Cryptography!!!!!    cryptix provider

Similar Messages

• Exception "algorithm ARC4 is not available from Provider Cryptix "

  hi all
  i am developing the application in which i am using two encryption/decryption algorithms one is "RC4" and second is "AES(256 bit key)".
  1.first i am taking the credit card number from database which is in
  the encrypted format using 'RC4".
  2.After taking the Credit card number from database i am decrypting them using RC4.
  3. After decrypting them i am encrypting them using "AES(256 bit key") and putting the paymentid and encrypted credit card number in HashMap.
  For that i have written following classes
  RC4EncMemory.java ( which is taking encrypted credit card number from database ,decrypting them using "RC4" and then encrypting them using "AES")
  import java.security.GeneralSecurityException;
  import java.security.Security;
  import java.sql.*;
  import java.util.*;
  import java.util.HashMap;
  import javax.crypto.SecretKey;
  import cryptix.jce.provider.key.RawSecretKey;
  import cryptix.provider.Cryptix;
  public class RC4EncMemory
       DbAccess db=null;
       RC4EncMemory crypt=null;
       PreparedStatement pstmt=null;
       ResultSet rs=null;
       EncryptionPerformance per=null;
       AESEccryption aes=null;
       private String originalCCnumber=null;
       private int paymantid;
       private byte[] b;
       private byte[] aesencrypted;
       public RC4EncMemory()
       {db=new DbAccess();}
       public void selectAllCCNumber()
            HashMap allccnumber=new HashMap(1000);
            String qry =DbAccess.getPropertyValue("cedera.ccnumber.selectccnumberFromPayment");
            System.out.println(qry);
            try
            {rs=db.getResultSet(qry);
            if(rs!=null)
            {     crypt=getInstance();
                 while(rs.next())
                      System.out.println("In while");
                      paymantid=rs.getInt("paymentid");
                      b=rs.getBytes("ccnumber");
                      System.out.println("paymantid >>> " + paymantid);
                      originalCCnumber=DecryptCCNumber(b);
                      Security.removeProvider("RC4");
                      System.out.println("decrypted original >>> " + originalCCnumber);
                      aesencrypted=getAESEncryption(originalCCnumber);
                      //allccnumber.put(new Integer(paymantid),new String(originalCCnumber));
                 Set key=allccnumber.keySet();
                 Iterator i=key.iterator();
                 while(i.hasNext())
                 {System.out.println(" Payment id from HashMap " +(Integer)i.next());
                 System.out.println("Size of the HashMap: >>" + allccnumber.size());
            else
                 System.out.println("empty");
            allccnumber.clear();
            }catch(SQLException exp)
                           System.out.println("Exception in SQL" + exp);
                      finally
                           try{          rs.close();
                                     pstmt.close();
                                     db.conn.close();
                           }catch(Exception er){}
       public String DecryptCCNumber(byte[] encryptedCCNumber)
            {     String decrypted=null;
                 if(encryptedCCNumber!=null)
                 {decrypted = decrypt(encryptedCCNumber);
                 return decrypted;
       public String decrypt(byte data[])
            if(data == null || data.length == 0)
            return null;
            try
                 xjava.security.Cipher cipher = xjava.security.Cipher.getInstance("RC4", "Cryptix");
                 cipher.initDecrypt(rsaKey);
                 byte out[] = cipher.crypt(data);
                 return new String(out);
            catch(GeneralSecurityException se)
            { System.out.println("SecurityException in decrypt method: " + se);
            return null;
       public static synchronized RC4EncMemory getInstance()
            if(_rc4decryption == null)
                 Security.addProvider(new Cryptix());
                 _rc4decryption = new RC4EncMemory();
                 makeRC4Key();
            return _rc4decryption;
  private static void makeRC4Key()
  {          String seed = "CvMjSpVrGsTnAj";
            rsaKey = new RawSecretKey("RC4", seed.getBytes());
  public byte[] getAESEncryption(String originalCCNumber)
  {     aes=AESEccryption.getInstance();
       return aes.encrypt(originalCCNumber);
  public static void main(String args[])
       RC4EncMemory mem1=new RC4EncMemory();
       mem1.selectAllCCNumber();
       private static SecretKey rsaKey = null;
       private static RC4EncMemory _rc4decryption = null;
  In the above programs i am getting the output as follows
  output:-
  in while
  paymantid >>> 3338157
  decrypted original >>> 5856373015065936
  inside encrypt method
  Original Data----->5856373015065936
  Encrypted Data----->[B@3cc0bc
  after encryption of data
  In while
  paymantid >>> 3338169
  SecurityException in decrypt method: java.security.NoSuchAlgorithmException: algorithm ARC4 is not available from provider Cryptix
  decrypted original >>> null
  In while
  paymantid >>> 3338290
  SecurityException in decrypt method: java.security.NoSuchAlgorithmException: algorithm ARC4 is not available from provider Cryptix
  decrypted original >>> null
  my program is able to decrypt the only first credit card numbers using RC4 and then encrypt it using AES(as shown in bold above) but it is not able decrypt the rest of the credit card number from the database using "RC4" and it is throwing above exception regarding the "RC4" algorithm .
  can anybody tell me what is reason behind this exception? my guess is the we cann't use the two providers simultaneously.
  please anybody help me
  AESEccryption.java(which helps to encrypt the credit card number in AES using encrypt method )
  import java.security.GeneralSecurityException;
  import java.security.Security;
  import java.sql.*;
  import javax.crypto.spec.SecretKeySpec;
  import org.bouncycastle.jce.provider.BouncyCastleProvider;
  import cryptix.provider.Cryptix;
  public class AESEccryption
       AESEccryption cryptAES=null;
       AESEccryption cryptAES1=null;
       public AESEccryption(){}
       public static synchronized AESEccryption getInstance()
            {     if(_aesEncryption == null)
                      Security.insertProviderAt(new BouncyCastleProvider(),3);
                      //Security.addProvider(new BouncyCastleProvider());
                      //Security.addProvider(new Cryptix());
                      _aesEncryption = new AESEccryption();
                      makeAESKey();
                 return _aesEncryption;
       private static void makeAESKey()
                 String seed = "FFF3454D1E9CCDE00101010101010101";
                 int length=seed.length();
                 if(length!=32)
                 {     System.out.println("Key size must be 32 characters only");
                      System.exit(0);
                 skeySpec = new SecretKeySpec(seed.getBytes(),0,32,"AES");
  public byte[] encrypt(String data)
       {     if(data == null)
            return null;
            try
            {     System.out.println("inside encrypt method");
                 javax.crypto.Cipher cipher = javax.crypto.Cipher.getInstance("AES");
                 cipher.init(javax.crypto.Cipher.ENCRYPT_MODE,skeySpec);
                 byte out[] = cipher.doFinal(data.getBytes());
                 return out;
            catch(GeneralSecurityException se)
                 System.out.println("SecurityException: " + se);
            return null;
       public static void main(String args[])throws Exception
       {     AESEccryption aesenc=new AESEccryption();
            aesenc.selectAllCCNumber();
            if(flag)
                 System.out.println("Flag " + flag);
       private static SecretKeySpec skeySpec = null;
       private static AESEccryption _aesEncryption = null;
  Regards
  Pandurang
  Message was edited by:
  andylimp12
  Message was edited by:
  andylimp12
  Message was edited by:
  andylimp12

