Elliptic keys
Hi
I am trying to understand how to use ECC on a JavaCard.
I have two questions regarding keys:
1. Javadoc for ECPrivateKey.getS(...) states that:
Returns the value of the secret key in plaintext formWhat does that mean? Is not the value of the private key supposed to be secret so no one can access it (except indirectly by some class that will use it to generate signatures)?
2. Javadoc for ECPublicKey.setW(...) states that:
Sets the point of the curve comprising the public keyAren't we supposed to generate the public/private key pair once the curve has been set (A,B,P,N,G) somehow automatically (i.e. by calling KeyPair.genKeyPair) rather than setting values by ourselves?
Thank you
Thank you
Edited by: 815684 on Jun 6, 2011 7:36 AM
Hi,
815684 wrote:
1. Javadoc for ECPrivateKey.getS(...) states that:
Returns the value of the secret key in plaintext formWhat does that mean? Is not the value of the private key supposed to be secret so no one can access it (except indirectly by some class that will use it to generate signatures)?The S parameter is indeed the private key of the ECC. It has NOT to be send on the network. The function ECPrivateKey.getS(...) is almost never used since objects KeyAgreement and Signature have a Private key parameter. You might sometimes use the getS function to verify the value of your private key in debug mode.
815684 wrote:
2. Javadoc for ECPublicKey.setW(...) states that:
Sets the point of the curve comprising the public keyAren't we supposed to generate the public/private key pair once the curve has been set (A,B,P,N,G) somehow automatically (i.e. by calling KeyPair.genKeyPair) rather than setting values by ourselves?The W parameter is the public key for ECC. When calling a KeyPair.genKeyPair function, it automatically fills the all the parameters of both keys. When you create a new key pair, you have to set the length of keys you want to build. In fact, the keypair object will always generate the same (A,B,P,N,G) according to the key length. Only S (and so W) is generated randomly. But not all cards support the key generation, and you will have often to set all these parameters in static fields chosen by yourself. That's why it exists ECPublicKey.setW(...) and all the other set functions (setA,setB...)
Hope these information will be helpful
Cheers,
Cyril
Similar Messages
-
How to setup an ikev2 VPN with public key authentica​tion with your BB10 device
This setup will allow you to run a VPN between your BB10.2 (and probably BB10.1) device and a debian linux computer (I am running the testing stream). You will need to tweak this config (and possibly install strongswan server on your LAN's gateway) to get access to network resources, or access the internet via the VPN. I have created this setup with the intention of accessing files/services on the debian computer only.
1. Install strongswan on your debian machine(I have v4.6.4 installed, I think the current testing version is v5.1. If you install v5+, some lines in the config may be obsolete), and install any other extra packages you are prompted to install:
apt-get install strongswan strongswan-ikev1 strongswan-ikev2 strongswan-starter openssl ipsec-tools
2. Generate certificates on your debian server in any, starting with a certificate authority. Edit the C= O= CN= fields to whatever you want:
ipsec pki --gen --outform pem > caKey.pem
ipsec pki --self --in caKey.pem --dn "C=CA, O=none, CN=Certificate-Auth" --san="Certificate-Auth" --ca --outform pem > caCert.pem
Generate a server keypair (again, editing the same fields as I indicated above. The CN= field should be lan ip address of your strongswan server. I would also put this as the address in --san=, or you can specify your hostname(if you have one, i.e. mydomainname.com):
ipsec pki --gen --outform pem > serverKey.pem
ipsec pki --pub --in serverKey.pem | ipsec pki --issue --cacert caCert.pem --cakey caKey.pem --dn "C=CA, O=none, CN=192.168.1.100" --san="192.168.1.100" --flag serverAuth --outform pem > serverCert.pem
Generate a keypair for your BB10 device (choose a CN=, and use it in the --san field @your server lan ip or hostname:
ipsec pki --gen --outform pem > userKey.pem
ipsec pki --pub --in userKey.pem | ipsec pki --issue --cacert caCert.pem --cakey caKey.pem --dn "C=CA, O=none, CN=bb10" --san "[email protected]" --flag serverAuth --outform pem > userCert.pem
3. After generating your keys, package the client keys for your BB10 device(you will be asked to create a password): openssl pkcs12 -export -in userCert.pem -inkey userKey.pem -out bb10.pfx
Copy the bb10.pfx file, and serverCert.pem to your BB10 device and import the certificates into the certificate store(Open Settings --> Security and Privacy --> Certificates --> Import)
4. Move the certificates into the appropriate folders on your debian server:
mv caKey.pem /etc/ipsec.d/private
mv caCert.pem /etc/ipsec.d/cacerts
mv serverKey.pem /etc/ipsec.d/private
mv serverCert.pem /etc/ipsec.d/certs
5. Enable ip forwarding on your debian machine:
edit /etc/sysctl.conf - change the following value as follows:
net.ipv4.ip_forward=1
Close the file and save changes. To enable changes, type: sysctl -p /etc/sysctl.conf
6. Edit config files:
ipsec.secrets:
: RSA serverKey.pem
ipsec.conf:
config setup
strictcrlpolicy=no
uniqueids=yes
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
leftfirewall=yes
dpddelay=30
dpdtimeout=120
dpdaction=clear
conn bb10
mobike=yes
ike=aes256-sha1-sha1-modp1024!
