Deleted the public/private keys installed by iPCU & untrusted the certs

Similar Messages

• Public/private keys

  How to create a private/public keys?
  Fred

  Hi Fred,
  Following are the steps required are to create a Public/Private Keys:
  1. Load the security provider (if not configured in $JAVAHOME/jre/lib/security/java.security)
  2. Obtain a handle to a secure random number generator.
  3. Obtain a handle to KeyPairGenerator for a specific public key algorithm.
  4. Generate the public/private key pair
  5. Extract the public and private keys
  The following example shows how to generate public and private keys using the KeyPairGenerator and KeyPair interfaces using JCSI's security provider.
  import java.security.*;
  // Load JCSI's JCA security provider
  Security.addProvider(new com.dstc.security.provider.DSTC());
  // Seed random number generator using the default seeding
  // "SHA1PRNG" = SHA1 Pseudo-random number generator
  SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
  // Initialise KeyPairGenerator to create 1024-bit RSA keys.
  // PK Algorithm = "RSA", Security Provider = "DSTC" (Wedgetail)
  KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "DSTC");
  keyGen.initialize(1024, random);
  // Generate RSA pulic/private key pair
  KeyPair keyPair = keyGen.genKeyPair();
  // Extract public and private keys
  PrivateKey privKey = keyPair.getPrivate();
  PublicKey pubKey = keyPair.getPublic();
  Hope this will help you.
  Regards,
  Anil.
  Techncial Support Engineer.

• Error while creating folder inside the Public & Private Folders

  Dear Gurus,
  I am trying to create a new folder under Public & Private folder. But system is giving the error as " Please enter complete document key. Rollback was unsuccessful; the document is not assigtned to the folder."
  But system is creating the folder outside the Public & Private folder.Created folder is visible only in the serach result. I am not able to delete the folder also from the serach result.
  Request your inputs on how can I solve this issue
  Regards
  Damodar Pai

  Dear Gurus,
  Problem got solved. There is one more table DOST which is linked to DRAW & DRAT. We deleted the vales of DOST & tried. It is wokring now.
  Thanks for your precious inputs.
  Regards
  Damodar Pai
  Edited by: damspai on Aug 25, 2009 9:37 AM

• Is a Public/Private Key Pair possible in SAP?

  I have a web service that I would like to run as part of a nightly script. I currently use username/password authentication, but it is not acceptable to have them hard coded, due to Sarbanes-Oxley rules. SAP's site claims to support authentication with x.509 certificates, but is unclear on the implementation details. How could I go about setting up and using a public/private key pair in SAP?

  Not really a portal question, and maybe you'll get a better result in a security forum...
  However, briefly, yes, the AS Java supports X509 certificates as an authentication mechansm. You need to use Visual Admin to generate a server side certificate, then you need the client side to register its own X509 certificate and then in the Java user admin you need to associate the client certificate with a known user. Now when the client executes the web service call it can pass the certificate and the AS Java will back translate the certificate to a real username.

• How does a public/private key encrypt and decrypt each other?

  I understand the logic that when a communication takes place both parties pass their public keys to each other which is used to encrypt all messages. Once the party receives the messages the private key is used to decrypt them however I'm wondering how a private key is generated from a public key. If the private key is based on an algorithm wouldn't each party be able to generate what the other person's private key would be based on the public? Wouldn't a third party?

  How the public and private keys are generated depends on what public key cryptosystem is being used, but in general the private key cannot be derived from the public with a computationally feasable algorithm, while the public key can be derived from the private key very quickly. Two examples:
  RSA: private keys are 2 primes, p and q, and an encryption exponent d. Public key is the product p*q, and an encryption exponent e. How does the attacker get p and q, or d, from n and e? The best attack known against this (for properly chosen p, q, and d) is factoring. Factoring can be made infeasable by choosing the primes to be large enough.
  Diffie-Hellman: a prime modulus p and a base g < p is known by everyone (including the attacker). The private key is an integer x chosen randomly, 2 <= x < p-1 (there are better ways to choose x). The public key is g^x mod p. How does the attacker get x from g^x mod p? Again, the best known attack is one that is computationally roughly equal to factoring a composite number of about the size of p.