  Hi Nith,
  Previously I have changed the document dispostal time out to 1 year but the error still occurs.
  Now I change the document inline size from 64 KB to 27 MB (estimated max document size) and see how the LCES behaves.
  I suspect if document size is larger than document inline size then LCES will write to some temp file. After that, user does not process the task for a long time, e.g. 3 days. And during the 3 days, the unix system/ websphere auto clear the temp file. After 3 days when user accesses the task again, LCES will complain "document is not in sending server side any more" ....
  I refer to : http://blogs.adobe.com/livecycle/2008/10/livecycle_tuning_knob_default.html
  For the Document sweep interval, I think, it relates Watch Folder, not this error so I don't change it.
  Regards,
  Anh

• RSA with Cryptix: can encrypt but not decrypt? Please help.. :)

  Hi all,
  I've been trying to do RSA encryption/decryption using a pair of keys created with keytool. I've been able to encrypt some bytes, but when I attempt to decrypt the results immediately using the private key, I received the following exception:
  IllegalBlockSizeException: RSA: Cipher in DECRYPT state with an incomplete final block
  Please can anyone save me out of my misery and shed some light on this problem? Thanks a great deal in advance.
  Best Regards,
  Kenshin
  Here are the code snippets:
  // 1. imported APIs:
  import javax.net.ssl.*;
  import java.io.*;
  import java.security.*;
  import java.security.interfaces.*;
  import java.security.spec.*;
  import java.security.cert.*;
  import java.security.cert.Certificate;
  import javax.crypto.*;
  import javax.crypto.spec.*;
  import cryptix.provider.Cryptix;
  import xjava.security.Cipher;
  import xjava.security.CipherInputStream;
  import xjava.security.CipherOutputStream;
  import xjava.security.interfaces.*;
  import cryptix.provider.rsa.*;
  // 2. Getting the Public Key from the created cert:
  File certFile = new File("c:/keystore/jbossSSL.cer");
  FileInputStream certFileInStream = new FileInputStream(certFile);
  CertificateFactory cf = CertificateFactory.getInstance("X509");
  Certificate cert = (Certificate)cf.generateCertificate(certFileInStream);
  RSAPublicKey serverPublicKey = (RSAPublicKey)cert.getPublicKey();
  // 3. Doing the encryption:
  Security.addProvider( new cryptix.provider.Cryptix());
  Cipher cipherInstance = Cipher.getInstance("RSA/ECB/PKCS7", "Cryptix");
  CryptixRSAPublicKey vCryptixRSAPubKey = (CryptixRSAPublicKey) new RawRSAPublicKey(serverPublicKey.getPublicExponent());
  cipherInstance.initEncrypt(vCryptixRSAPubKey);
  System.out.println("String to be encypted: " + sRandomString);
  // Sample of what is printed: String to be encypted: 2201162506010696613
  ByteArrayInputStream clearTextInStream = new ByteArrayInputStream(sRandomString.getBytes());
  CipherInputStream cInStream = new CipherInputStream(clearTextInStream, cipherInstance);
  ByteArrayOutputStream cipherTextOutStream = new ByteArrayOutputStream();
  CipherOutputStream cOutStream = new CipherOutputStream(cipherTextOutStream, cipherInstance);
  byte[] buffer = new byte[8192];
  int length;
  while((length= cInStream.read(buffer))!=-1)
  cOutStream.write(buffer, 0, length);
  cOutStream.close();
  cInStream.close();
  cipherTextOutStream.close();
  clearTextInStream.close();
  String sEncodedString = new String(cipherTextOutStream.toByteArray());
  System.out.println("String encrpted: " + sEncodedString);
  // Sample of what is printed: String to encrpted: 2 2 01 1 6 25 0 6 01 0 6 96 6 1 3☺ ☻☻
