Encrypt text without full blown public/private keys or certificates?

Similar Messages

• Generate public private keys inside smart card

  Dear all,
  I am using this code to generate public and private key inside the smart card.
  KeyPair kp = new KeyPair(KeyPair.ALG_RSA_CRT, KeyBuilder.LENGTH_RSA_512);
  kp.genKeyPair();
  PrivateKey prikey = kp.getPrivate();
  PublicKey pubkey = kp.getPublic();
  This code is executing without errors.
  I need to get out the public key from the smart card. So I need to get public key to a byte array.
  But I can't get those keys to plain text byte array.
  The methods that I can get for pubkey object are
  pubkey.clearKey();
  pubkey.equals(obj);
  pubkey.getSize();
  pubkey.getType();
  pubkey.isInitialized(); only these.
  I am using
  Eclipse Version: 3.4.1 (Compiler complience level = 1.4)
  Jcop plugin (to communicate with the actual card and to test the java code in virtual card provided by JCOP)
  OmniKey5321 card reader (In contactless type)
  What is the reason to get only those above methods to pubkey object? Is it a version problem?
  How can I get the public key to plain byte array? Is it possible?
  If it is not possible Is there a way to get public key as a export certificate or something other solution?
  If my scenario is not a possible strategy, How can I use public private keys to send specific data to applet? Is there a better way to do this?
  Edited by: 863766 on Jun 6, 2011 12:16 AM

  Thank you very much!
  I used this code
  RandomData rand = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
            short lenBytes = (short) (KeyBuilder.LENGTH_DES/8);
            byte[] buffer = JCSystem.makeTransientByteArray(lenBytes,JCSystem.CLEAR_ON_DESELECT);
            DESKey key = (DESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_DES , KeyBuilder.LENGTH_DES,false);
            rand.generateData(buffer, (short) 0 ,lenBytes);
            key.setKey(buffer, (short) 0 ) ;
            byte keyData[]= new byte[256];
            key.getKey(keyData, (short) 0);
  Now I know how to initialize the key...
  Thank you again.
  Regards,
  Dushantha
  Edited by: 863766 on Jun 6, 2011 3:52 AM

• Is a Public/Private Key Pair possible in SAP?

  I have a web service that I would like to run as part of a nightly script. I currently use username/password authentication, but it is not acceptable to have them hard coded, due to Sarbanes-Oxley rules. SAP's site claims to support authentication with x.509 certificates, but is unclear on the implementation details. How could I go about setting up and using a public/private key pair in SAP?

  Not really a portal question, and maybe you'll get a better result in a security forum...
  However, briefly, yes, the AS Java supports X509 certificates as an authentication mechansm. You need to use Visual Admin to generate a server side certificate, then you need the client side to register its own X509 certificate and then in the Java user admin you need to associate the client certificate with a known user. Now when the client executes the web service call it can pass the certificate and the AS Java will back translate the certificate to a real username.

• Public/private keys

  How to create a private/public keys?
  Fred

  Hi Fred,
  Following are the steps required are to create a Public/Private Keys:
  1. Load the security provider (if not configured in $JAVAHOME/jre/lib/security/java.security)
  2. Obtain a handle to a secure random number generator.
  3. Obtain a handle to KeyPairGenerator for a specific public key algorithm.
  4. Generate the public/private key pair
  5. Extract the public and private keys
  The following example shows how to generate public and private keys using the KeyPairGenerator and KeyPair interfaces using JCSI's security provider.
  import java.security.*;
  // Load JCSI's JCA security provider
  Security.addProvider(new com.dstc.security.provider.DSTC());
  // Seed random number generator using the default seeding
  // "SHA1PRNG" = SHA1 Pseudo-random number generator
  SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
  // Initialise KeyPairGenerator to create 1024-bit RSA keys.
  // PK Algorithm = "RSA", Security Provider = "DSTC" (Wedgetail)
  KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "DSTC");
  keyGen.initialize(1024, random);
  // Generate RSA pulic/private key pair
  KeyPair keyPair = keyGen.genKeyPair();
  // Extract public and private keys
  PrivateKey privKey = keyPair.getPrivate();
  PublicKey pubKey = keyPair.getPublic();
  Hope this will help you.
  Regards,
  Anil.
  Techncial Support Engineer.