• Generate public private keys inside smart card

  Dear all,
  I am using this code to generate public and private key inside the smart card.
  KeyPair kp = new KeyPair(KeyPair.ALG_RSA_CRT, KeyBuilder.LENGTH_RSA_512);
  kp.genKeyPair();
  PrivateKey prikey = kp.getPrivate();
  PublicKey pubkey = kp.getPublic();
  This code is executing without errors.
  I need to get out the public key from the smart card. So I need to get public key to a byte array.
  But I can't get those keys to plain text byte array.
  The methods that I can get for pubkey object are
  pubkey.clearKey();
  pubkey.equals(obj);
  pubkey.getSize();
  pubkey.getType();
  pubkey.isInitialized(); only these.
  I am using
  Eclipse Version: 3.4.1 (Compiler complience level = 1.4)
  Jcop plugin (to communicate with the actual card and to test the java code in virtual card provided by JCOP)
  OmniKey5321 card reader (In contactless type)
  What is the reason to get only those above methods to pubkey object? Is it a version problem?
  How can I get the public key to plain byte array? Is it possible?
  If it is not possible Is there a way to get public key as a export certificate or something other solution?
  If my scenario is not a possible strategy, How can I use public private keys to send specific data to applet? Is there a better way to do this?
  Edited by: 863766 on Jun 6, 2011 12:16 AM

  Thank you very much!
  I used this code
  RandomData rand = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
            short lenBytes = (short) (KeyBuilder.LENGTH_DES/8);
            byte[] buffer = JCSystem.makeTransientByteArray(lenBytes,JCSystem.CLEAR_ON_DESELECT);
            DESKey key = (DESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_DES , KeyBuilder.LENGTH_DES,false);
            rand.generateData(buffer, (short) 0 ,lenBytes);
            key.setKey(buffer, (short) 0 ) ;
            byte keyData[]= new byte[256];
            key.getKey(keyData, (short) 0);
  Now I know how to initialize the key...
  Thank you again.
  Regards,
  Dushantha
  Edited by: 863766 on Jun 6, 2011 3:52 AM

• Having multiple CAs share the same private key

  We are developing a system which implements an HA cluster across two separate geographical locations.
  Each site will have several Windows Server 2012 machines and at least one DC, and we basically have to do a master-master replication between the two sites.
  The entire system will be under a single domain.
  We will be deploying AD CS since some of our sub-systems need certificates,
  but we want to limit the variety certificate to just one (i.e. we want all CAs to issue identical certificates).
  To do that, we have to setup AD CS so that all the DCs (both intra-site and inter-site) share the same private key.
  Is it possible to have all DCs in a domain to share a single private key?
  This article on TechNet suggests that we can do it within a cluster,
  https://technet.microsoft.com/en-us/library/cc742450%28v=ws.10%29.aspx
  but we are not sure if we can do it across different sites.
  Any advice and comments are highly appreciated.
  Wanko

  Hi Wanko,
  Its not much clear what you mean by "DCs to have single private key".
  However as per the article it indicates that you can use the same (SAN) certificate on both servers (nodes) of the cluster, the certificate SN will be the common clustername.
  This is common when you are using clustering or load-balanced system which requires you to have a common name, but individual nodes.
  Basically if you want to use single private key for the HA nodes, use the same certificate across all the nodes, that would be generated on the first node(generally). You don't need to issue identical certificates(this will not work as per my understanding)
  CA First Node: Export the Cert
  On the Welcome page of the CA Backup Wizard, click Next. Select
  Private key and CA certificate, and provide a directory name where you want to temporarily store the CA certificate and optionally the key. Click
  Next.
  Provide a password to protect the CA key, click Next, and then click
  Finish.
  CA Second Node: Import the Cert
  Open the Certificates snap-in for the computer account.
  In the console tree, double-click Certificates (Local Computer), and click
  Personal.
  On the Action menu, click All Tasks, and then click
  Import to open the Certificate Import Wizard. Click Next.
  Enter the file name of the CA certificate that was previously created on the first node, and click
  Next. If you click Browse to find the certificate, change the file type to
  Personal Information Exchange (*.pfx,*.p12).
  Type the password that you have previously used to protect the private key. The password is required even if there is no private key in the .pfx file. Do not mark this key as exportable. Click
  Next.
  Place the certificate in the Personal certificate store, and click
  Next. To complete the certificate import process, click
  Finish, and then click OK.
  Secondly I don't get what do you mean by: "we basically have to do a master-master replication between the two sites."
  Please note a Cluster can only run a single instance of Certificate Services. A failover cluster of any size can be used to provide a high availability environment for certificate services. However, Microsoft does not support more than one instance
  of certificate services on a cluster.
  References:
  Overview of CA Clustering-2003
  Active Directory Certificate Services (AD CS) Clustering - Requirements-2012
  Regards,
  Satyajit
  Please“Vote As Helpful”
  if you find my contribution useful or “MarkAs Answer” if it does answer your question. That will encourage me - and others - to take time out to help you.