  // 4. Getting the Private key from the keystore
  FileInputStream in = new FileInputStream("C:/keystore/jbossSSL.keystore");
  KeyStore catalinaKeyStore = KeyStore.getInstance("jks");
  catalinaKeyStore.load(in, "jbossSSL".toCharArray());
  RSAPrivateKey privateK = (RSAPrivateKey)catalinaKeyStore.getKey("jbossSSL", "jbossSSL".toCharArray());
  CryptixRSAPrivateKey vCryptixRSAPriKey = (CryptixRSAPrivateKey) new RawRSAPrivateKey(privateK.getPrivateExponent(), privateK.getModulus());
  cipherInstance.initDecrypt(vCryptixRSAPriKey);
  // 5. Doing the decryption:
  ByteArrayInputStream cipherTextInStream = new ByteArrayInputStream(sEncodedString.getBytes());
  cInStream = new CipherInputStream(cipherTextInStream,cipherInstance);
  ByteArrayOutputStream clearTextOutStream = new ByteArrayOutputStream();
  cOutStream = new CipherOutputStream(clearTextOutStream,cipherInstance);
  while((length= cInStream.read(buffer))!=-1)
  cOutStream.write(buffer, 0, length); >> exception thrown here
  cOutStream.close();
  cInStream.close();
  clearTextOutStream.close();
  cipherTextInStream.close();
  String sDecodedString = new String(clearTextOutStream.toByteArray());
  System.out.println("Stringdecrpted: " + sDecodedString);

  Here is working RSA example Maybe will help you. (may has a few typing errors becosu I rmoved some confidential data ;) )
  import java.util.*;
  import javax.swing.*;
  import java.io.*;
  import java.security.*;
  import javax.crypto.Cipher;
  import xjava.security.*;
  import cryptix.provider.Cryptix;
  import xjava.security.interfaces.CryptixRSAPublicKey;
  import xjava.security.interfaces.CryptixRSAPrivateKey;
  import xjava.security.KeyGenerator;
  import xjava.security.SecretKey;
  public class testcipher extends javax.swing.JFrame{
      /** Creates new test */
      public testcipher() throws Exception {
      * @param args the command line arguments
      public static void main(String [] args) throws Exception  {
          Provider pd = new cryptix.provider.Cryptix();
          Security.addProvider(pd);
          KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA", "Cryptix");
          kpg.initialize(1024, new java.security.SecureRandom());
          System.out.println("Generating key pair...");
          KeyPair kp = kpg.genKeyPair();
          System.out.println("Key pair generated...");
          xjava.security.Cipher cp = xjava.security.Cipher.getInstance("RSA/ECB/PKCS7", "Cryptix");
          cp.initEncrypt(kp.getPublic());
          FileInputStream fis = new FileInputStream("c:\\temp\\b2b\\index.htm");
          CipherInputStream cin = new CipherInputStream(fis, cp);
          FileOutputStream fout = new FileOutputStream("C:\\temp\\b2b\\enc.htm");
          CipherOutputStream cout = new CipherOutputStream(fout, cp);
          byte[] buffer = new byte[8192];
          int length;
          while((length=cin.read(buffer))!=-1)
              cout.write(buffer, 0, length);
          cout.close();
          cin.close();
          fout.close();
          fis.close();
          cp.initDecrypt(kp.getPrivate());
          fis = new FileInputStream("c:\\temp\\b2b\\enc.htm");
           cin = new CipherInputStream(fis, cp);
           fout = new FileOutputStream("C:\\temp\\b2b\\dec.htm");
           cout = new CipherOutputStream(fout, cp);
                  while((length=cin.read(buffer))!=-1)
              cout.write(buffer, 0, length);
          cout.close();
          cin.close();
          fout.close();
          fis.close();
  }

