algorithm: RSA; Serial number: 0x389b113c
  Valid from Fri Feb 04 09:20:00 PST 2000 until Tue Feb 04 09:50:00 PST 2020
  adding as trusted cert:
  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 3 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x7dd9fe07cfa81eb7107967fba78934c6
  Valid from Sun May 17 17:00:00 PDT 1998 until Tue Aug 01 16:59:59 PDT 2028
  adding as trusted cert:
  Subject: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  Issuer: [email protected], CN=Thawte Premium Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x1
  Valid from Wed Jul 31 17:00:00 PDT 1996 until Thu Dec 31 15:59:59 PST 2020
  adding as trusted cert:
  Subject: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
  Issuer: OU=Secure Server Certification Authority, O="RSA Data Security, Inc.", C=US
  Algorithm: RSA; Serial number: 0x2ad667e4e45fe5e576f3c98195eddc0
  Valid from Tue Nov 08 16:00:00 PST 1994 until Thu Jan 07 15:59:59 PST 2010
  adding as trusted cert:
  Subject: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
  Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/Client_CA_Info/CPS incorp. by ref. limits liab., O=Entrust.net, C=US
  Algorithm: RSA; Serial number: 0x380391ee
  Valid from Tue Oct 12 12:24:30 PDT 1999 until Sat Oct 12 12:54:30 PDT 2019
  adding as trusted cert:
  Subject: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
  Issuer: CN=Entrust.net Client Certification Authority, OU=(c) 2000 Entrust.net Limited, OU=www.entrust.net/GCCA_CPS incorp. by ref. (limits liab.), O=Entrust.net
  Algorithm: RSA; Serial number: 0x389ef6e4
  Valid from Mon Feb 07 08:16:40 PST 2000 until Fri Feb 07 08:46:40 PST 2020
  adding as trusted cert:
  Subject: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Issuer: OU=Class 2 Public Primary Certification Authority, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x2d1bfc4a178da391ebe7fff58b45be0b
  Valid from Sun Jan 28 16:00:00 PST 1996 until Tue Aug 01 16:59:59 PDT 2028
  adding as trusted cert:
  Subject: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer: CN=VeriSign Class 2 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x6170cb498c5f984529e7b0a6d9505b7a
  Valid from Thu Sep 30 17:00:00 PDT 1999 until Wed Jul 16 16:59:59 PDT 2036
  adding as trusted cert:
  Subject: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
  Issuer: CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US
  Algorithm: RSA; Serial number: 0x1a5
  Valid from Wed Aug 12 17:29:00 PDT 1998 until Mon Aug 13 16:59:00 PDT 2018
  adding as trusted cert:
  Subject: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  Issuer: [email protected], CN=Thawte Server CA, OU=Certification Services Division, O=Thawte Consulting cc, L=Cape Town, ST=Western Cape, C=ZA
  Algorithm: RSA; Serial number: 0x1
  Valid from Wed Jul 31 17:00:00 PDT 1996 until Thu Dec 31 15:59:59 PST 2020
  adding as trusted cert:
  Subject: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
  Issuer: CN=GeoTrust Global CA, O=GeoTrust Inc., C=US
  Algorithm: RSA; Serial number: 0x23456
  Valid from Mon May 20 21:00:00 PDT 2002 until Fri May 20 21:00:00 PDT 2022
  adding as trusted cert:
  Subject: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
  Issuer: CN=Entrust.net Certification Authority (2048), OU=(c) 1999 Entrust.net Limited, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), O=Entrust.net
  Algorithm: RSA; Serial number: 0x3863b966
  Valid from Fri Dec 24 09:50:51 PST 1999 until Tue Dec 24 10:20:51 PST 2019
  adding as trusted cert:
  Subject: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
  Issuer: CN=Equifax Secure Global eBusiness CA-1, O=Equifax Secure Inc., C=US
  Algorithm: RSA; Serial number: 0x1
  Valid from Sun Jun 20 21:00:00 PDT 1999 until Sat Jun 20 21:00:00 PDT 2020
  adding as trusted cert:
  Subject: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
  Issuer: OU=Go Daddy Class 2 Certification Authority, O="The Go Daddy Group, Inc.", C=US
  Algorithm: RSA; Serial number: 0x0