esp=aes256-sha1!
left=%defaultroute
leftid="C=CA, O=none, CN=192.168.1.100"
leftcert=serverCert.pem
right=%any
rightsourceip=10.10.0.1
rightid="C=CA, O=none, CN=bb10"
rightauth=pubkey
leftauth=pubkey
pfs=yes
auto=add
7. Start the ipsec service on your debian machine: service ipsec stop; service ipsec start
8. Set up the VPN connection on your blackberry: Settings -->Network Connections --> VPN --> Add.
a) Profile Name: Give your VPN a name
b) Server Address: Enter your server's address
c) Gateway Type: Generic IKEv2 VPN Server
d) Authentication Type: PKI
e) Authentication ID Type: Identity Certificate Distinguished Name
f) Client Certificate: The client certificate you imported should show up in the dropdown
g) Gateway Auth Type: PKI
h) Gateway Auth ID Type: Identity Certificate Distinguished Name
i) Gateway CA Certificate: Find the certificate authority you imported. If you used the same name as I did above when creating the certificate, if will be called "Certificate-Auth".
j) Perfect forward secrecy : ON
k) Change IKE Lifetime to 3600
l) Change IPSEC lifetime to 1200
You can leave everything else on default settings. Save your VPN profile.
9. Connect to your VPN. You should now be able to ping both ways between your blackberry and debian host. Using the above configuration, your blackberry device will have the ip address of 10.10.0.1.There have been numerous bb10 updates (now 10.2.1.2977) since I first posted this mini how-to-I am not sure if it was the bb10 updates, or updates to strongswan (now v5.2.0) or my linux kernel (v3.15.3), though I am now able to use stronger hash and elliptic curve key exchange. I am using sha384 in my example, though have also got it working with sha512. Give it a try:
Simply use the same process I detailed before, though change the following lines in ipsec.conf:
ike=aes256-sha1-sha1-modp1024!
esp=aes256-sha1!
to
ike=aes256-sha384-ecp521
esp=aes256-sha384-ecp521
Be sure to restart strongswan after you change these lines in the config.
After this is done, change 'Automatically determine algorithm' to off in the VPN profile settings of your VPN connection profile on your blackberry. I'm not sure why it doesn't work automatically. State the following in this section:
IKE DH Group: 21
IKE CIpher: AES (256-bit key)
IKE Hash: SHA384
IKE PRF: HMAC-SHA384
IPSec DH Group: 21
IPSec Cipher: AES (256-bit key)
IPSec Hash: SHA384 -
PKCS#11 provider - ECDSA key pair generation on token
Hello,
I want to generate ECDSA key pair on HSM (nCipher's netHSM) using SunPKCS11 provider and Java 6.
After generation for all supported curve names (e.g. secp256r1) I try to call getEncoding method from PublicKey object (keyPair.getPublic().getEncoded()) and
I get RuntimeException
caused by java.io.IOException: "Point does not match field size"
at sun.security.ec.ECParameters.decodePoint(ECParameters.java:75)
at sun.security.pkcs11.P11ECKeyFactory.decodePoint(P11ECKeyFactory.java:61)
at sun.security.pkcs11.P11Key$P11ECPublicKey.fetchValues(P11Key.java:1002)
Keys are accessible on HSM.
Everything is well configured and works fine with RSA keys.
Using IAIK PKCS#11 provider I got proper values. Is it any bug in SunPKCS11 provider?
Regards,
MarcinPI recently had a problem with ECDSA and the PKCS#11 library of nCipher. Here's info from one of their engineers about the PKCS11 library:
"There are two separate issues - one is that our current pkcs11
release doesn't support ECDSA signature with SHA-2 hashes
(the v11.00 firmware adds support for it, but the main release version of
the pkcs11 library hasn't been updated to take advantage of it yet).
There is a hotfix version that does support SHA-2 hashes with some
restrictions, talk to [email protected] for details, and V11.10
should be out soon and have that merged in.
But the issue with setting CKA_SIGN is that our underlying HSM API
allows elliptic curve keys to be either key exchange (ECDH) or
signature (ECDSA) keys, but not both at one.