• Deleted the public/private keys installed by iPCU & untrusted the certs

  Hi;
  it's early in the morning and i couldn't quite figure what was going on
  when:
  - new public and private keys "appeared" in keychain
  - a certificate was installed almost as soon as a plugged
  an iphone in while running iPhone Config Util (iPCU i now
  realize)
  From the console:
  Tue Jun 30 02:39:45 unknown mcmobiletunnel[363] <Warning>: added object <NSCFType: 0x1073d0> to keychain as iPCUHost-D3FA2B23-E0D0-4C42-A48B-DFXXXXXXXX-HostCert success 1 error 0
  What it looks like is on connecting the iPhone "phoned home" and snagged a certificate and public and private keys to install on my MacBook Pro.
  I deleted these not realizing who iPCUHost was (an earlier cert was marked as untrusted on a pass trhough my certs earlier).
  OK: so *how* do i recreate the public/private keys? the Certificates in Keychain?
  Tried: downloading and re-installing iPCU
  Tried: Time Machine to earlier version if iPCU & using Software update to Update.
  This is where things look unhappy in the iPCU console:
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Warning>: received request 4: (\n RequestType\n), keys {\n RequestType = GetProfileList;\n}
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Warning>: processing request 4: ((\n RequestType\n))
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Warning>: sending reply {\n OrderedIdentifiers = (\n );\n ProfileManifest = {\n };\n ProfileMetadata = {\n };\n Status = Acknowledged;\n}
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Error>: receive_message: Could not receive size of message: 0 Operation not permitted
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Warning>: received request 4: (null), keys (null)
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Error>: main: Could not receive request from host.
  Tue Jun 30 03:48:21 unknown /usr/libexec/notification_proxy[426] <Error>: Could not receive size of message
  Tue Jun 30 03:48:21 unknown /usr/libexec/notification_proxy[426] <Error>: Could not receive message
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Warning>: received request 4: (\n RequestType\n), keys {\n RequestType = GetProfileList;\n}
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Warning>: processing request 4: ((\n RequestType\n))
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Warning>: sending reply {\n OrderedIdentifiers = (\n );\n ProfileManifest = {\n };\n ProfileMetadata = {\n };\n Status = Acknowledged;\n}
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Error>: receive_message: Could not receive size of message: 0 Operation not permitted
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Warning>: received request 4: (null), keys (null)
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Error>: main: Could not receive request from host.
  Thx
  Jim

  I'm in the same situation here. While trying out the iPCU, I noticed my test devices were showing up with a certificate of "iPCUHost...". I was hoping to replace this default cert with one from our own CA, and in the process of messing around I tried deleting all of those certs from my Keychain. They deleted just fine, and after a sync the cert also disappeared from the connected iPhone. Unfortunately, there is no obvious way to replace that cert and as of now, I cannot install any profile to the device that has had the cert removed. If I select the device and click "Install" on a profile, nothing happens... no errors, no console messages, it just does nothing.
  I'm not quite sure how to replace the missing cert, and in particular how to replace it with one of our own rather than the default. Surely we don't have to actually develop a web service just to install certs... (see page 21 of the Enterprise Deployment Guide)
  -mike

• 'Error while signing data-Private key or certificate of signer not availabl

  Hello All,
  In my message mapping I need to call a web service to which I need to send a field value consist of SIGNED DATA.
  I am using SAP SSF API to read the certificate stored in NWA and Signing the Data as explained in
  http://help.sap.com/saphelp_nw04/helpdata/en/a4/d0201854fb6a4cb9545892b49d4851/frameset.htm,
  when I have tested using Test tab of message mapping  it is working fine and I am able to access the certificate Keystore of NWA(we have created a keystore view and keystore entry to store the certificate) and generate the signed data ,but when I test end to end scenario from ECC system,it is getting failed in mapping with the error
  ' Error while signing data - Private key or certificate of signer not availableu2019.
  Appreciate your expert help to resolve this issue urgently please.
  Regards,
  Shivkumar

  Hi Shivkuar,
  Could you please let me know how you were trying to achieve the XML signature.
  We have a requirement where we have to sign the XML document and need to generate the target document as following structure.
  <Signature>
       <SignedInfo>
           <CanonicalizationMethod />
           <SignatureMethod />
           <Reference>
                   <Transforms>
                   <DigestMethod>
                   <DigestValue>
           </Reference>
      <Reference /> etc.
    </SignedInfo>
    <SignatureValue />
    <KeyInfo />
    <Object>ACTUAL PAYLOAD</Object>
  </Signature>
  I am analyzing the possibility of using the approach that is given in the help sap link that you have posted above. Any inputs will be apprecited.
  Thanks and Regards,
  Sami.