  Valid from Tue Jun 29 10:06:20 PDT 2004 until Thu Jun 29 10:06:20 PDT 2034
  adding as trusted cert:
  Subject: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Issuer: CN=VeriSign Class 1 Public Primary Certification Authority - G3, OU="(c) 1999 VeriSign, Inc. - For authorized use only", OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x8b5b75568454850b00cfaf3848ceb1a4
  Valid from Thu Sep 30 17:00:00 PDT 1999 until Wed Jul 16 16:59:59 PDT 2036
  adding as trusted cert:
  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 2 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0xb92f60cc889fa17a4609b85b706c8aaf
  Valid from Sun May 17 17:00:00 PDT 1998 until Tue Aug 01 16:59:59 PDT 2028
  adding as trusted cert:
  Subject: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Issuer: OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US
  Algorithm: RSA; Serial number: 0x4cc7eaaa983e71d39310f83d3a899192
  Valid from Sun May 17 17:00:00 PDT 1998 until Tue Aug 01 16:59:59 PDT 2028
  trigger seeding of SecureRandom
  done seeding SecureRandom
  main, setSoTimeout(50000) called
  TIMEOUT=50000
  %% No cached client session
  *** ClientHello, TLSv1
  RandomCookie: GMT: 1123703368 bytes = { 11, 7, 242, 147, 134, 10, 57, 192, 137, 131, 191, 249, 253, 146, 232, 223, 146, 195, 53, 255, 121, 236, 182, 158, 191, 94, 156, 190 }
  Session ID: {}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
  Compression Methods: { 0 }
  main, WRITE: TLSv1 Handshake, length = 73
  main, WRITE: SSLv2 client hello message, length = 98
  main, READ: TLSv1 Handshake, length = 873
  *** ServerHello, TLSv1
  RandomCookie: GMT: 1123703296 bytes = { 123, 165, 102, 102, 169, 196, 229, 241, 3, 49, 81, 239, 83, 155, 209, 243, 236, 229, 18, 193, 228, 104, 27, 152, 232, 193, 173, 11 }
  Session ID: {147, 24, 0, 0, 22, 29, 124, 158, 177, 166, 96, 36, 217, 32, 191, 41, 36, 217, 54, 244, 11, 56, 214, 139, 133, 140, 38, 132, 157, 77, 87, 77}
  Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
  Compression Method: 0
  %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  ** SSL_RSA_WITH_RC4_128_MD5
  *** Certificate chain
  chain [0] = [
  Version: V3
  Subject: CN=www.just-in-time-eft-paymap.com, OU=Paymap, O=First Data Corporation., L=San Francisco, ST=California, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: Sun RSA public key, 1024 bits
  modulus: 115897801846480906504507305240934762652258285705294305856746227593079520228602278416768070978663757452626836382370415992468189745643687252249588163510925353035555192020212360325664657305599855674966873189987712512397233103225326014387972568754281141553272745093478026229567341632738641376167448499163118598699
  public exponent: 65537
  Validity: [From: Mon Sep 12 11:37:51 PDT 2005,
                 To: Sun Nov 12 11:37:51 PST 2006]
  Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  SerialNumber: [    057aa7]
  Certificate Extensions: 5
  [1]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: FC 76 D2 8C C3 DE 0D 8F EA 32 26 60 83 C9 8B 9C .v.......2&`....
  0010: C6 E6 BB 57 ...W
  [2]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
  0010: 98 90 9F D4 ....
  [3]: ObjectId: 2.5.29.31 Criticality=false
  CRLDistributionPoints [
  [DistributionPoint:
  [URIName: http://crl.geotrust.com/crls/secureca.crl]
  [4]: ObjectId: 2.5.29.37 Criticality=false
  ExtendedKeyUsages [
  [1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
  [5]: ObjectId: 2.5.29.15 Criticality=true
  KeyUsage [
  DigitalSignature
  Non_repudiation
  Key_Encipherment
  Data_Encipherment
  Algorithm: [SHA1withRSA]
  Signature:
  0000: 44 D7 B0 69 BF B0 AA 4D 5A 17 70 9C 37 BA 61 A2 D..i...MZ.p.7.a.
  0010: 57 B4 34 85 6D 59 1F 82 72 34 9B 92 7D BD DF 27 W.4.mY..r4.....'
  0020: CE 97 E3 CA AE 23 5D 85 3C 1A C6 19 D1 49 C2 3F .....#].<....I.?
  0030: C6 E2 7E 97 8D 63 94 1E 04 AC 9F 5F 37 08 2A 96 .....c....._7.*.
  0040: 1A 47 D1 9D 69 0C 71 6A F3 74 1C FF 7D 20 E1 CA .G..i.qj.t... ..