• Can't decrypt(RSA) with cryptix a string

  Hi,
  I'm trying to secure a login, psw in a webapp.
  When the user want to log i store in his session public and private key that i generat.
  public void setKeyRsa(
  HttpServletRequest request,
  HttpServletResponse response) {
       java.security.Security.addProvider(new cryptix.provider.Cryptix());     
  HttpSession sess = request.getSession();
  try {
  KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
  BaseRSAKeyPairGenerator rkpg = (BaseRSAKeyPairGenerator) kpg;
       SecureRandom source=new SecureRandom();
       rkpg.initialize();
  //rkpg.initialize(8,source);
  KeyPair kp = rkpg.generateKeyPair();
  sess.setAttribute("key", kp);
  } catch (NoSuchAlgorithmException e) {
  In the web page i crypt the login and the password by javascript with the public key. It seems to be ok.
  The probleme come when i want to decrypt. I receive from the user the 2 parameters login et password. They are String and when i want to decrypt them, the fonction crypt return an adr but with nothing on it.
  public String decryptStringRsa(String s, HttpServletRequest request) {
  String ret = null;
  HttpSession sess = request.getSession();
  KeyPair kp = (KeyPair) sess.getAttribute("key");
  RawRSACipher ciph = new RawRSACipher();
  try {
  ciph.initDecrypt(kp.getPrivate());
       byte t[]=s.getBytes();
  byte tab[] = ciph.crypt(t);
  ret = new String(tab);
  } catch (KeyException e) {
  System.out.println("descrypt:" + e);
  return ret;
  I think the s.getByte() don't make what i want him to make. the result tab[] have an adress but with 0 �l�ment on it. It Seems that my parameter t don't have the right format.
  480db8d8590d6d81 ->> an example of the format of the login crypted
  does the byte t[] must be like this
  t[0]=48 t[1]=0d t[2]=b8 t[3]=d8 t[4]=59
  or an other format?
  i'm using "cryptix32-20001002-r3.2.0.zip"
  please help me cause i'm becoming crazy.
  vodnok

  any help?
  Maybe the probleme come from the javascript encryption!!

• How to use a provider code without installing its package?

  Hi,
  I got a problem here.
  I found a security provider package named "cryptix" is what I need in my own software.
  My question is how to distribute it with my software?
  my app is a aaplet and I couldn't suppose all user machine have been installed this package before try my app.
  It is a simple question, I know.
  Thanks you all.
  greg

  You are writing an Applet right? If so you have a jar file that is downloaded when the applet runs that contains the applet code. You simply need to add an archive tag to your applet's HTML file which includes the cryptix jar. If you are using the Plug-in then you can set that jar to cache.
  The problem will be registering the cryptix provider with the security manager. I am not sure about this but I would imagine calling Security.addProvider() would throw an exception while running in an Applet sandbox.
  maybe I'm wrong but I would check before you get to far!

• Cryptix java.lang.ExceptionInInitializerError

  Hi again,
  I've changed my package to cryptix32 to avoid the java.lang security error I had with cryptix31.
  My code is:
  try {
  Security.addProvider(new Cryptix());
  catch (Exception e) {
  %>Eccezione: <%=e%><%
  java.lang.ExceptionInInitializerError
  java.lang.ExceptionInInitializerError at cryptix.provider.Cryptix.getVersionAsDouble(Cryptix.java:115) at cryptix.provider.Cryptix.(Cryptix.java:93) at jsp_servlet._ep.__cookie._jspService(cookie.jsp:46) at weblogic.servlet.jsp.JspBase.service(JspBase.java:33) at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1006) at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419) at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:463) at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6718) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3764) at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644) at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219) at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178) Caused by: java.lang.Exception: privileges unsupported at netscape.security.PrivilegeManager.enablePrivilege(PrivilegeManager.java:41) at cryptix.CryptixProperties.setProperties(CryptixProperties.java:443) at cryptix.CryptixProperties.(CryptixProperties.java:414) ... 15 more
  and if i refresh the page I get this error:
  java.lang.NoClassDefFoundError
  java.lang.NoClassDefFoundError at cryptix.provider.Cryptix.getVersionAsDouble(Cryptix.java:115) at cryptix.provider.Cryptix.(Cryptix.java:93) at jsp_servlet._ep.__cookie._jspService(cookie.jsp:46) at weblogic.servlet.jsp.JspBase.service(JspBase.java:33) at weblogic.servlet.internal.ServletStubImpl$ServletInvocationAction.run(ServletStubImpl.java:1006) at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:419) at weblogic.servlet.internal.ServletStubImpl.invokeServlet(ServletStubImpl.java:315) at weblogic.servlet.internal.WebAppServletContext$ServletInvocationAction.run(WebAppServletContext.java:6718) at weblogic.security.acl.internal.AuthenticatedSubject.doAs(AuthenticatedSubject.java:321) at weblogic.security.service.SecurityManager.runAs(SecurityManager.java:121) at weblogic.servlet.internal.WebAppServletContext.invokeServlet(WebAppServletContext.java:3764) at weblogic.servlet.internal.ServletRequestImpl.execute(ServletRequestImpl.java:2644) at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:219) at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:178)
  Thanks in advance.

  Hi,
  Thanks for your replies, to get around the permission problem, I had to login as SYS and do the following:
  call dbms_java.grant_policy_permission('REPORTER', 'SYS', 'java.security.SecurityPermission', '*');
  After doing this, the next road block was the missing path to the cryptix properties file and that was resolved by loading the entire cryptix jar file.