• Error while signing data-Private key or certificate of signer not available

  Hello All,
  I am new to PI.  I am currently stuck with an issue. The scenario is as explained below.
  We need to check for the service availability before processing the data. So, we test for the RFC connection first from the ECC system. During this process, we access the digital certificate stored in the PI system so that it can be validated and allowed to consume this intended service.
  Error :
  When we trigger the RFC test from the  ECC system, we get an error stating ' Error while signing data -  Private key or certificate of signer not available '. But when we test the same functionality within PI system(Locally), we does not encounter any such error. The certificate is maintained and it appears fine.
  The communication channels are stored with logon credentials.
  Can anyone please help me with this error or provide your valuable inputs. Thanks in advance.
  Regards,
  Shivkumar

  Hello,
  When we trigger the RFC test from the ECC system, we get an error stating ' Error while signing data - Private key or certificate of signer not available '.
  This should be normal behavior since the certificates are not installed in ECC SSL folders of Strust. Why not just install the certificates in the ECC system, perform an ICM restart and do a retest? After all, the certificates would both be the same in PI and ECC.
  Hope this helps,
  Mark

• How does a public/private key encrypt and decrypt each other?

  I understand the logic that when a communication takes place both parties pass their public keys to each other which is used to encrypt all messages. Once the party receives the messages the private key is used to decrypt them however I'm wondering how a private key is generated from a public key. If the private key is based on an algorithm wouldn't each party be able to generate what the other person's private key would be based on the public? Wouldn't a third party?

  How the public and private keys are generated depends on what public key cryptosystem is being used, but in general the private key cannot be derived from the public with a computationally feasable algorithm, while the public key can be derived from the private key very quickly. Two examples:
  RSA: private keys are 2 primes, p and q, and an encryption exponent d. Public key is the product p*q, and an encryption exponent e. How does the attacker get p and q, or d, from n and e? The best attack known against this (for properly chosen p, q, and d) is factoring. Factoring can be made infeasable by choosing the primes to be large enough.
  Diffie-Hellman: a prime modulus p and a base g < p is known by everyone (including the attacker). The private key is an integer x chosen randomly, 2 <= x < p-1 (there are better ways to choose x). The public key is g^x mod p. How does the attacker get x from g^x mod p? Again, the best known attack is one that is computationally roughly equal to factoring a composite number of about the size of p.

• Acrobat 9 Pro / Files with public+private key security

  Hi,
  I'm working at a Software Company. We want to create the Help Documents for our Software in PDF.
  We want to take care, that those PDF documents cannot be opened without our Software.
  My idea is to certificate the PDFs with a public key and the private key is hidden in our program.
  I tested a lot and read the manual, but it doesn't work.
  Thanx for some hints.
  Greetings,
  Sven
  Sorry for the lousy English, I'm from Germany.

  You might be able to write some JavaScript to solve the problem, but even in that case you need to be aware that the security of PDFs are not all that secure, particularly if one uses a 3rd party reader. Apparently several of them ignore the PDF security settings and open the PDF anyway. I do not know if that would occur if the PDF were encrypted in some way.
  So much for giving a spin on the topic. Good luck.

• Public/private key length 2048 in visual administrator

  Hello,
  I need to generate an RSA public/private keypair with visual administrator with a length of 2048. From the dropdownbox in the dialog, "Key and Certificate Generation", I can only select op to 1024.
  Who knows if this is at all possible and/or how to get it done?
  this is on a Netweaver 6.40, XI 3.0 system
  thanks very much
  Gr Wout

  Hello Wout
  I think this issue would be best placed in the Netweaver Administrator forum. You will have a better chance of getting a quality answer to your query on that forum. I will forward the thread.
  Regards
  Mark Smyth
  XI/PI Moderator

• Public & Private Keys in Keychain

  I have a few dozen of these in Keychain (Login Tab-> Keys) and many are showing that they are for iChat. Others don't seem to be for anything.
  Can I delete these? What are they for?
  TIA.

  Thanks Carolyn, I understand what keychains are and do, it is the ones that appear not at "web form passwords" or application keychains, but "public and private" keychains that have me baffled. I've made a quick screenshot which you can see here. A picture being worth a thousand lame posts on my part ☺ :
  http://www.midilifecrisis.com/keychains.tiff
  Notice the window in the background. That is in the keychain app. I'm leaning towards deleting the list of these seemingly clear "keys" but it's odd that many are listed for "iChat" as is the one I showed in the picture.