At the PKCS #11 level, if you specify CKA_DERIVE=true and let
CKA_SIGN default, it will default to false, and vice versa.
If you specify both CKA_DERIVE=true and CKA_SIGN=true, then we
return CKR_TEMPLATE_INCONSISTENT because we can't do both with
the same key. (However, the tests using C_GetMechanismInfo will
show that we can do both mechanisms, because we can - so long
as you use different keys, even though they have the same PKCS#11
type.)
I can't comment on when or how that will be changed."
I was using the PKCS#11 library through NSS when I ran into the problem, but I imagine Java would run into similar problems also using the PKCS#11 library. I was able to generate keypairs but not create a CSR (which required making a signature, which required SHA-2).
Can you just use the java classes to speak to the netHSM? I've never directly written code to do so myself, but I have used Corestreet's OCSP product that uses the java classes to speak to the nCipher HSMs (though not using EC). It might work better than going through the PKCS#11 layer. There should be a java directory under NFAST_HOME that contains some jars.
Please post back if you figure anything out as I'll probably be playing with this stuff myself soon.
Dave -
PKCS#11 Provider unable to fetch asymmetric keys and certificates
Hi,
I'm facing a problem while getting keys and certificate from Eracom HSM (ProtectServer Orange:38039 Model: PSO:PL50) using Sun PKCS#11 Provider. It gets only the symmetric keys but NEVER gets the asymmetric keys.
My code snippet and configuration file are:
Java Code:
java.io.InputStream is = new java.io.FileInputStream("pkcs11.cfg");
sun.security.pkcs11.SunPKCS11 pkcs11_provider = new sun.security.pkcs11.SunPKCS11(is);
System.out.println("Provider Name : " + pkcs11_provider.getName());
java.security.Security.addProvider(pkcs11_provider);
KeyStore ks = KeyStore.getInstance("PKCS11", pkcs11_provider);
ks.load(null, "password".toCharArray());
java.util.Enumeration obj_enumeration = ks.aliases();
while (obj_enumeration.hasMoreElements()) {
String str_certAlias = (String) obj_enumeration.nextElement();
System.out.println("Alias : " + str_certAlias);
pkcs11.cfg:
name = Eracom
library = G:\Eracom\cryptoki.dll
slot = 0
attributes(*, CKO_PRIVATE_KEY, *) = {
CKA_TOKEN = false
CKA_SENSITIVE = false
CKA_EXTRACTABLE = true
CKA_DECRYPT = true
CKA_SIGN = true
CKA_SIGN_RECOVER = true
CKA_UNWRAP = true
attributes(*, CKO_PUBLIC_KEY, *) = {
CKA_ENCRYPT = true
CKA_VERIFY = true
CKA_VERIFY_RECOVER = true
CKA_WRAP = true
I also ran my program without specifying any attributes in configuration file, also tried many other combination, but in all cases (with or without attributes) only symmetric keys are loaded from HSM. I am able to get all keys (symmteric and asymmteric) and certificates from the same HSM using IAIK PKCS#11 Provider. Though, the Sun PKCS#11 Provider is working fine with SmartCard tokens (Rainbow, Alladin etc.)
Any help to resolve my problem would be highly appreciated.
Thanks in advance.I recently had a problem with ECDSA and the PKCS#11 library of nCipher. Here's info from one of their engineers about the PKCS11 library:
"There are two separate issues - one is that our current pkcs11
release doesn't support ECDSA signature with SHA-2 hashes
(the v11.00 firmware adds support for it, but the main release version of
the pkcs11 library hasn't been updated to take advantage of it yet).
There is a hotfix version that does support SHA-2 hashes with some
restrictions, talk to [email protected] for details, and V11.10
should be out soon and have that merged in.
But the issue with setting CKA_SIGN is that our underlying HSM API
allows elliptic curve keys to be either key exchange (ECDH) or
signature (ECDSA) keys, but not both at one.
At the PKCS #11 level, if you specify CKA_DERIVE=true and let
CKA_SIGN default, it will default to false, and vice versa.
If you specify both CKA_DERIVE=true and CKA_SIGN=true, then we
return CKR_TEMPLATE_INCONSISTENT because we can't do both with
the same key. (However, the tests using C_GetMechanismInfo will
show that we can do both mechanisms, because we can - so long
as you use different keys, even though they have the same PKCS#11
type.)
I can't comment on when or how that will be changed."
I was using the PKCS#11 library through NSS when I ran into the problem, but I imagine Java would run into similar problems also using the PKCS#11 library. I was able to generate keypairs but not create a CSR (which required making a signature, which required SHA-2).