• Ssh with two or more private keys using ~/.ssh/config read the wrong private key

  Hi,
  I have created a config file in ~/.ssh/ to be able to connect to remote sites using different private keys per site.
  The problem is when I try to connect to any of them ssh reads the wrong private key dispite of the configuration in ~/.ssh/config file.
  For example:
  Host vps
     Hostname x.x.x.x
    User guesswho
     IdentityFile vps.pk
  Host home
    Hostname y.y.y.y
    User home
    IdentityFile home.pk
  >ssh -v vps ( connects using home.pk)
  >ssh -v -i ~/.ssh/vps.pk ( connects using home.pk)
  I tried it on a Ubuntu 10.04.3 LTS using same config file and keys (openssh-server 1:5.3p1-3ubuntu7) and it worked as expected.
  Any help would be appreciated.
  zcookie

  My question is do I have to create a separate private key from my imac or can I just copy the private key from my macbook?
  Do you have to create separate private keys? No, but there are reasons why you might want to.
  The biggest one is the fact that if any key is compromised, they are all compromised (since they are the same). Say, for example, your MacBook is lost or stolen. You really should consider disabling the MacBook's key from authorized_keys to prevent the finder/thief from getting into your server. If that one key is shared by multiple hosts, though, you're going to lock out all the other hosts as well, even though they haven't been affected.
  Having separate keys per client lets you nix just the key for the MacBook (or whichever machine) without impacting the other machines' ability to connect.
  Other than the trivial amount of work it takes to create a private key there's really no overhead in having unique keys per client machine. If, however, you really want them to be the same, knock yourself out

• I get the following message when installing 11.0.5 "The feature you are trying to use is on a network resource that is unavailable" for windows install

  I get the following message when installing 11.0.5 "The feature you are trying to use is on a network resource that is unavailable" for windows install

  I just found a way to get Fixit to Run.  Go to http://support.microsoft.com/fixit/ and then pick "Install or upgrade software or hardware" and run Fixit from the "Run" button on the webpage.  I just picked run, instead of save, and ran it directly from the web page for each of the apple software.  If the window doesn't come up full size, hit "Tab" twice and then "Return".  You'll be able to see the prompts from there.  Have it attempt to uninstall iTunes on its own.  Repeat the process for any of the other Apple products, including Bonjour and iCloud.  Then, go to the iTunes website and install from there.  I had a downloaded copy and installed from there, but it came up with an error about missing the apple help, or something like that.  It allowed me to uninstall, and I reinstalled direclty from the website, and it all works now.

• AirPort Utility 5.6 for Mac OS X Lion The installer will not install because it states the OS is not supported. I have the latest

  AirPort Utility 5.6 for Mac OS X Lion The installer will not install because it states the OS is not supported. I have the latest

  Part of your message was not included. Can you re-post with details again please?

• After upgrading to 3.6.8 none of the plugins load even though there are updates available. The updates will not install and even though the error states to look at the console error log there are no errors listed in the log.

  After upgrading to 3.6.8 none of the extensions load even though there are updates available. The updates will not install and even though the error states to look at the console error log there are no errors listed in the log. All extensions are listed in Addons>Extensions.
  == This happened ==
  Every time Firefox opened
  == Upgrading to newer Firefox version (3.6.8)

  I have been having the same issue for the last two weeks. No real indication as to why it ever began other than I had turned off my router and Airport Extreme Base Station off for a weekend while I was away from my place.
  iPad, iPhone, iPod Touch, all have no issues at all with my Airport Extreme Base Station. Can stay connected throughout my living room, bathroom, bedroom, no issues whatsoever.
  My 5 month old MacBook Pro 2.66 GHz Core i7 Airport is sometimes perfect, able to connect, DHCP, and browse without issue. Then, for no reason, I won't be able to join my wireless network, or when I can join, I can't pick up an IP address. And then it will connect, pick up and IP, and then it won't browse. No real rhyme or reason to when this will happen, or when it works.
  I thought that it was an issue with my MacBook Pro, but then my sister visited with her brand new MacBook Pro 2.26 Intel Core 2 Duo, and while a month ago she was able to connect, DHCP, and browse without issue, this weekend she had all of the same issues I was having.
  My XBOX 360 and MacBook Pro have absolutely no issues with the wired connection. Only my WAN seems to have this issue.
  Did you ever find anything more to this?