  0050: 75 D0 45 84 2E 11 3C DD D4 73 25 38 76 27 E0 73 u.E...<..s%8v'.s
  0060: 70 AC 70 0F A5 E3 5B 9D 7E 0E AB 6A 79 07 18 38 p.p...[....jy..8
  0070: 5B A1 63 A2 89 8C 96 A1 50 36 4C D2 C6 D5 27 25 [.c.....P6L...'%
  Found trusted certificate:
  Version: V3
  Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: Sun RSA public key, 1024 bits
  modulus: 135786214035069526348186531221551781468391756233528066061569654028671100866720352830303278016129003918213826297308054231261658522889438712013757624116391437358730449661353175673177742307421061340003741057138887918110217006515773038453829253517076741780039735595086881329494037450587568122088113584549069375417
  public exponent: 65537
  Validity: [From: Sat Aug 22 09:41:51 PDT 1998,
                 To: Wed Aug 22 09:41:51 PDT 2018]
  Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  SerialNumber: [    35def4cf]
  Certificate Extensions: 7
  [1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 0D 30 0B 1B 05 56 33 2E 30 63 03 02 06 C0 ..0...V3.0c....
  [2]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
  0010: 98 90 9F D4 ....
  [3]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
  0010: 98 90 9F D4 ....
  [4]: ObjectId: 2.5.29.31 Criticality=false
  CRLDistributionPoints [
  [DistributionPoint:
  [CN=CRL1, OU=Equifax Secure Certificate Authority, O=Equifax, C=US]
  [5]: ObjectId: 2.5.29.15 Criticality=false
  KeyUsage [
  Key_CertSign
  Crl_Sign
  [6]: ObjectId: 2.5.29.16 Criticality=false
  PrivateKeyUsage: [
  To: Wed Aug 22 09:41:51 PDT 2018]
  [7]: ObjectId: 2.5.29.19 Criticality=false
  BasicConstraints:[
  CA:true
  PathLen:2147483647
  Algorithm: [SHA1withRSA]
  Signature:
  0000: 58 CE 29 EA FC F7 DE B5 CE 02 B9 17 B5 85 D1 B9 X.).............
  0010: E3 E0 95 CC 25 31 0D 00 A6 92 6E 7F B6 92 63 9E ....%1....n...c.
  0020: 50 95 D1 9A 6F E4 11 DE 63 85 6E 98 EE A8 FF 5A P...o...c.n....Z
  0030: C8 D3 55 B2 66 71 57 DE C0 21 EB 3D 2A A7 23 49 ..U.fqW..!.=*.#I
  0040: 01 04 86 42 7B FC EE 7F A2 16 52 B5 67 67 D3 40 ...B......R.gg.@
  0050: DB 3B 26 58 B2 28 77 3D AE 14 77 61 D6 FA 2A 66 .;&X.(w=..wa..*f
  0060: 27 A0 0D FA A7 73 5C EA 70 F1 94 21 65 44 5F FA '....s\.p..!eD_.
  0070: FC EF 29 68 A9 A2 87 79 EF 79 EF 4F AC 07 77 38 ..)h...y.y.O..w8
  *** ServerHelloDone
  *** ClientKeyExchange, RSA PreMasterSecret, TLSv1
  Random Secret: { 3, 1, 82, 2, 69, 241, 210, 36, 175, 168, 76, 86, 170, 3, 158, 52, 89, 146, 84, 210, 223, 113, 212, 231, 129, 100, 177, 125, 116, 31, 97, 233, 150, 162, 161, 51, 168, 189, 14, 47, 83, 27, 67, 252, 172, 191, 102, 39 }
  main, WRITE: TLSv1 Handshake, length = 134
  SESSION KEYGEN:
  PreMaster Secret:
  0000: 03 01 52 02 45 F1 D2 24 AF A8 4C 56 AA 03 9E 34 ..R.E..$..LV...4
  0010: 59 92 54 D2 DF 71 D4 E7 81 64 B1 7D 74 1F 61 E9 Y.T..q...d..t.a.
  0020: 96 A2 A1 33 A8 BD 0E 2F 53 1B 43 FC AC BF 66 27 ...3.../S.C...f'
  CONNECTION KEYGEN:
  Client Nonce:
  0000: 43 FA 5A 48 0B 07 F2 93 86 0A 39 C0 89 83 BF F9 C.ZH......9.....
  0010: FD 92 E8 DF 92 C3 35 FF 79 EC B6 9E BF 5E 9C BE ......5.y....^..
  Server Nonce:
  0000: 43 FA 5A 00 7B A5 66 66 A9 C4 E5 F1 03 31 51 EF C.Z...ff.....1Q.