Can you just use the java classes to speak to the netHSM? I've never directly written code to do so myself, but I have used Corestreet's OCSP product that uses the java classes to speak to the nCipher HSMs (though not using EC). It might work better than going through the PKCS#11 layer. There should be a java directory under NFAST_HOME that contains some jars.
Please post back if you figure anything out as I'll probably be playing with this stuff myself soon.
Dave -
I would like to encrypt directory used for system backup and EFS private must be protected by TPM.
I have a valid certificate (template derived from "EFS Basic" + "Microsoft Platform Crypto Provider" RSA/2048)
D:\>whoami
nt authority\system
D:\>certutil -store my
my "Personal"
================ Certificate 0 ================
Serial Number: 1e***************
Issuer: CN=Enterprise TEST CA, O=GOV C=BO
NotBefore: 2015-04-02 09:42
NotAfter: 2017-04-02 09:52
Subject: CN=TPM1SRV.gov.bo
Non-root Certificate
Template: EFSTPM, EFS TPM
Cert Hash(sha1): a6 d5 a9 06 66 22 72 a4 58 a8 24 e6 24 c9 xx xx yy yy zz zz
Key Container = le-EFSTPM-19a2278c-c708-****-b3b0-***************
Unique container name: C:\ProgramData\Microsoft\Crypto\PCPKSP\**\**.PCPKEY
Provider = Microsoft Platform Crypto Provider
2.5.29.37: Flags = 0, Length = e
Enhanced Key Usage
Encrypting File System (1.3.6.1.4.1.311.10.3.4)
Private key is NOT exportable
Encryption test passed
D:\>cipher /Y
EFS certificate thumbprint for computer TPM1SRV:
A6D5 A906 6622 72A4 58A8 24E6 24C9 xxxx yyyy zzzz
How ever when I'm trying to encrypt Directory on Windows 2012 R2, the error is
D:\>cipher /E EncryptedByTPM
Encrypting files in D:\
EncryptedByTPM [ERR]
EncryptedByTPM: The specified certificate is self signed.
0 file(s) [or directorie(s)] within 1 directorie(s) were encrypted.
But this is not true, EFS is signed by Enterprise CA W2K12 R2.
What I'm doing wrong ?@Amy thank you for the hint
** I did tests:
New Template derived from “EFS Basic”
Template->Cryptography->Provider -> Key Storage Provider
(CNG)
I need to use CNG to have access to "Microsoft Platform Crypto Provider"
Test #1
Template->Cryptography->Provider ->Algorithm :
RSA
Template->Cryptography->Provider ->Microsoft Key Storage Provider (without TPM)
Result: EFS encryption failed
Test #1
Template->Cryptography->Provider ->Algorithm : ECDH_256
Template->Cryptography->Provider ->Microsoft Key Storage Provider (without TPM)
Result: EFS encryption pass
** I found the info: “EFS supports KSPs only for Elliptic Curve Diffie-Hellman (ECDH) keys.”
<-
Kurt L Hudson MSFT
http://blogs.technet.com/b/pki/archive/2012/01/23/efs-certificates-may-be-recovered-as-cng-certificates-when-capi-csp-is-required.aspx
** What algo are supported by Platform Crypto Provider?
certutil –cspinfo
Provider Name: Microsoft Platform Crypto Provider
Name: Microsoft Platform Crypto Provider
Asymmetric Encryption Algorithms:
RSA
BCRYPT_ASYMMETRIC_ENCRYPTION_INTERFACE -- 3
no ECDH :(
Game Over: By design TPM can’t be used to protect EFS key
s
Do you know what are the plans for W10 – maybe EFS will able to use KSP for RSA keys ? -
How to create an Elliptical Gradient (e.g, implement PaintContext).
Hi,
I found an implementation of a circle gradient that works well.
Search this page for RoundGradientPaint and RoundGradientContext:
http://www.oreilly.com/catalog/java2d/chapter/ch04.html
My question is this: How do I modify this code to draw an elliptical gradient instead only a circle gradient? I would really appreciate any help.
Thanks!import java.awt.*;
import java.awt.geom.*;
import java.awt.image.*;
import java.util.*;
import javax.swing.*;
import javax.swing.event.*;
public class EllipticalGradient extends JPanel {
Point2D.Double p = new Point2D.Double(175, 75);
protected void paintComponent(Graphics g) {
super.paintComponent(g);
Graphics2D g2 = (Graphics2D)g;
g2.setRenderingHint(RenderingHints.KEY_ANTIALIASING,
RenderingHints.VALUE_ANTIALIAS_ON);
Rectangle r = getBounds();
double cx = r.getCenterX();
double cy = r.getCenterY();
OvalGradientPaint ogp =
new OvalGradientPaint(cx, cy, Color.magenta, p, Color.blue);
g2.setPaint(ogp);
g2.fill(r);
public static void main(String[] args) {
EllipticalGradient eg = new EllipticalGradient();
JFrame f = new JFrame();
f.setDefaultCloseOperation(JFrame.EXIT_ON_CLOSE);
f.add(eg);
f.add(eg.getControls(), "Last");
f.setSize(400,400);
f.setLocationRelativeTo(null);
f.setVisible(true);
private JPanel getControls() {
final JSlider xSlider = new JSlider(10, 200, (int)p.x);
final JSlider ySlider = new JSlider(10, 200, (int)p.y);
ChangeListener l = new ChangeListener() {
public void stateChanged(ChangeEvent e) {
JSlider slider = (JSlider)e.getSource();
double value = slider.getValue();
if(slider == xSlider)
p.x = value;
else if(slider == ySlider)
p.y = value;
repaint();
xSlider.addChangeListener(l);
ySlider.addChangeListener(l);
JPanel panel = new JPanel(new GridBagLayout());
GridBagConstraints gbc = new GridBagConstraints();
gbc.insets = new Insets(2,2,2,2);
gbc.fill = gbc.HORIZONTAL;
addComponents(new JLabel("p.x"), xSlider, panel, gbc);
addComponents(new JLabel("p.y"), ySlider, panel, gbc);
return panel;
private void addComponents(Component c1, Component c2, Container c,
GridBagConstraints gbc) {
gbc.weightx = 0;
gbc.gridwidth = gbc.RELATIVE;
c.add(c1, gbc);
gbc.weightx = 1.0;
gbc.gridwidth = gbc.REMAINDER;
c.add(c2, gbc);
class OvalGradientPaint implements Paint {
protected Point2D mPoint;
protected Point2D mRadius;
protected Color mPointColor, mBackgroundColor;
public OvalGradientPaint(double x, double y, Color pointColor,
Point2D radius, Color backgroundColor) {
if(radius.distance(0,0)<=0)
throw new IllegalArgumentException("Radius must be greater than 0.");
mPoint = new Point2D.Double(x,y);
mPointColor = pointColor;
mRadius = radius;
mBackgroundColor = backgroundColor;
public PaintContext createContext(ColorModel cm,
Rectangle deviceBounds,
Rectangle2D userBounds,
AffineTransform xform,
RenderingHints hints) {
Point2D transformedPoint = xform.transform(mPoint,null);
Point2D transformedRadius = xform.deltaTransform(mRadius,null);
return new OvalGradientContext(transformedPoint, mPointColor,
transformedRadius, mBackgroundColor);
public int getTransparency() {
int a1 = mPointColor.getAlpha();
int a2 = mBackgroundColor.getAlpha();
return (((a1 & a2) == 0xff) ? OPAQUE : TRANSLUCENT);
class OvalGradientContext implements PaintContext {
protected Point2D mPoint;
protected Point2D mRadius;
protected Color mC1, mC2;
Ellipse2D.Double ellipse;
Line2D.Double line;
Map<Double, Double> lookup;
double R;
public OvalGradientContext(Point2D p, Color c1, Point2D r, Color c2) {
mPoint = p;
mC1 = c1;
mRadius = r;
mC2 = c2;
double x = p.getX() - mRadius.getX();
double y = p.getY() - mRadius.getY();
double w = 2*mRadius.getX();
double h = 2*mRadius.getY();
ellipse = new Ellipse2D.Double(x,y,w,h);
line = new Line2D.Double();
R = Point2D.distance(0, 0, r.getX(), r.getY());
initLookup();
public void dispose() { }
public ColorModel getColorModel() {
return ColorModel.getRGBdefault();
public Raster getRaster(int x, int y, int w, int h) {
WritableRaster raster = getColorModel().createCompatibleWritableRaster(w,h);
int[] data = new int[w*h*4];
for(int j = 0; j < h; j++) {
for(int i = 0; i < w; i++) {
double distance = mPoint.distance(x+i,y+j);
double dy = y+j - mPoint.getY();
double dx = x+i - mPoint.getX();
double theta = Math.atan2(dy, dx);
double xp = mPoint.getX() + R * Math.cos(theta);
double yp = mPoint.getY() + R * Math.sin(theta);
line.setLine(mPoint.getX(), mPoint.getY(), xp, yp);
double roundDegrees = Math.round(Math.toDegrees(theta));
double radius = lookup.get(Double.valueOf(roundDegrees));
double ratio = distance / radius;
if(ratio > 1.0)
ratio = 1.0;
int base = (j * w + i) * 4;
data[base + 0] = (int)(mC1.getRed() +
ratio * (mC2.getRed() - mC1.getRed()));
data[base + 1] = (int)(mC1.getGreen() +
ratio * (mC2.getGreen() - mC1.getGreen()));
data[base + 2] = (int)(mC1.getBlue() +
ratio * (mC2.getBlue() - mC1.getBlue()));