• I cannot type a capital i using the left shift key. also keyboard now putting the cursor in a different place than where i type. Checked speech keys, all fine. Batteries fine.

  i cannot type a capital i using the left shift key. also keyboard now putting the cursor in a different place than where i type while i am typing. Checked speech keys, all fine. Batteries fine. Also used the keyboard check program on the imac, shows key ok.
  wireless mouse will suddenly scroll down horizontally and won't stop. when i am on a webpage it will bounce back to the previous page without my doing so. i have tried adjusting the mouse several times, turning it on and off, and now am using my wacom mouse which also seems to have issues with this computer.  i have only had this a few months and getting very frustrated.

  Can you try a different keyboard to see if the problem persists? Also, you have 90 days of phone support when you buy a mew mac.

• Acrobat 9 Pro / Files with public+private key security

  Hi,
  I'm working at a Software Company. We want to create the Help Documents for our Software in PDF.
  We want to take care, that those PDF documents cannot be opened without our Software.
  My idea is to certificate the PDFs with a public key and the private key is hidden in our program.
  I tested a lot and read the manual, but it doesn't work.
  Thanx for some hints.
  Greetings,
  Sven
  Sorry for the lousy English, I'm from Germany.

  You might be able to write some JavaScript to solve the problem, but even in that case you need to be aware that the security of PDFs are not all that secure, particularly if one uses a 3rd party reader. Apparently several of them ignore the PDF security settings and open the PDF anyway. I do not know if that would occur if the PDF were encrypted in some way.
  So much for giving a spin on the topic. Good luck.

• Install could not create the folder /private/tmp/install teamviewer

  While trying to install teamview I receive the follow message "Installer could not create folder /private/tmp/install teamviewer" does anyone have a solution on what i may be doing wrong.

  While trying to install teamview I receive the follow message "Installer could not create folder /private/tmp/install teamviewer" does anyone have a solution on what i may be doing wrong.
  The Unix /tmp directory (/tmp is a symlink to /private/tmp) is suppose to allow full access to everyone.  It is a place for a process to create temporary files and directories.
  So if you cannot create a file or directory there, I would wonder if it has the correct permissions.  I have:
  Mavericks: drwxrwxrwt  17 root  wheel  - 578 Oct 17 20:40 /private/tmp/
  Lion:          drwxrwxrwt  11 root  wheel  - 374 Oct 17 20:41 /private/tmp/
  Leopard:    drwxrwxrwt   8 root  wheel  - 272 Oct 17 08:46 /private/tmp/
  Where d is for directory.  rwxrwxrwx says user, group, and other all have read, write, and directory search permissions.  t says ONLY the owner of a file may delete that file from the directory.  And since I have the same permissions on 3 different flavors of Mac OS X, that is what I expect you should see.
  etresoft, I do not know why ptcharlotte wants to install TeamViewer.com, but I use it to remotely access a Mac I control when getting across home NAT routers is being a pain. Or in my Mom's case, I use it as a backup, in case one of my relatives decides to be helpful and ends up disabling my ssh port forwarding into my Mom's iMac (I'm 300 miles away, so having TeamViewer.com as a backup can save me a long drive to Mom's, or as always seems to happen, when I'm on vacation a 1,000+ miles away ).

• Public/private key length 2048 in visual administrator

  Hello,
  I need to generate an RSA public/private keypair with visual administrator with a length of 2048. From the dropdownbox in the dialog, "Key and Certificate Generation", I can only select op to 1024.
  Who knows if this is at all possible and/or how to get it done?
  this is on a Netweaver 6.40, XI 3.0 system
  thanks very much
  Gr Wout

  Hello Wout
  I think this issue would be best placed in the Netweaver Administrator forum. You will have a better chance of getting a quality answer to your query on that forum. I will forward the thread.
  Regards
  Mark Smyth
  XI/PI Moderator