  0010: 53 9B D1 F3 EC E5 12 C1 E4 68 1B 98 E8 C1 AD 0B S........h......
  Master Secret:
  0000: 10 47 C2 16 13 58 4B 50 D3 D6 34 05 C8 C9 11 29 .G...XKP..4....)
  0010: AD 90 0D 8F 9B BD C8 C1 FC CD BC 26 ED FB 26 84 ...........&..&.
  0020: 04 0B 94 BC D2 4D 7D 71 E0 1E 08 10 59 38 B5 4E .....M.q....Y8.N
  Client MAC write Secret:
  0000: A5 66 C1 48 0E F1 18 2B 2B 7A F7 9B A4 6C D7 FA .f.H...++z...l..
  Server MAC write Secret:
  0000: 3B F5 04 FA AC 9C D7 ED 2E E7 36 44 80 FF 11 E2 ;.........6D....
  Client write key:
  0000: 7B 9F 56 A1 FC 3D BD 31 25 27 91 BB D0 66 66 0B ..V..=.1%'...ff.
  Server write key:
  0000: 2B 45 E2 19 E8 C8 61 5B 84 B8 94 76 A1 B4 9C 6E +E....a[...v...n
  ... no IV for cipher
  main, WRITE: TLSv1 Change Cipher Spec, length = 1
  *** Finished
  verify_data: { 110, 253, 95, 109, 150, 89, 93, 140, 108, 186, 172, 188 }
  main, WRITE: TLSv1 Handshake, length = 32
  main, READ: TLSv1 Change Cipher Spec, length = 1
  main, READ: TLSv1 Handshake, length = 32
  *** Finished
  verify_data: { 70, 219, 18, 202, 105, 203, 83, 220, 151, 174, 102, 125 }
  %% Cached client session: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  main, setSoTimeout(50000) called
  main, WRITE: TLSv1 Application Data, length = 96
  main, setSoTimeout(50000) called
  main, READ: TLSv1 Handshake, length = 20
  *** HelloRequest (empty)
  %% Client cached [Session-1, SSL_RSA_WITH_RC4_128_MD5]
  %% Try resuming [Session-1, SSL_RSA_WITH_RC4_128_MD5] from port 1130
  *** ClientHello, TLSv1
  RandomCookie: GMT: 1123703368 bytes = { 242, 6, 117, 127, 243, 197, 134, 82, 139, 54, 241, 243, 132, 22, 63, 136, 4, 180, 225, 8, 159, 55, 182, 105, 133, 226, 213, 167 }
  Session ID: {147, 24, 0, 0, 22, 29, 124, 158, 177, 166, 96, 36, 217, 32, 191, 41, 36, 217, 54, 244, 11, 56, 214, 139, 133, 140, 38, 132, 157, 77, 87, 77}
  Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
  Compression Methods: { 0 }
  main, WRITE: TLSv1 Handshake, length = 121
  main, READ: TLSv1 Handshake, length = 11432
  *** ServerHello, TLSv1
  RandomCookie: GMT: 1123703296 bytes = { 168, 158, 224, 186, 230, 77, 9, 24, 237, 106, 203, 158, 176, 252, 249, 167, 73, 173, 69, 178, 115, 34, 96, 179, 191, 230, 178, 160 }
  Session ID: {3, 27, 0, 0, 51, 252, 181, 131, 214, 28, 220, 247, 154, 175, 51, 237, 76, 111, 88, 78, 28, 105, 106, 114, 42, 51, 53, 144, 178, 93, 245, 127}
  Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
  Compression Method: 0
  %% Created: [Session-2, SSL_RSA_WITH_RC4_128_MD5]
  ** SSL_RSA_WITH_RC4_128_MD5
  *** Certificate chain
  chain [0] = [
  Version: V3
  Subject: CN=www.just-in-time-eft-paymap.com, OU=Paymap, O=First Data Corporation., L=San Francisco, ST=California, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: Sun RSA public key, 1024 bits
  modulus: 115897801846480906504507305240934762652258285705294305856746227593079520228602278416768070978663757452626836382370415992468189745643687252249588163510925353035555192020212360325664657305599855674966873189987712512397233103225326014387972568754281141553272745093478026229567341632738641376167448499163118598699
  public exponent: 65537
  Validity: [From: Mon Sep 12 11:37:51 PDT 2005,
                 To: Sun Nov 12 11:37:51 PST 2006]
  Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  SerialNumber: [    057aa7]
  Certificate Extensions: 5
  [1]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: FC 76 D2 8C C3 DE 0D 8F EA 32 26 60 83 C9 8B 9C .v.......2&`....