data[base + 3] = (int)(mC1.getAlpha() +
ratio * (mC2.getAlpha() - mC1.getAlpha()));
raster.setPixels(0,0,w,h,data);
return raster;
private double getRadius() {
double[] coords = new double[6];
Point2D.Double p = new Point2D.Double();
double minDistance = Double.MAX_VALUE;
double flatness = 0.005;
PathIterator pit = ellipse.getPathIterator(null, flatness);
while(!pit.isDone()) {
int segment = pit.currentSegment(coords);
switch(segment) {
case PathIterator.SEG_CLOSE:
case PathIterator.SEG_MOVETO:
case PathIterator.SEG_LINETO:
break;
default:
System.out.printf("unexpected segment: %d%n", segment);
double distance = line.ptSegDist(coords[0], coords[1]);
if(distance < minDistance) {
minDistance = distance;
p.x = coords[0];
p.y = coords[1];
pit.next();
return mPoint.distance(p);
private void initLookup() {
lookup = new HashMap<Double, Double>();
for(int j = -180; j <= 180; j++) {
Double key = Double.valueOf(j);
double theta = Math.toRadians(j);
double xp = mPoint.getX() + R * Math.cos(theta);
double yp = mPoint.getY() + R * Math.sin(theta);
line.setLine(mPoint.getX(), mPoint.getY(), xp, yp);
Double value = Double.valueOf(getRadius());
lookup.put(key, value);
double theta = -0.0; // avoids NullPointerException
Double key = Double.valueOf(theta);
double xp = mPoint.getX() + R * Math.cos(theta);
double yp = mPoint.getY() + R * Math.sin(theta);
line.setLine(mPoint.getX(), mPoint.getY(), xp, yp);
Double value = Double.valueOf(getRadius());
lookup.put(key, value);
} -
Unable to retrieve public key and signature.
Hi,
I'am trying to send public key and signature from one client to another via server.
Both pub_key and signature are encrypted into base64. But i cant retrieve them correctly in server side.
I'am using ECDSA to sign message key_length 224bit. Sending and retrieving data via sockets.
SEND DATA FUNCTION Client.java
private static PrintWriter output_stream = null;
private static Scanner input_stream = null;
private static void send_message(String message)
if(user_name != null
&& message_text_area.getText().equals(SERVER_CLOSED) == false
&& message_text_area.getText().equals(SERVER_CONNECTED) == false
&& message_text_area.getText().equals(MAX_USERS_ONLINE) == false
&& message_text_area.getText().equals(CONNECTION_CLOSED) == false
&& message_text_area.getText().equals(GET_USER) == false
&& message_text_area.getText().equals(REMOVE_USER) == false
&& message_text_area.getText().equals(USER_EXISTS) == false
&& message_text_area.getText().equals(USER_NICK) == false){
String signature = new BASE64Encoder().encode(ecdsa_parameters.sign_message(SESSION_KEY_PAIR.getPrivate(), message_text_area.getText().trim()));
String public_key = new BASE64Encoder().encode(SESSION_KEY_PAIR.getPublic().getEncoded());
if (signature != null && SESSION_KEY_PAIR != null){
synchronized(output_stream)
output_stream.println(USER_NICK);
output_stream.println(user_name);
output_stream.println(user_nick);
output_stream.println(message_text_area.getText().trim());
//PUblic key and signature in base64
output_stream.println(public_key);
output_stream.println(signature);
//length and data of them
System.out.println(public_key.length());
System.out.println(signature.length());
System.out.println(public_key);
System.out.println(signature);
append_message(user_nick+": "+message_text_area.getText().trim());
message_text_area.setText(null);
}else{
append_message("E_C_002: Unable to generate keys or signature.");
}else{
append_message("User is not selected or incorrect message");
}HANDLER.JAVA (SERVER SIDE RETRIEVE)
private Scanner input_data = null;
private PrintStream output_data = null;
if(recieved_data.equals(USER_NICK)){
String user_name = input_data.nextLine();
String user_nick = input_data.nextLine();
String message = input_data.nextLine();
String public_key = "";
for (int i=0; i<5; i++){
if(i == 0){
public_key = public_key+""+input_data.next();
}else{
public_key = public_key+"\n"+input_data.next();
String signature = "";
for (int i=0; i<2; i++){
if(i == 0){
signature = signature+""+input_data.next();
}else{
signature = signature+"\n"+input_data.next();
//output length and data of key and signature
System.out.println(public_key.length());
System.out.println(signature.length());
System.out.println(public_key);
System.out.println(signature);
Server.users_messages.addElement(user_name+""+SEPARATOR+""+user_nick+""+SEPARATOR+""+message+""+SEPARATOR+""+public_key+""+SEPARATOR+""+signature);
}It seems that length of key and signature in server side are different form client.
Maybe I'am missing something that correspond sending data in base64????
All project is here http://fmf.vtu.lt/~knugmanov/Elliptic%20curve%20cryptography%20instant%20messenger.rar
(import into eclypse).
For ECC I use iaik classes.
Thanks in adv.
Kirilhere is a code from
http://www.exampledepot.com/egs/java.security/GetKeyFromKs.html
This example retrieves from a keystore, the private and public key associated with an alias.
private and public key are having the same alias ?
i know a alias for my key but i believe thats for private key not for public key ......is it true that both private and public key have the same alias ?
and KeyPair is an interface and so its difficult to get a key out of it
public KeyPair getPrivateKey(KeyStore keystore, String alias, char[] password) {
try {
// Get private key
Key key = keystore.getKey(alias, password);
if (key instanceof PrivateKey) {
// Get certificate of public key
java.security.cert.Certificate cert = keystore.getCertificate(alias);
// Get public key
PublicKey publicKey = cert.getPublicKey();
// Return a key pair
return new KeyPair(publicKey, (PrivateKey)key);
} catch (UnrecoverableKeyException e) {
} catch (NoSuchAlgorithmException e) {
} catch (KeyStoreException e) {
return null;
}Message was edited by:
Unknown_Citizen
Message was edited by:
Unknown_Citizen
Message was edited by:
Unknown_Citizen -
Moving the Elliptical Marquee Tool
Hi. Really hoping someone can help me with a problem I'm having with the elliptical marquee tool. Having selected this tool and drawn an oval shape on my image, I know I should be able to move the oval image around the screen, using the keyboard arrows (I think), until it frames the part of the image I want framed. However, the keyboard arrows are not working for me in order to shift the oval around. When I press the keyboard arrows, I can see my cursor moving through the Photo Effects icons on the right of the Editor window (Elements 6 version). Does anyone know how I can make sure that the keyboard arrows move the oval around or does anyone know any other way of making the oval move around the image?
Thanks very muchThanks so much Terri for all your help. IT NOW WORKS!! HURRAH!!
All I did was re-create the preferences file manually then went back in and tried moving the elliptical marquee tool around using the keyboard arrows and it worked fine. Unfortunately, the Ctrl+Alt+Shift still does not work but at least I now know the manual way of re-creating the preference file.
In terms of the other questions you asked:
1. My shortcut key was already set to none.
2. No other keys have been acting up but bear in mind that I have only been using PSE6 for the last 7 weeks as part of my Open University course in the UK so not likely to have encountered much yet.
3. No other programs are causing any problems that I am aware of although I don't use shortcut keys that often apart from ctrl+V and ctrl+C and a few others.
4. I don't have a Logitech mouse so this wouldn't be causing any issues.
Thanks again for all your help.
Sue -
Remote System and Remote Key Mapping at a glance
Hi,
I want to discuss the concept of Remote System and Remote Key Mapping.
Remote System is a logical system which is defined in MDM Console for a MDM Repository.
We can define key mapping enabled at each table level.
The key mapping is used to distinguish records at Data Manager after running the Data Import.
Now 1 record can have 1 remote system with two different keys but two different records cannot have same remote system with same remote key. So, Remote key is an unique identifier for record for any remote system for each individual records.
Now whenever we import data from a Remote System, the remote system and remote key are mapped for each individual records. Usually all records have different remote keys.
Now, when syndicating back the record with default remote key is updated in the remote system that is sent by xml file format.
If same record is updated two times from a same remote system, the remote key will be different and the record which is latest contains highest remote key.
Now, I have to look at Data Syndication and Remote key.
I have not done Data Syndication but my concept tell if there is duplicate record with same remote system but different remote keys both will be syndicated back. But if same record have two remote keys for same remote system then only the default remote key is syndicated back.
Regards
Kaushik BanerjeeYou are right Kaushik,
I have not done Data Syndication but my concept tell if there is duplicate record with same remote system but different remote keys both will be syndicated back.
Yes, but if they are duplicate, they needs to be merged.
But if same record have two remote keys for same remote system then only the default remote key is syndicated back.
This is after merging. So whichever remote key has tick mark in key mapping option(default) , it will be syndicated back.
Pls refer to these links for better understanding.