• Problem while loading a jar file into database

  Hi All,
  We are using Oracle 8.1.5 in Solaris. When I try to load a jar file into the database by using loadjava it gives the following error
  Error while processing jar cryptix32.jar
  Exception java.io.IOException: Load Java is unable to handle compressed entries: cryptix/provider/Cryptix.class
  loadjava: 1 errors
  Can anybody suggest anything to overcome this. Thanks in advance.

  <BLOCKQUOTE><font size="1" face="Verdana, Arial">quote:</font><HR>Originally posted by John Emmer ([email protected]):
  I presume you've tried creating the jar w/o compressing it? If not, and even if you didn't create the jar, then first unpack the jar into a directory and re-jar it without using compression.<HR></BLOCKQUOTE>
  Hi John,
  Thanks for your help. I unpacked the jar and rhen re-jared it with -0 (uncompress ) option. The above error is gone. But I am getting another problem. I am getting the following error for all the classes except the property files.
  Error while resolving class cryptix/cryptix/provider/cipher/Rijndael
  ORA-04043: object cryptix/cryptix/provider/cipher/Rijndael does not exist
  But the class is there in the jar. I am able to load single individual classes. Can anybody help me in this matter. Thanks in advance.

• Java 1.4 and AES Algorithm PLEASE HELP!!

  I hope this question has not already been asked. I have spent a long time searching the archives and documentation.
  I am attempting to migrate from jsdk1.3 to jsdk1.4 but have come up against the following problem.
  I need to create keys and encrypt files and was doing it by using the following:
  import java.security.*;
  import cryptix.provider.key.RawKeyGenerator;
  import xjava.security.KeyGenerator;
  And in my code am using:
  SecureRandom rnd = new SecureRandom();
  rnd.nextInt();
  RawKeyGenerator kg = (RawKeyGenerator)KeyGenerator.getInstance("AES","Cryptix");
  kg.initialize(rnd, 32);
  key = kg.generateKey();
  But I now get the following exception.
  Unexpected exception in IJCE_SecuritySupport.registerTargets()
  Please report this as a bug to <[email protected]>, including
  any other messages displayed on the console, and a description of what appeared to cause the error.
  java.lang.InternalError: Unexpected exception in IJCE_SecuritySupport.registerTargets()
  at xjava.security.IJCE.reportBug(IJCE.java:701)
  at xjava.security.IJCE_SecuritySupport.<clinit>(IJCE_SecuritySupport.java:138)
  at xjava.security.IJCE.findTarget(IJCE.java:498)
  at xjava.security.IJCE.getProviderInternal(IJCE.java:666)
  at xjava.security.IJCE.getClassCandidate(IJCE.java:446)
  at xjava.security.IJCE.getImplementationClass(IJCE.java:410)
  at xjava.security.IJCE.getImplementation(IJCE.java:367)
  at xjava.security.KeyGenerator.getInstance(KeyGenerator.java:152)
  at uk.co.sundayta.docsys.KeyManager.createNewKey(KeyManager.java:96)
  at uk.co.sundayta.docsys.KeyManager.createEncodedKey(KeyManager.java:110)
  at uk.co.sundayta.docsys.KeyManager.createKey(KeyManager.java:71)
  at uk.co.sundayta.docsys.KeyManager.run(KeyManager.java:62)
  at java.lang.Thread.run(Thread.java:536)
  The KeyManager error at line 96 mentioned above is in my code and is related to the snipit of code mentioned above.
  I need 1.4 as I need to use the new 1.4 plug-in on the clients to unencrypt the data.
  I have not sent an email to the address mentioned above as I assume it is a migration problem.
  I also had a message saying:
  Netscape security model is no longer supported.
  Please migrate to the Java 2 security model instead.
  I cannot do this as I need the java 1.4 plug-in for something else on the client. If I compile with 1.3 and run with 1.4 there seems to be an incompatibility problem.
  I would be grateful for any advice as I need to ship this soon.
  Thanks Andrew Mercer.

  Hi!
  I was trying to run some examples from the JXTA platform with jdk_1.3 (the classic HelloWorld), and got a very similar exception. The problem is I'm quite a newbie with JXTA and have no idea whatsoever about security in java, so I don't know what to do about it. I got the same messages about migrate the security model and report the whole thing as a bug, and I actually tried to send the message, but the address doesn't exist, so I'm stuck. If you've come across a solution or someone who might help, I would really like to know it! I copy below the text for the exception, in case it's helpfull to you somehow.
  Kind regards,
  Marta
  Text for the exception:
  java.lang.NoSuchMethodError
       at xjava.security.IJCE_SecuritySupport.registerTargets(IJCE_SecuritySupport.java:155)
       at xjava.security.IJCE_SecuritySupport.<clinit>(IJCE_SecuritySupport.java:134)
       at xjava.security.IJCE.findTarget(IJCE.java:498)
       at xjava.security.IJCE.getProvidersInternal(IJCE.java:638)
       at xjava.security.IJCE.getClassCandidate(IJCE.java:426)
       at xjava.security.IJCE.getImplementationClass(IJCE.java:410)
       at xjava.security.IJCE.getImplementation(IJCE.java:367)
       at xjava.security.Cipher.getInstance(Cipher.java:485)
       at xjava.security.Cipher.getInstance(Cipher.java:452)
       at xjava.security.Cipher.getInstance(Cipher.java:395)
       at COM.claymoresystems.crypto.PEMData.writePEMObjectPEMData.java:154)
       at COM.claymoresystems.crypto.EAYEncryptedPrivateKey.writePrivateKey(EAYEncryptedPrivateKey.java:109)
       at net.jxta.impl.endpoint.tls.PeerCerts.appendPrivateKey(PeerCerts.java:174)
       at net.jxta.impl.endpoint.tls.PeerCerts.genPeerRootCert(PeerCerts.java:137)
       at net.jxta.impl.endpoint.tls.PeerCerts.generateCerts(PeerCerts.java:457)
       at net.jxta.impl.endpoint.tls.TlsConfig.init(TlsConfig.java:185)
       at net.jxta.impl.peergroup.Configurator.configureTls(Configurator.java:265)
       at net.jxta.impl.peergroup.Configurator.<init>(Configurator.java:202)
       at net.jxta.impl.peergroup.Platform.init(Platform.java:252)
       at net.jxta.peergroup.PeerGroupFactory.newPlatform(PeerGroupFactory.java:210)
       at net.jxta.peergroup.PeerGroupFactory.newNetPeerGroup(PeerGroupFactory.java:284)
       at SimpleJxtaApp.startJxta(SimpleJxtaApp.java:91)
       at SimpleJxtaApp.main(SimpleJxtaApp.java:73)
  Unexpected exception in IJCE_SecuritySupport.registerTargets()

• Cannot export private key: "key not valid for use in specified state"

  Hi,
  This is a bit of a long story but I hope someone can give us some guidance.
  We use authentication certificates issued from our own Enterprise CA to control user and machine authentication via RADIUS/NPS for our wireless network.  Certificates are deployed via group policy/autoenrollment. In general this works well but
  we have an intermittent problem where user authentication stops working for a user who was fine before. The user certificate looks OK via Certmgr (shows as valid, shows that there is a private key associated with the certificate).  The NPS server
  logs show that the machine has been authenticated and granted access, but the user in this situation doesn't show up in the server logs at all. 
  The only solution in this case is to connect to the wired network and request a new certificate for the user (either via certmgr or just by deleting the duff cert and logging off/on again to get the cert via autoenrollment).
  The interesting thing is that while a "working" certificate can be exported with no problem, a duff certificate cannot be exported with its private key, giving the error "key not valid for use in specified state". (Obviously the certificates
  come from the same template, and the key is not marked unexportable).  The key files are present in %userprofile%\Appdata\Roaming\Microsoft\Crypto\RSA and the user permissions on these files look correct.
  After much searching of the forums I tried running certutil-repairstore on the duff certificate and that also returned the same error.  I also tried an undocumented switch Certutil -user -key -v and again, got a very similar error "Loadkeys returned
  key not valid for use in specified state. 0x8009000b (-2146893813)".
  I'm assuming that the fact that the key is unexportable/corrupt is also the reason why the certificate can no longer be used for authentication.
  Does anyone have any clues as to what might be causing this, and/or if a certificate with a key in this state can be repaired?
  Thanks!

  I can just share an experience I once had that was somewhat similar:
  In this case certificates could sometimes not be enrolled and the CSP came up with a related error message.
  The root was the software / driver (?) for a hardware dongle required to run some software. This "driver" added a registry key to the list of CSPs (under these HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider - but I have seen this with
  XP, so the exact location might be different now).
  This fake CSP entry that had quite a weird name effectively broke other CSPs. After removing the access to / generation of keys worked fine.
  So it would be interesting to know if you run some software that is "close to CSPs or cryptography".
  Elke

• Script issue,Java install from script, push out to servers.