  0010: C6 E6 BB 57 ...W
  [2]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
  0010: 98 90 9F D4 ....
  [3]: ObjectId: 2.5.29.31 Criticality=false
  CRLDistributionPoints [
  [DistributionPoint:
  [URIName: http://crl.geotrust.com/crls/secureca.crl]
  [4]: ObjectId: 2.5.29.37 Criticality=false
  ExtendedKeyUsages [
  [1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
  [5]: ObjectId: 2.5.29.15 Criticality=true
  KeyUsage [
  DigitalSignature
  Non_repudiation
  Key_Encipherment
  Data_Encipherment
  Algorithm: [SHA1withRSA]
  Signature:
  0000: 44 D7 B0 69 BF B0 AA 4D 5A 17 70 9C 37 BA 61 A2 D..i...MZ.p.7.a.
  0010: 57 B4 34 85 6D 59 1F 82 72 34 9B 92 7D BD DF 27 W.4.mY..r4.....'
  0020: CE 97 E3 CA AE 23 5D 85 3C 1A C6 19 D1 49 C2 3F .....#].<....I.?
  0030: C6 E2 7E 97 8D 63 94 1E 04 AC 9F 5F 37 08 2A 96 .....c....._7.*.
  0040: 1A 47 D1 9D 69 0C 71 6A F3 74 1C FF 7D 20 E1 CA .G..i.qj.t... ..
  0050: 75 D0 45 84 2E 11 3C DD D4 73 25 38 76 27 E0 73 u.E...<..s%8v'.s
  0060: 70 AC 70 0F A5 E3 5B 9D 7E 0E AB 6A 79 07 18 38 p.p...[....jy..8
  0070: 5B A1 63 A2 89 8C 96 A1 50 36 4C D2 C6 D5 27 25 [.c.....P6L...'%
  Found trusted certificate:
  Version: V3
  Subject: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
  Key: Sun RSA public key, 1024 bits
  modulus: 135786214035069526348186531221551781468391756233528066061569654028671100866720352830303278016129003918213826297308054231261658522889438712013757624116391437358730449661353175673177742307421061340003741057138887918110217006515773038453829253517076741780039735595086881329494037450587568122088113584549069375417
  public exponent: 65537
  Validity: [From: Sat Aug 22 09:41:51 PDT 1998,
                 To: Wed Aug 22 09:41:51 PDT 2018]
  Issuer: OU=Equifax Secure Certificate Authority, O=Equifax, C=US
  SerialNumber: [    35def4cf]
  Certificate Extensions: 7
  [1]: ObjectId: 1.2.840.113533.7.65.0 Criticality=false
  Extension unknown: DER encoded OCTET string =
  0000: 04 0D 30 0B 1B 05 56 33 2E 30 63 03 02 06 C0 ..0...V3.0c....
  [2]: ObjectId: 2.5.29.14 Criticality=false
  SubjectKeyIdentifier [
  KeyIdentifier [
  0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
  0010: 98 90 9F D4 ....
  [3]: ObjectId: 2.5.29.35 Criticality=false
  AuthorityKeyIdentifier [
  KeyIdentifier [
  0000: 48 E6 68 F9 2B D2 B2 95 D7 47 D8 23 20 10 4F 33 H.h.+....G.# .O3
  0010: 98 90 9F D4 ....
  [4]: ObjectId: 2.5.29.31 Criticality=false
  CRLDistributionPoints [
  [DistributionPoint:
  [CN=CRL1, OU=Equifax Secure Certificate Authority, O=Equifax, C=US]
  [5]: ObjectId: 2.5.29.15 Criticality=false
  KeyUsage [
  Key_CertSign
  Crl_Sign
  [6]: ObjectId: 2.5.29.16 Criticality=false
  PrivateKeyUsage: [
  To: Wed Aug 22 09:41:51 PDT 2018]
  [7]: ObjectId: 2.5.29.19 Criticality=false
  BasicConstraints:[
  CA:true
  PathLen:2147483647
  Algorithm: [SHA1withRSA]
  Signature:
  0000: 58 CE 29 EA FC F7 DE B5 CE 02 B9 17 B5 85 D1 B9 X.).............
  0010: E3 E0 95 CC 25 31 0D 00 A6 92 6E 7F B6 92 63 9E ....%1....n...c.
  0020: 50 95 D1 9A 6F E4 11 DE 63 85 6E 98 EE A8 FF 5A P...o...c.n....Z
  0030: C8 D3 55 B2 66 71 57 DE C0 21 EB 3D 2A A7 23 49 ..U.fqW..!.=*.#I
  0040: 01 04 86 42 7B FC EE 7F A2 16 52 B5 67 67 D3 40 ...B......R.gg.@
  0050: DB 3B 26 58 B2 28 77 3D AE 14 77 61 D6 FA 2A 66 .;&X.(w=..wa..*f
  0060: 27 A0 0D FA A7 73 5C EA 70 F1 94 21 65 44 5F FA '....s\.p..!eD_.
  0070: FC EF 29 68 A9 A2 87 79 EF 79 EF 4F AC 07 77 38 ..)h...y.y.O..w8
  *** CertificateRequest
  Cert Types: RSA,
  Cert Authorities:
  <OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 1 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
  <CN=Sonera Class1 CA, O=Sonera, C=FI>
  <OU=VeriSign Trust Network, OU="(c) 1998 VeriSign, Inc. - For authorized use only", OU=Class 4 Public Primary Certification Authority - G2, O="VeriSign, Inc.", C=US>
  <CN=Staat der Nederlanden Root CA, O=Staat der Nederlanden, C=NL>
  <CN=VeriSign Class 3

  I have the same problem. I�m turning crazy working with certificates in mutual athetication!!!
  If someone has the solution to this problem, send a repy or at [email protected]
  Thanks in advance

• NoSuchAlgorithmException : Algorithm DESede not available

  Hi,
  Could any one tell me why this error comes
  The particular method which throws the Exception is
  SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DESede");
  The Exception stackTrace is
  java.security.NoSuchAlgorithmException: Algorithm DESede not available
  at javax.crypto.SunJCE_b.a(DashoA6275)
  at javax.crypto.SecretKeyFactory.getInstance(DashoA6275)
  at com.orbitech.armor.syncd.server.ArmorKeyTabFile.ReadKeyTabFile(ArmorK
  eyTabFile.java:173)
  at com.orbitech.armor.syncd.server.OracleRegistryPlugin.init(OracleRegis
  tryPlugin.java:210)
  at ArmorSystemServlet.processPrnInfo(ArmorSystemServlet.java:194)
  at ArmorSystemServlet.doPost(ArmorSystemServlet.java:137)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:826)
  at com.netscape.server.http.servlet.NSServletRunner.Service(NSServletRun
  ner.java:533)
  com.orbitech.armor.syncd.server.ArmorException: Error in Reading Keytab file
  at com.orbitech.armor.syncd.server.ArmorKeyTabFile.ReadKeyTabFile(ArmorK
  eyTabFile.java:212)
  at com.orbitech.armor.syncd.server.OracleRegistryPlugin.init(OracleRegis
  tryPlugin.java:210)
  at ArmorSystemServlet.processPrnInfo(ArmorSystemServlet.java:194)
  at ArmorSystemServlet.doPost(ArmorSystemServlet.java:137)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:733)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:826)
  at com.netscape.server.http.servlet.NSServletRunner.Service(NSServletRun
  ner.java:533)
  Im trying to use JCE api's in a servlet running under a iplanet ssl server. Also my classpath setting contains the jce jars as well.
  I am able to see very well the SunJCE provider and the algorithm are installed. The code I used too see them is
  System.out.println("Cipher algorithms : ");
  Object[] o = Security.getAlgorithms("Cipher").toArray();
  for (int i=0; i<o.length; i++) {
  System.out.println((String) o[ i ]);
  Cipher algorithms :
  BLOWFISH
  DESEDE
  PBEWITHMD5ANDTRIPLEDES
  DES
  PBEWITHMD5ANDDES
  System.out.println("MessageDigest algorithms : ");
  o = Security.getAlgorithms("MessageDigest").toArray();
  for (int i=0; i<o.length; i++) {
  System.out.println((String) o[ i ]);
  MessageDigest algorithms :
  MD5
  SHA
  System.out.println("Signature algorithms : ");
  o = Security.getAlgorithms("Signature").toArray();
  for (int i=0; i<o.length; i++) {
  System.out.println((String) o[ i ]);
  Signature algorithms :
  MD2WITHRSA
  MD5WITHRSA
  SHA1WITHDSA
  SHA1WITHRSA
  System.out.println("Mac algorithms : ");
  o = Security.getAlgorithms("Mac").toArray();
  for (int i=0; i<o.length; i++) {
  System.out.println((String) o[ i ]);
  Mac algorithms :
  HMACSHA1
  HMACMD5
  System.out.println("Keystore algorithms : ");
  o = Security.getAlgorithms("Keystore").toArray();
  for (int i=0; i<o.length; i++) {
  System.out.println((String) o[ i ]);
  Keystore algorithms :
  PKCS12
  JCEKS
  JKS
  System.out.println("Providers : ");
  Provider p[] = Security.getProviders();
  for(int i = 0; i<p.length; i++) {
  System.out.println( p.getName());
  Providers :
  SUN
  SunJSSE
  SunRsaSign
  SunJCE
  SunJGSS
  Thanks in advance
  regds........jp

  try this...it worked for me......
  put all four JCE jar files in the ext folder buried deep inside ur program files ...I have it in >> "C:\Program Files\Java\j2re1.4.1_02\lib\ext" folder .Now edit the file "C:\Program Files\Java\j2re1.4.1_02\lib\security\java.security" and add register ur provider by adding the line>> security.provider.2=com.sun.crypto.provider.SunJCE
  save the file and rerun the program..the exception should vanish..
  Sanjit R
  US Software Pvt Ltd
  Technopark,
  Trivandrum
  Kerala
  India

• Help: can't use class: Cipher, Signaure, MessageDigest

  Hi all,
  When I use these Class: Signature or SignatureMessageRecovery, MessageDigest, Cipher in my applet and when I send CreateApplet adpu to the applet, I get some error (SW1SW2=0x6444) and the CREF throw the Exception: SYSTEMEXCEPT_NO_TRANSIENT_SPACE.
  If I change the Signature algorithm to ALG_RSA_SHA_ISO9796_MR and
  cast the Signature Object to SignatureMessageRecovery, I get the same error.
  If I change the Signature algorithm to ALG_DES_MAC8_ISO9797_M2, the applet return success(SW1SW2=9000).
  somebody help me!~
  Thanks!
  code:
  private Signature signature;
  private MessageDigest digest;
  private Cipher cipher;
  private void initSecurityData(){
  digest = MessageDigest.getInstance(MessageDigest.ALG_SHA, false);
  signature = Signature.getInstance(Signature.ALG_RSA_SHA_PKCS1, false);
  cipher = Cipher.getInstance(Cipher.ALG_DES_CBC_ISO9797_M2, false);
  protected CreditCard(byte[] bArray, short bOffset, byte bLength){
  initSecurityData();
  byte aidLen = bArray[bOffset];
  if (aidLen == (byte)0){
  register();
  } else {
  register(bArray, (short)(bOffset+1), aidLen);
  }

  The file is saved as the class name.
  Here's what happens:
  C:\jdk1.2.2\bin>javac HelloWorld.java
  C:\jdk1.2.2\bin>java HelloWorld
  Exception in thread "main" java.lang.NoClassDefFoundError: HelloWorld
  Here's the code that I'm trying to get to run:
  The HelloWorld application program
  public class HelloWorld
       public static void main(String argv[])
            System.out.println("Hello World!");
  }

• How to decrypt an encrypted text file using  Algorithm SHA1withRSA .

  I have one encrypted file instance_demo_Encryp.xml and encrypted format is
  MIMVwmYGCSqGSIb3DQEHAqCDFcJWMIMVwlECAQExCzAJBgUrDgMCGgUAMIMVvzoG
  CSqGSIb3DQEHAaCDFb8qBIMVvyU8P3htbCB2ZXJzaW9uPScxLjAnIGVuY29kaW5n
  PSdVVEYtOCcgPz4NCjx4YnJsaTp4YnJsIHhtbG5zOnhicmxpPSdodHRwOi8vd3d3
  Lnhicmwub3JnLzIwMDMvaW5zdGFuY2UnIHhtbG5zOmxpbms9J2h0dHA6Ly93d3cu
  eGJybC5vcmcvMjAwMy9saW5rYmFzZScgeG1sbnM6eGxpbms9J2h0dHA6Ly93d3cu
  dzMub3JnLzE5OTkveGxpbmsnIHhtbG5zOnJlZj0naHR0cDovL3d3dy54YnJsLm9y
  Zy8yMDA0L3JlZicgeG1sbnM6eGJybGR0PSdodHRwOi8veGJybC5vcmcvMjAwNS94
  I want to decrypt and convert into original xml file.I am using below code but some error occurred javax.crypto.BadPaddingException: Data must start with zero.Please help
  import java.io.*;
  import java.math.BigInteger;
  import java.net.URLEncoder;
  import java.util.*;
  import java.security.AlgorithmParameters;
  import java.security.Key;
  import java.security.KeyFactory;
  import java.security.KeyPairGenerator;
  import java.security.KeyStore;
  import java.security.GeneralSecurityException;
  import java.security.MessageDigest;
  import java.security.PrivateKey;
  import java.security.PublicKey;
  import java.security.Signature;
  import java.security.cert.Certificate;
  import java.security.cert.CertificateFactory;
  import java.security.cert.X509Certificate;
  import java.security.spec.RSAPublicKeySpec;
  import java.security.spec.X509EncodedKeySpec;
  import javax.crypto.Cipher;
  import javax.crypto.CipherInputStream;
  import oracle.security.xmlsec.util.Base64;
  import sun.misc.*;
  //import org.bouncycastle.jce.provider.BouncyCastleProvider;
  //import org.bouncycastle.jce.*;
  public class EsignWithBC {
       public static final String KEY_STORE_PASSWORD = "password";
       public static void main(String[] args) {
             BASE64Encoder base64Encoder = new BASE64Encoder();
             BASE64Decoder base64Decoder = new BASE64Decoder();
            String record = null;
            char[] passwd = KEY_STORE_PASSWORD.toCharArray();
            String inputFileName = "webroot/cerFiles/instance_demo_Encryp.xml";
            try {
                 KeyStore keyStore = KeyStore.getInstance("PKCS12");
                 FileInputStream fis = new FileInputStream(
                           "D:\\eclipse_program\\xRnd\\WebRoot\\cerFiles\\AlicePFX.pfx");
                 keyStore.load(fis, passwd);
                 fis.close();
                 Enumeration aliases = keyStore.aliases();
                 while (aliases.hasMoreElements()) {
                      System.out.println(aliases.nextElement());
                 /*FileInputStream fin = new FileInputStream("D:\\eclipse_program\\xRnd\\WebRoot\\cerFiles\\Alice.cer");
                  CertificateFactory cf = CertificateFactory.getInstance("X.509");
                  Collection c = cf.generateCertificates(fin);
                  Iterator i = c.iterator();
                  while (i.hasNext()) {
                     Certificate cert = (Certificate)i.next();
                     System.out.println("***************************************************");
                     System.out.println(cert.getPublicKey());
                     System.out.println("***************************************************");
                  String filename= "D:\\eclipse_program\\xRnd\\WebRoot\\cerFiles\\Alice.cer";
                  FileInputStream fis1 = new FileInputStream(filename);
                  DataInputStream dis = new DataInputStream(fis1);
                  CertificateFactory cf1 = CertificateFactory.getInstance("X.509");
                  byte[] bytes = new byte[dis.available()];
                  dis.readFully(bytes);
                  ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
                  Key key = null;
                  while (bais.available() > 0) {
                     Certificate cert = cf1.generateCertificate(bais);
                     key = cert.getPublicKey();
                     System.out.println(cert.toString());
                 // EsignWithBC obj = new EsignWithBC();
                  //System.out.println(obj.createUrlFragment("alice's key","password","D:\\eclipse_program\\xRnd\\webroot\\cerFiles\\instance_demo_Encryp.xml"));
                  FileReader fr = new FileReader(inputFileName);
                      BufferedReader br = new BufferedReader(fr);
                      byte text[] = null;
                       //System.out.println(text.toString());
                 // Cipher cipher = Cipher.getInstance("SHA1withRSA");
                      KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
                      Signature sig = Signature.getInstance("SHA1withRSA");
                      Cipher rsaCipher = Cipher.getInstance("RSA");
                      String str = null;
                       byte[] cleartext1 = null;
                      rsaCipher.init(Cipher.DECRYPT_MODE, key);
                      System.out.println("********************************");
                      while ( (record=br.readLine()) != null ) {
                            text = base64Decoder.decodeBuffer(record);                         
                            cleartext1 = rsaCipher.doFinal(text);
                            //str = new String(cleartext1);
                            System.out.println(rsaCipher.doFinal(text));
                      System.out.println("********************************");
            } catch (Exception e) {
                 e.printStackTrace();
  }

  SHA1withRSA is a signature algorithm and not an encryption. If all you have is the signature then you can never get back the original document. The best you can do is to check that the signature is valid but for that you will need the original document and the public key of the person who signed the document.
  The code you post is not coherent and though I think can see what you are trying to do I am not willing to make guesses at this stage since it sounds like you are trying to do the impossible.