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/uuid/80eb6ea5-2a2f-2b10-f68e-bf735a45705f
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/uuid/7051c376-f939-2b10-7da1-c4f8f9eecc8c%0c
Hope this helps,
+ An -
Sy-tabix when using secondary key
Hi,
I have an internal table with records that contain a field with the line index of another table entry that they depend on.
I can process this table recursively, by passing the parent index inside and using a
LOOP AT ... USING KEY secondary_key WHERE index = iv_index.
Unfortunately the sy-tabix is afterwards not correct, it contains the position in the secondary key probably instead the position in the internal table.
Is there a way how I could find out the current table index, when using a secondary key to read a record?
Regards,
BrunoI rewrote it to include the row index also, not only the dependency.. was thinking too generic
-
How do i use my own image with keying (or green screen)
how do i use my own image witrh keying (or green screen)
Put your sky clip on a layer below the clip you want to key. One or the other will be a connected clip. Apply the Keying filter to foreground clip (the one with the green screen). The green will be seen as transparent and the sky will show through as the BG. Adjust as necessary in the Inspector.
Good luck.
Russ -
HI experts,
I have the requirement to create DSO with Material,Plant,Usage,BOM,Alternative,BOM category,Counter,Valid From,BOM status,Base unit,Base Quantity fields. I am not involved in the functional part. could you please tell me which fields can take in the key part???
Regards,
KPHi Kundan,
What is the data source that you are using to laod the data to DSO?
You can fidn the key fileds with the help of data source. or from the source table if you are not having Data source.(there will be a screw symbol for the key fileds).
you can use material, plant, BOM as key fileds.
Regards
KP -
DSO - What key fields and data fields in dso
Hi experts,
I need to create a dso in between the cube and 2 data sources(2lis_11_vaitm, 2lis_12_vcscl) to stage the data. My question is: what key fields and data fields to choose for the dso? is there a standard dso to copy? please explain in detail the model to set up, whether to connect both the ds's to dso and then to cube or one ds to dso and the other to the cube. more details will help.Check this for standard DSO:
http://help.sap.com/saphelp_nw04/helpdata/en/43/fcdc387f34384f94c3227baf3837a8/content.htm
Thanks...
Shambhu -
Key Fields & Data Fields in DSO.
In Standard DSO, Maximum how many number of key fields and data fields we can enter in one DSO?
For e.g : In Cube Char - 248 KF - 233
In DSO Key Fields - ? Data Fields - ?
Regrards,
Nithi.Hi Nithi,
Since Key fields are decide by us we can add according to our requirement.
Key fields can only be 16 you cannot exceed this. but if you have more key fields, you can combine fields using a routine for a key field
Max Data Fields - 749 data fields can be added in a DSO.
Warm regards
Gokul -
Hi,
I am loading data from Cube to DSO.
In cube i have fields with 2 records below as example
f1=1 f2=2 f3=3 f4=4 and key figure k1=1
f1=1 f2=2 f3=3 f4=4 and key figure k1=1
In DSO all these f1's fields are key fields as per requirement. And when i load now i get in DSO as
f1=1 f2=2 f3=3 f4=4 and key figure k1=2
I do not want k1=2 but i want k1=1 in DSO and not sure why this is getting summed up even though i have selected overwrite in Transfer rules.
I have checked mapping and cube data. All are fine.
I just want to avoid this and do not know what to do.
A routine or formula or something else?
Please help.Hi,
Check your DSO Design
Keep f1 ,f2, f3, f4, are in KeyFileds of DSO and Keep key figure k1 in DataFields of DSO.
Here I'm assuming that F1 to F4 are Charecteristics.And only K1 is Keyfigure. If this is the case then I hope it will work if you follw the above design.
Thanks
Reddy
Maybe you are looking for
-
Sending response to another BPEL from ESB
I am passing request from esb to bpel and getting the response from bpel that i want to send to another bpel through esb. Everthing is working fine(not showing any error) but the response is not going to second bpel through.
-
I cannot open svg files in FF.
We have numerous copies of FF, which we update regularly. Only one will open an svg downloaded file. What is going on?
-
Hie there everyone ... i have a little question puzzling me ... just today i passed my , Oracle DataBase 10g Administration I --- ( 1Z0-042 ) ... on my way for OCA certification. But now , as it required another exam to get certificate and this is my
-
Javascript error message loading dreamweaver mx
this may be two different questions but here goes: -- i downloaded the interakt kollection a while back and just got time to use it. by now i noticed that a newer version was available so i downloaded it. but it crashed my machine trying to update. a
-
HT4356 how to configure airprinter for printer brother dcp-j315w
i want to configure airprinter for Printer Brother DCP-J315W. how to do it??