• BizTalk Server 2013 SFTP Adapter with private key - Did not poll any files

  Hello, 
  We have a requirement to connect SFTP secure site with the private key and polling files.   Initially I have
  tested BizTalk Server 2013 SFTP Adapter receiver Port using  Bitvise SSH SFTP Server tool and it was working perfectly in our local network environment( with public private key authentication).
  However when we connected to Client SFTP server with private key authentication, It successfully connected to SFTP Server but
  did not poll any files from SFTP Site.  I added only one file to SFTP Server ( 145 kb file) for testing purpose.
  However BizTalk Server 2013 SFTP Send Adapter is working well with the same configuration.
  I could not find any errors in Event viewer also.  I can download\upload file using WinSCP tool .
  So I downloaded nSoftware SFTP Adapter trial version and deployed on server. nSoftware SFTP adapter  is also working find
  without any issues for Client SFTP Site.
   This is the configuration on SFTP Receive Adapter
  This is how SFTP Server download folder permission configured. I have got this details using WinSCP tool. 
  <o:p></o:p>
  Appreciate your help on this.<o:p></o:p>
  Thanks<o:p></o:p>
  PrabathD<o:p></o:p>

  BizTalk Adapter for SFTP is where the polling logic is implemented. It is not part of the SFTP Client logic. any SFTP Client is for User Interaction and you do what you want/when you want.
  The BizTalk Receive however is for purposes of automation and the adapter polls the receive location using the credentials every polling interval to check for the files matching the filter. When it find a file, it will read and publish to message box or
  submit to pipeline for processing. Your setting the polling interval to 0 (ZERO) might actually be disabling the polling.
  Set your poll interval to a non-zero value and check the behavior.
  Regards.

• Private key and digital certificate

  I have a keystore . in ordeer to know what it contains ,i opened this keystore with this command ...keytool -list -keystore DemoIdentity.jks
  and i got,
  Keystore type: jks
  Keystore provider: SUN
  Your keystore contains 1 entry
  demoidentity, Jan 4, 2007, keyEntry, // is it called private key ?
  Certificate fingerprint (MD5): 60:42:75:33:31:AA:9A:C6:9D:1A:CD:9F:22:8D:4A:6A // is it called certificate ?
  Question :
  I still dont understand what a keystore contains. does it contains "private key" + "digital certificate" ?
  If so , what are private keys and digital certificate in the above contents ?
  Message was edited by:
  Unknown_Citizen
  Message was edited by:
  Unknown_Citizen

  The content of a 'keystore' is what you, or the person who provided it, put in it. In this case it looks like all it contains it a public key certificate with an alias of 'demoidentity' .

• Private key from RSAKeyValue

  How to generate private key from <RSAKeyValue> generated by .net. in java? I got public/private key in following format.
  <RSAKeyValue>
  <Modulus>abcdyDdNySesa8sWsd8XRG9rFf1av
  hch9BSG+sgCSYumLm5gzeTxrrpSqUf2VYfLp8USqK4uFBX312368wOEfK+C/viScPZn/hKcq
  vFpd/gKyXJ0M6Oxybn7qJNjVjGtemQDJJdvUPNyV1bcTq0Ugw9lM2cDBVzqHjxxzzACJnab=
  </Modulus>
  <Exponent>AQAB</Exponent>
  <P>/UTBBgeTREzfbV9ev1tKwGtFovxi9BiK5
  crZ3Qns3rt+lrd6Xas6tJhAvedGakGP7eeaLHdXZjeXGnqvKzRHw==</P>
  <Q>8FBLHPccdNh//dRF7Uf6weB829bz+G+NvVrKJMcOzUr9QuKcyRqfZTslKiC/aG9p1PoFxWpeyoPFwDrqFzTYhw==</Q>
  <DP>MTvTPU3fnscdFbb3MaG4gzuArbgQNFc722pkgoakfOS9RQgf/VjKXoFllz7
  05d+z6SHvSGemnEcYtNcbscPt4Q==</DP>
  <DQ>0NOVUihSbB8uqe8sVZ11BEEFfyw9eafGrc
  NVYbww2qjNh+/QetlNpfRNiVxHuIMInnBdz31tveHgV/laLqyDxQ==</DQ>
  <InverseQ>X0KxLXzW2glIhkk5lP0OnQVWfTutwo9Qg4DSk/5MtbQMMek8SHju7X9Ae2iL4DDRbWG/5mbrPdQ1yQg+GXCWbw==</InverseQ>
  <D>NCBukE3dm5+xRXEY4qWk3Xe8XFvIHT5vENOzTZE4jz0aBPxzTYLIgbkZP+lXgllc4mricqYSsD3K8vCBMQXEhqHkc6pSiYfesZG3wlujJGRyVoT1pVk5M460RwJfwPsO0TxfYCYU80CIfZNzFIEpGEp6pAUF1TQbnTre11aFjU=</D>
  </RSAKeyValue>
  I was able to generate public key as below.
  BigInteger publicExponent = new BigInteger(new sun.misc.BASE64Decoder().decodeBuffer("AQAB"));
  RSAPublicKeySpec rsaPublicKeySpec = new RSAPublicKeySpec(modulus,publicExponent);
  But privateKey need privateExponent
  RSAPrivateKeySpec rsaPrivateKeySpec = new RSAPrivateKeySpec(modulus,privateExponent);
  How to get privateExponent from <RSAKeyValue> ?
  RSAPrivateCrtKeySpec need following parameters. Can not find where it map in <RSAKeyValue>
  RSAPrivateCrtKeySpec(BigInteger modulus,
  BigInteger publicExponent,
  BigInteger privateExponent,
  BigInteger primeP,
  BigInteger primeQ,
  BigInteger primeExponentP,
  BigInteger primeExponentQ,
  BigInteger crtCoefficient)
  Thanks,
  DP