  this is a non standard install for Java that has to be installed from a script.  basically this script will run against a given amount of servers, stop the required services ( pertains to the application that requires Java on the server), uninstall
  java, install java, configure java with correct parameters and security permissions then lastly output a log file to the server that is running the script (folder) of each server .  each server will have thier own text file.   so two issues first
  java uninstalls but does not install due to a permissions error, and the other  issue that is occuring is there should be a log file for each server the
  log file will have the server name as the file namey, the script will look at the server list and run the code on that server so basically the script
  will run at the same time on all the servers, and create log file for each server and put in the folder i designate.  - this is not occuring based on the Powershell script below. what parameter is missing below. thanks
  $user = Read-Host 'Username:'
  $pass = Read-Host 'Password:'
  $result = "D:\Temp\" + $env:COMPUTERNAME +"_JavaUpdate.log"
  $copyfinal = "\\wsive005pap\d$\BatchFiles\Java_Update\"
  #Stop NCSB and Tomcat Services
  Stop-Service Tomcat7
  Stop-Service "NuanceCSB"
  #Uninstall Java
  Get-WmiObject -Class win32_product | ? {$_.Vendor -like "*Oracle*"} | % {msiexec /x "$($_.IdentifyingNumber)" /qn | Out-Null}
  Start-Sleep -s 120
  "Java 7 Uninstalled" | Out-File $result -append
  #Install Java
  $JRE = "D:\Installations\NVP 4.0 Install\jre-7u76-windows-i586.exe"
  & $JRE /s INSTALLDIR=D:\Apps\Progra~1\Java\jre7\ /l D:\Temp\javainstall.log | Out-Null
  Start-Sleep -s 240
  "Java 7 Installed" | Out-File $result -append
  #Configure Java
  $pattern = "security.provider.10=sun.security.mscapi.SunMSCAPI"
  $javasec = "D:\APPS\Program Files (x86)\Java\jre7\lib\security\java.security"
  $viecore = "security.provider.11=cryptix.provider.Cryptix"
  (Get-Content $javasec) |
      Foreach-Object{
          if($_ -match $pattern)
              $_ 
              $viecore
          } else {
              $_ 
       } | Set-Content $javasec
  "Java Configured" | Out-File $result -append
  #Start NCSB and Tomcat Services
  Start-Service Tomcat7
  Start-Service "NuanceCSB"
  #Updating log files and push to the central server
  $javaver = gci "D:\APPS\Program Files (x86)\Java\jre7\bin\java.exe"
  $tomcatver = "D:\APPS\Program Files (x86)\Apache Software Foundation\Tomcat 7.0_Tomcat7\lib\catalina.jar"
  "*****Check Java and Tomcat Version*****" | Out-File $result -append
  & $javaver -cp $tomcatver org.apache.catalina.util.ServerInfo | Out-File $result -append
  "*****Check Services Started*****" | Out-File $result -append
  Get-Service | Where-Object {$_.Name -eq "NuanceCSB"} | Out-File $result -append
  Get-Service | Where-Object {$_.Name -eq "Tomcat7"} | Out-File $result -append
  "*****Check Java Security File*****" | Out-File $result -append
  Select-String -Path $javasec -Pattern "cryptix" | Out-File $result -append
  "*****Print log file for CTI connections*****" | Out-File $result -append
  Get-Content "D:\APPS\NuanceCSB\logs\stdout.log" | Out-File $result -append
  "*****Print log file for connector*****" | Out-File $result -append
  Get-Content "D:\APPS\NuanceCSB\logs\CSB.log" | Out-File $result -append
  NET USE \\wsive005pap\d$ $pass /user:CORP\$user
  Copy-Item $result $copyfinal
  NET USE \\wsive005pap\d$ /delete

  Hi Gow,
  I would like to know how did you deploy the .ps1 script on remote computers like using task scheduler or something else, please make sure the user account you used to run this script on every server has enough permission.
  According to your script, it will produce a log file under "D:\Temp\" and this file will be copied to the destination
  \\wsive005pap\d$\BatchFiles\Java_Update\, please check the username and the password, and also make sure the folder exist before copy, then test the script below separately:
  $user = Read-Host 'Username:'
  $pass = Read-Host 'Password:'
  $result = "D:\Temp\" + $env:COMPUTERNAME +"_JavaUpdate.log"
  $copyfinal = "\\wsive005pap\d$\BatchFiles\Java_Update\"
  Get-Content "D:\APPS\NuanceCSB\logs\stdout.log" | Out-File $result -append
  Get-Content "D:\APPS\NuanceCSB\logs\CSB.log" | Out-File $result -append
  NET USE \\wsive005pap\d$ $pass /user:CORP\$user
  get-item \\wsive005pap\d$\BatchFiles\Java_Update\
  Copy-Item $result $copyfinal
  NET USE \\wsive005pap\d$ /delete
  If there is anything else regarding this issue, please feel free to post back.
  Best Regards,
  Anna Wang
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Problems with corba initialisation due to migration from plug in 1.3 to 1.4

  Hi all.
  We're attempting to debug an internet banking applet used by our company. This applet was written to run under JRE 1.3, however due to business requirements our company has upgraded to JRE 1.4. Under the 1.4 JRE, the applet no longer starts up cleanly, due to an exception that is thrown during CORBA initialisation :
  org.omg.CORBA.INITIALIZE: org.omg.CORBA.INITIALIZE: Unable to create a ClientInterceptor because of:
  java.security.NoSuchProviderException: JCE cannot authenticate the provider Cryptix 
  vmcid: 0x0  minor code: 0  completed: No  vmcid: 0x0  minor code: 0  completed: No
       at com.visigenic.vbroker.orb.ORB.installServices(ORB.java:881)
       at com.visigenic.vbroker.orb.ORB.initialize(ORB.java:829)
       at com.visigenic.vbroker.orb.ORB.set_parameters(ORB.java:950)
       at org.omg.CORBA.ORB.init(Unknown Source)
       at za.co.sbic.main.LogonIIOP.run(LogonIIOP.java:88)
       at java.lang.Thread.run(Unknown Source)The Cryptix provider that the applet uses is an old unsigned version, and the Cryptix website appears to be unmaintained. To this end, we acquired a Java Code Signing certificate and signed the cryptix provider with our certificate (in order to render it usable in the 1.4 JCE). However, even with the signed jarfile, the above exception remains. I have tried moving the provider jarfile into /lib/ext, but I still get the same exception. Also, the development division of the bank that wrote the applet currently has no plans to port it to java 1.4
  If anyone could suggest a reason for the above exception, or other avenues I could pursue, I would be grateful.
  Thanks
  Jeremy

  U need to add this provider statically in <java_applet_home>/jre/lib/security/java.security file the following property
  security.provider.n=cryptix.provider.Cryptix (n can be any number from 1 and in jdk1.4 there are already 5 providers, so n might be 6 unless u have add/deleted some providers.
  To add a provider dynamically instead of static,
  java.security.Security.addProvider(new cryptix.provider.Cryptix());
  this piece of java code will help.
  One more tip might help.which lib/ext directory did u put the jar file? if you are on windows, there is a possibilty of more than one jvms in ur system.
  let me know if this works out r u need further help.

• Java 6 Update 13 breaks crypto?

  I have an app which has been running successfully in production for over 5 years. I do some minor encryption of user information in a disk file, using the Cryptix library. I initialize the library like this:
  java.security.Security.addProvider(new cryptix.provider.Cryptix());
  Cipher alg = Cipher.getInstance("Blowfish", "Cryptix");
  This has always worked fine until this week. One of my users upgraded to Java 6 Update 13, at which point the second statement started throwing an exception:
  netscape.security.ForbiddenTargetException: There is no security target with name "GetSecurityProviders"
  at xjava.security.IJCE_SecuritySupport.findTarget(IJCE_SecuritySupport.java:237)
  I'm not a crypto expert, so I'm a little baffled at what could have changed and how to track it down. Any ideas? Thanks in advance.

  I've never done any work with Cryptix, but it looks like Cryptix hasn't updated their code since 2005 (http://www.cryptix.org/), so it's not likely they themselves have tested their library with newer versions of the JDK.
  Have you thought about just replacing your provider with BouncyCastle (which supports PGP-style formats) as a "plug-in" replacement for Cryptix? BC definitely works with JDK6U13.

• Can't use package

  I've downloaded the cryptix 3 package.
  For some strange reason my test file (all it does is:
  cryptix.provider.cipher.IDEA idea = new cryptix.provider.cipher.IDEA(); )
  compiles, but when I try to run it it throws an exception:
  java.lang.NoClassDefFoundError: cryptix/provider/cipher/IDEA
  (the same happens when I try to create instances of other classes).
  Does anyone know how to solve that?
  (The proghram compiles, so it does recognize the class...)

  Send me code, please!!!!!!!!!!

• Command to find whether CA keys are Exportable or Non-Exportable ?

  Hi All,
  I have Microsoft PKI setup which is using the Microsoft cryptography service provider and i am able to list the keys of my CA but is there a command which will show me whether the CA keys are exportable or not exportable.
  Thanking you in advance. 
  Puneet Singh

  Thanks Brian 
  So i have another question i did a plain implementation of Microsoft CA what should i do to make while installting the CA so that the private key of my CA is not exportable ?
  Puneet Singh
  you don't want this unless you are using HSM. Any disk drive failure for software-based keys == you lost your CA.
  Vadims Podāns, aka PowerShell CryptoGuy
  My weblog: en-us.sysadmins.lv
  PowerShell PKI Module: pspki.codeplex.com
  PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
  Check out new: SSL Certificate Verifier
  Check out new:
  PowerShell File Checksum Integrity Verifier tool.

• Renew CA Certificate with Different CSP (or KSP)

  Folks, is there a way to specify a different CSP (or KSP) when performing a renewal of a CA certificate.  The requirement I have is to move from an older 32-bit CSP to a KSP - whilst there may be some trick approach to doing this using utilities provided
  by the HSM people, we'd be quite happy to use the renewal process to "manage out" the old CSP.
  There doesn't appear to be any opportunity when running the "wizard" to renew the CA certificate... neither is there anything in the CAPolicy.inf.
  I was thinking about using certreq, but then I don't know what "magic" that would omit compared to running the renewal with the wizard.
  Any ideas? Cheers

  Using the GUI you can select to renew or request new cert, but you must opt to use a new key in order to specify the CSP.
  Likewise, you could do so using certreq and specify the ProviderName & ProviderType values in the request.inf file.  You can get the appropriate values from:
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\Defaults\Provider\CSP_NAME
  When the CSP is selected look for the DWORD "Type" for the numerical value to put in for the ProviderType value.
  I haven't tested it & am not sure if it would actually work using certreq, but you might be able to do a renewal with the same key RenewalCert = CertId, UseExistingKeySet = TRUE.  The key strength would need to be the same (since you would be using
  the existing key of whatever strength it is).  Certreq handles a few things a little bit more out-of-band so its a little tougher to track things, but due to that you can sometimes bend the rules that the GUI inflicts.