  PKCS#1 1.5 definition:
     RSAPrivateKey ::= SEQUENCE {
       version Version,
       modulus INTEGER, -- n
       publicExponent INTEGER, -- e
       privateExponent INTEGER, -- d
       prime1 INTEGER, -- p
       prime2 INTEGER, -- q
       exponent1 INTEGER, -- d mod (p-1)
       exponent2 INTEGER, -- d mod (q-1)
       coefficient INTEGER -- (inverse of q) mod p }RSAParameters as documented in .NET Framework Class Library:
  D Represents the D parameter for the RSA algorithm.
  DP Represents the DP parameter for the RSA algorithm.
  DQ Represents the DQ parameter for the RSA algorithm.
  Exponent Represents the Exponent parameter for the RSA algorithm.
  InverseQ Represents the InverseQ parameter for the RSA algorithm.
  Modulus Represents the Modulus parameter for the RSA algorithm.
  P Represents the P parameter for the RSA algorithm.
  Q Represents the Q parameter for the RSA algorithm. The KeySpec (CRT = Chinese Remainder Theorem)
  RSAPrivateCrtKeySpec(BigInteger modulus, 
  BigInteger publicExponent,
  BigInteger privateExponent,
  BigInteger primeP,
  BigInteger primeQ,
  BigInteger primeExponentP,
  BigInteger primeExponentQ,
  BigInteger crtCoefficient)So we could try some guessing:
  modulus <- Modulus
  publicExponent <- Exponent
  privateExponent <- D
  primeP <- P
  primeQ <- Q
  primeExponentP <- DP
  primeExponentQ <- DQ
  crtCoefficient <- InverseQTry it and tell me if it worked. Good luck.

• SSL & generated private key

  I generated a CSR with the certificate servlet. I modified
  config.xml in order to set the right files :
  <SSL Enabled="true" ListenPort="7002" Name="test2" ServerCertificateChainFileName="config/mydomain/cacrt.pem"
  ServerCertificateFileName="config/mydomain/servercert.pem"
  ServerKeyFileName="config/mydomain/serverkey.der"/>
  The serverkey.der is a copy of the file generated by the
  certificate servlet.
  At startup the following error occurs :
  <30 juil. 01 20:23:26 CEST> <Alert> <WebLogicServer> <Security configuration problem
  with certificate file config/mydomain/serverkey.der, java.io.EOFException>
  java.io.EOFException
  at weblogic.security.Utils.inputByte(Utils.java:133)
  at weblogic.security.ASN1.ASN1Header.inputTag ASN1Header.java:125)
  at weblogic.security.ASN1.ASN1Header.input(ASN1Header.java:119)
  at weblogic.security.RSAPrivateKey.input(RSAPrivateKey.java:119)
  at weblogic.security.RSAPrivateKey.<init>(RSAPrivateKey.java:91)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:397)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:300)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1028)
  at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:475)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:197)
  at weblogic.Server.main(Server.java:35)
  More over the conversion of the serverkey.der in serverkey.pem
  with openssl gives the following error :
  openssl rsa -in serverkey.der -outform PEM -out serverkey.pem
  read RSA key
  unable to load key
  1276:error:0906D06C:PEM routines:PEM_read_bio:no start line:./crypto/pem/pem_lib
  .c:662:Expecting: ANY PRIVATE KEY
  and reading the file by the default W2K reader gives an error too.
  Need help !

  Agree with S Guna, the ISP/Certificate Authority won't generate the private key, the request from your Lync server does.  So the private key is already sitting on your Lync 2010 Server.  Once you import the certificate generated by the certificate
  authority, the private key and certificate should be paired and can be assigned to Lync.
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications