Encrypt text without full blown public/private keys or certificates?
hello,
i would like to encrypt small texts (up to about 1000 characters) to save them in a file and later load them and decrypt the text. what solutions in Java are available without setting up a full blown key store with public and private keys and/or certificates. i think about a small method/class that en- and decrypts arbitrary text.
any suggestions?
thanks in advance!
okay, i found my solution:
Blowfish (http://www.counterpane.com/blowfish.html) :
BlowfishEasy be = new
e = new BlowfishEasy("somekey");
String crypted = be.encryptString(plaintext);
Now, this I call easy and quite secure!
:-)hey can u please tell me where u got the code from on
blowfish website above
I go there and click and the "Free source code" link.
I then try and download the java implementation (which
are packed as zip files), When I unzip them though
the file just has up to the class declaration?????
eg. public class BlowFish ... {
and nothing else????
Can u tell me what u did please
Similar Messages
-
Generate public private keys inside smart card
Dear all,
I am using this code to generate public and private key inside the smart card.
KeyPair kp = new KeyPair(KeyPair.ALG_RSA_CRT, KeyBuilder.LENGTH_RSA_512);
kp.genKeyPair();
PrivateKey prikey = kp.getPrivate();
PublicKey pubkey = kp.getPublic();
This code is executing without errors.
I need to get out the public key from the smart card. So I need to get public key to a byte array.
But I can't get those keys to plain text byte array.
The methods that I can get for pubkey object are
pubkey.clearKey();
pubkey.equals(obj);
pubkey.getSize();
pubkey.getType();
pubkey.isInitialized(); only these.
I am using
Eclipse Version: 3.4.1 (Compiler complience level = 1.4)
Jcop plugin (to communicate with the actual card and to test the java code in virtual card provided by JCOP)
OmniKey5321 card reader (In contactless type)
What is the reason to get only those above methods to pubkey object? Is it a version problem?
How can I get the public key to plain byte array? Is it possible?
If it is not possible Is there a way to get public key as a export certificate or something other solution?
If my scenario is not a possible strategy, How can I use public private keys to send specific data to applet? Is there a better way to do this?
Edited by: 863766 on Jun 6, 2011 12:16 AMThank you very much!
I used this code
RandomData rand = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
short lenBytes = (short) (KeyBuilder.LENGTH_DES/8);
byte[] buffer = JCSystem.makeTransientByteArray(lenBytes,JCSystem.CLEAR_ON_DESELECT);
DESKey key = (DESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_DES , KeyBuilder.LENGTH_DES,false);
rand.generateData(buffer, (short) 0 ,lenBytes);
key.setKey(buffer, (short) 0 ) ;
byte keyData[]= new byte[256];
key.getKey(keyData, (short) 0);
Now I know how to initialize the key...
Thank you again.
Regards,
Dushantha
Edited by: 863766 on Jun 6, 2011 3:52 AM -
Is a Public/Private Key Pair possible in SAP?
I have a web service that I would like to run as part of a nightly script. I currently use username/password authentication, but it is not acceptable to have them hard coded, due to Sarbanes-Oxley rules. SAP's site claims to support authentication with x.509 certificates, but is unclear on the implementation details. How could I go about setting up and using a public/private key pair in SAP?
Not really a portal question, and maybe you'll get a better result in a security forum...
However, briefly, yes, the AS Java supports X509 certificates as an authentication mechansm. You need to use Visual Admin to generate a server side certificate, then you need the client side to register its own X509 certificate and then in the Java user admin you need to associate the client certificate with a known user. Now when the client executes the web service call it can pass the certificate and the AS Java will back translate the certificate to a real username. -
How to create a private/public keys?
FredHi Fred,
Following are the steps required are to create a Public/Private Keys:
1. Load the security provider (if not configured in $JAVAHOME/jre/lib/security/java.security)
2. Obtain a handle to a secure random number generator.
3. Obtain a handle to KeyPairGenerator for a specific public key algorithm.
4. Generate the public/private key pair
5. Extract the public and private keys
The following example shows how to generate public and private keys using the KeyPairGenerator and KeyPair interfaces using JCSI's security provider.
import java.security.*;
// Load JCSI's JCA security provider
Security.addProvider(new com.dstc.security.provider.DSTC());
// Seed random number generator using the default seeding
// "SHA1PRNG" = SHA1 Pseudo-random number generator
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
// Initialise KeyPairGenerator to create 1024-bit RSA keys.
// PK Algorithm = "RSA", Security Provider = "DSTC" (Wedgetail)
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "DSTC");
keyGen.initialize(1024, random);
// Generate RSA pulic/private key pair
KeyPair keyPair = keyGen.genKeyPair();
// Extract public and private keys
PrivateKey privKey = keyPair.getPrivate();
PublicKey pubKey = keyPair.getPublic();
Hope this will help you.
Regards,
Anil.
Techncial Support Engineer. -
Deleted the public/private keys installed by iPCU & untrusted the certs
Hi;
it's early in the morning and i couldn't quite figure what was going on
when:
- new public and private keys "appeared" in keychain
- a certificate was installed almost as soon as a plugged
an iphone in while running iPhone Config Util (iPCU i now
realize)
From the console:
Tue Jun 30 02:39:45 unknown mcmobiletunnel[363] <Warning>: added object <NSCFType: 0x1073d0> to keychain as iPCUHost-D3FA2B23-E0D0-4C42-A48B-DFXXXXXXXX-HostCert success 1 error 0
What it looks like is on connecting the iPhone "phoned home" and snagged a certificate and public and private keys to install on my MacBook Pro.
I deleted these not realizing who iPCUHost was (an earlier cert was marked as untrusted on a pass trhough my certs earlier).
OK: so *how* do i recreate the public/private keys? the Certificates in Keychain?
Tried: downloading and re-installing iPCU
Tried: Time Machine to earlier version if iPCU & using Software update to Update.
This is where things look unhappy in the iPCU console:
Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Warning>: received request 4: (\n RequestType\n), keys {\n RequestType = GetProfileList;\n}
Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Warning>: processing request 4: ((\n RequestType\n))
Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Warning>: sending reply {\n OrderedIdentifiers = (\n );\n ProfileManifest = {\n };\n ProfileMetadata = {\n };\n Status = Acknowledged;\n}
Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Error>: receive_message: Could not receive size of message: 0 Operation not permitted
Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Warning>: received request 4: (null), keys (null)
Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Error>: main: Could not receive request from host.
Tue Jun 30 03:48:21 unknown /usr/libexec/notification_proxy[426] <Error>: Could not receive size of message
Tue Jun 30 03:48:21 unknown /usr/libexec/notification_proxy[426] <Error>: Could not receive message
Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Warning>: received request 4: (\n RequestType\n), keys {\n RequestType = GetProfileList;\n}
Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Warning>: processing request 4: ((\n RequestType\n))
Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Warning>: sending reply {\n OrderedIdentifiers = (\n );\n ProfileManifest = {\n };\n ProfileMetadata = {\n };\n Status = Acknowledged;\n}
Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Error>: receive_message: Could not receive size of message: 0 Operation not permitted
Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Warning>: received request 4: (null), keys (null)
Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Error>: main: Could not receive request from host.
Thx
JimI'm in the same situation here. While trying out the iPCU, I noticed my test devices were showing up with a certificate of "iPCUHost...". I was hoping to replace this default cert with one from our own CA, and in the process of messing around I tried deleting all of those certs from my Keychain. They deleted just fine, and after a sync the cert also disappeared from the connected iPhone. Unfortunately, there is no obvious way to replace that cert and as of now, I cannot install any profile to the device that has had the cert removed. If I select the device and click "Install" on a profile, nothing happens... no errors, no console messages, it just does nothing.
I'm not quite sure how to replace the missing cert, and in particular how to replace it with one of our own rather than the default. Surely we don't have to actually develop a web service just to install certs... (see page 21 of the Enterprise Deployment Guide)
-mike -
'Error while signing data-Private key or certificate of signer not availabl
Hello All,
In my message mapping I need to call a web service to which I need to send a field value consist of SIGNED DATA.
I am using SAP SSF API to read the certificate stored in NWA and Signing the Data as explained in
http://help.sap.com/saphelp_nw04/helpdata/en/a4/d0201854fb6a4cb9545892b49d4851/frameset.htm,
when I have tested using Test tab of message mapping it is working fine and I am able to access the certificate Keystore of NWA(we have created a keystore view and keystore entry to store the certificate) and generate the signed data ,but when I test end to end scenario from ECC system,it is getting failed in mapping with the error
' Error while signing data - Private key or certificate of signer not availableu2019.
Appreciate your expert help to resolve this issue urgently please.
Regards,
ShivkumarHi Shivkuar,
Could you please let me know how you were trying to achieve the XML signature.
We have a requirement where we have to sign the XML document and need to generate the target document as following structure.
<Signature>
<SignedInfo>
<CanonicalizationMethod />
<SignatureMethod />
<Reference>
<Transforms>
<DigestMethod>
<DigestValue>
</Reference>
<Reference /> etc.
</SignedInfo>
<SignatureValue />
<KeyInfo />
<Object>ACTUAL PAYLOAD</Object>
</Signature>
I am analyzing the possibility of using the approach that is given in the help sap link that you have posted above. Any inputs will be apprecited.
Thanks and Regards,
Sami. -
Error while signing data-Private key or certificate of signer not available
Hello All,
I am new to PI. I am currently stuck with an issue. The scenario is as explained below.
We need to check for the service availability before processing the data. So, we test for the RFC connection first from the ECC system. During this process, we access the digital certificate stored in the PI system so that it can be validated and allowed to consume this intended service.
Error :
When we trigger the RFC test from the ECC system, we get an error stating ' Error while signing data - Private key or certificate of signer not available '. But when we test the same functionality within PI system(Locally), we does not encounter any such error. The certificate is maintained and it appears fine.
The communication channels are stored with logon credentials.
Can anyone please help me with this error or provide your valuable inputs. Thanks in advance.
Regards,
ShivkumarHello,
When we trigger the RFC test from the ECC system, we get an error stating ' Error while signing data - Private key or certificate of signer not available '.
This should be normal behavior since the certificates are not installed in ECC SSL folders of Strust. Why not just install the certificates in the ECC system, perform an ICM restart and do a retest? After all, the certificates would both be the same in PI and ECC.
Hope this helps,
Mark -
How does a public/private key encrypt and decrypt each other?
I understand the logic that when a communication takes place both parties pass their public keys to each other which is used to encrypt all messages. Once the party receives the messages the private key is used to decrypt them however I'm wondering how a private key is generated from a public key. If the private key is based on an algorithm wouldn't each party be able to generate what the other person's private key would be based on the public? Wouldn't a third party?
How the public and private keys are generated depends on what public key cryptosystem is being used, but in general the private key cannot be derived from the public with a computationally feasable algorithm, while the public key can be derived from the private key very quickly. Two examples:
RSA: private keys are 2 primes, p and q, and an encryption exponent d. Public key is the product p*q, and an encryption exponent e. How does the attacker get p and q, or d, from n and e? The best attack known against this (for properly chosen p, q, and d) is factoring. Factoring can be made infeasable by choosing the primes to be large enough.
Diffie-Hellman: a prime modulus p and a base g < p is known by everyone (including the attacker). The private key is an integer x chosen randomly, 2 <= x < p-1 (there are better ways to choose x). The public key is g^x mod p. How does the attacker get x from g^x mod p? Again, the best known attack is one that is computationally roughly equal to factoring a composite number of about the size of p. -
Acrobat 9 Pro / Files with public+private key security
Hi,
I'm working at a Software Company. We want to create the Help Documents for our Software in PDF.
We want to take care, that those PDF documents cannot be opened without our Software.
My idea is to certificate the PDFs with a public key and the private key is hidden in our program.
I tested a lot and read the manual, but it doesn't work.
Thanx for some hints.
Greetings,
Sven
Sorry for the lousy English, I'm from Germany.You might be able to write some JavaScript to solve the problem, but even in that case you need to be aware that the security of PDFs are not all that secure, particularly if one uses a 3rd party reader. Apparently several of them ignore the PDF security settings and open the PDF anyway. I do not know if that would occur if the PDF were encrypted in some way.
So much for giving a spin on the topic. Good luck. -
Public/private key length 2048 in visual administrator
Hello,
I need to generate an RSA public/private keypair with visual administrator with a length of 2048. From the dropdownbox in the dialog, "Key and Certificate Generation", I can only select op to 1024.
Who knows if this is at all possible and/or how to get it done?
this is on a Netweaver 6.40, XI 3.0 system
thanks very much
Gr WoutHello Wout
I think this issue would be best placed in the Netweaver Administrator forum. You will have a better chance of getting a quality answer to your query on that forum. I will forward the thread.
Regards
Mark Smyth
XI/PI Moderator -
Public & Private Keys in Keychain
I have a few dozen of these in Keychain (Login Tab-> Keys) and many are showing that they are for iChat. Others don't seem to be for anything.
Can I delete these? What are they for?
TIA.Thanks Carolyn, I understand what keychains are and do, it is the ones that appear not at "web form passwords" or application keychains, but "public and private" keychains that have me baffled. I've made a quick screenshot which you can see here. A picture being worth a thousand lame posts on my part ☺ :
http://www.midilifecrisis.com/keychains.tiff
Notice the window in the background. That is in the keychain app. I'm leaning towards deleting the list of these seemingly clear "keys" but it's odd that many are listed for "iChat" as is the one I showed in the picture. -
BizTalk Server 2013 SFTP Adapter with private key - Did not poll any files
Hello,
We have a requirement to connect SFTP secure site with the private key and polling files. Initially I have
tested BizTalk Server 2013 SFTP Adapter receiver Port using Bitvise SSH SFTP Server tool and it was working perfectly in our local network environment( with public private key authentication).
However when we connected to Client SFTP server with private key authentication, It successfully connected to SFTP Server but
did not poll any files from SFTP Site. I added only one file to SFTP Server ( 145 kb file) for testing purpose.
However BizTalk Server 2013 SFTP Send Adapter is working well with the same configuration.
I could not find any errors in Event viewer also. I can download\upload file using WinSCP tool .
So I downloaded nSoftware SFTP Adapter trial version and deployed on server. nSoftware SFTP adapter is also working find
without any issues for Client SFTP Site.
This is the configuration on SFTP Receive Adapter
This is how SFTP Server download folder permission configured. I have got this details using WinSCP tool.
<o:p></o:p>
Appreciate your help on this.<o:p></o:p>
Thanks<o:p></o:p>
PrabathD<o:p></o:p>BizTalk Adapter for SFTP is where the polling logic is implemented. It is not part of the SFTP Client logic. any SFTP Client is for User Interaction and you do what you want/when you want.
The BizTalk Receive however is for purposes of automation and the adapter polls the receive location using the credentials every polling interval to check for the files matching the filter. When it find a file, it will read and publish to message box or
submit to pipeline for processing. Your setting the polling interval to 0 (ZERO) might actually be disabling the polling.
Set your poll interval to a non-zero value and check the behavior.
Regards. -
Private key and digital certificate
I have a keystore . in ordeer to know what it contains ,i opened this keystore with this command ...keytool -list -keystore DemoIdentity.jks
and i got,
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
demoidentity, Jan 4, 2007, keyEntry, // is it called private key ?
Certificate fingerprint (MD5): 60:42:75:33:31:AA:9A:C6:9D:1A:CD:9F:22:8D:4A:6A // is it called certificate ?
Question :
I still dont understand what a keystore contains. does it contains "private key" + "digital certificate" ?
If so , what are private keys and digital certificate in the above contents ?
Message was edited by:
Unknown_Citizen
Message was edited by:
Unknown_CitizenThe content of a 'keystore' is what you, or the person who provided it, put in it. In this case it looks like all it contains it a public key certificate with an alias of 'demoidentity' .
-
How to generate private key from <RSAKeyValue> generated by .net. in java? I got public/private key in following format.
<RSAKeyValue>
<Modulus>abcdyDdNySesa8sWsd8XRG9rFf1av
hch9BSG+sgCSYumLm5gzeTxrrpSqUf2VYfLp8USqK4uFBX312368wOEfK+C/viScPZn/hKcq
vFpd/gKyXJ0M6Oxybn7qJNjVjGtemQDJJdvUPNyV1bcTq0Ugw9lM2cDBVzqHjxxzzACJnab=
</Modulus>
<Exponent>AQAB</Exponent>
<P>/UTBBgeTREzfbV9ev1tKwGtFovxi9BiK5
crZ3Qns3rt+lrd6Xas6tJhAvedGakGP7eeaLHdXZjeXGnqvKzRHw==</P>
<Q>8FBLHPccdNh//dRF7Uf6weB829bz+G+NvVrKJMcOzUr9QuKcyRqfZTslKiC/aG9p1PoFxWpeyoPFwDrqFzTYhw==</Q>
<DP>MTvTPU3fnscdFbb3MaG4gzuArbgQNFc722pkgoakfOS9RQgf/VjKXoFllz7
05d+z6SHvSGemnEcYtNcbscPt4Q==</DP>
<DQ>0NOVUihSbB8uqe8sVZ11BEEFfyw9eafGrc
NVYbww2qjNh+/QetlNpfRNiVxHuIMInnBdz31tveHgV/laLqyDxQ==</DQ>
<InverseQ>X0KxLXzW2glIhkk5lP0OnQVWfTutwo9Qg4DSk/5MtbQMMek8SHju7X9Ae2iL4DDRbWG/5mbrPdQ1yQg+GXCWbw==</InverseQ>
<D>NCBukE3dm5+xRXEY4qWk3Xe8XFvIHT5vENOzTZE4jz0aBPxzTYLIgbkZP+lXgllc4mricqYSsD3K8vCBMQXEhqHkc6pSiYfesZG3wlujJGRyVoT1pVk5M460RwJfwPsO0TxfYCYU80CIfZNzFIEpGEp6pAUF1TQbnTre11aFjU=</D>
</RSAKeyValue>
I was able to generate public key as below.
BigInteger publicExponent = new BigInteger(new sun.misc.BASE64Decoder().decodeBuffer("AQAB"));
RSAPublicKeySpec rsaPublicKeySpec = new RSAPublicKeySpec(modulus,publicExponent);
But privateKey need privateExponent
RSAPrivateKeySpec rsaPrivateKeySpec = new RSAPrivateKeySpec(modulus,privateExponent);
How to get privateExponent from <RSAKeyValue> ?
RSAPrivateCrtKeySpec need following parameters. Can not find where it map in <RSAKeyValue>
RSAPrivateCrtKeySpec(BigInteger modulus,
BigInteger publicExponent,
BigInteger privateExponent,
BigInteger primeP,
BigInteger primeQ,
BigInteger primeExponentP,
BigInteger primeExponentQ,
BigInteger crtCoefficient)
Thanks,
DPPKCS#1 1.5 definition:
RSAPrivateKey ::= SEQUENCE {
version Version,
modulus INTEGER, -- n
publicExponent INTEGER, -- e
privateExponent INTEGER, -- d
prime1 INTEGER, -- p
prime2 INTEGER, -- q
exponent1 INTEGER, -- d mod (p-1)
exponent2 INTEGER, -- d mod (q-1)
coefficient INTEGER -- (inverse of q) mod p }RSAParameters as documented in .NET Framework Class Library:
D Represents the D parameter for the RSA algorithm.
DP Represents the DP parameter for the RSA algorithm.
DQ Represents the DQ parameter for the RSA algorithm.
Exponent Represents the Exponent parameter for the RSA algorithm.
InverseQ Represents the InverseQ parameter for the RSA algorithm.
Modulus Represents the Modulus parameter for the RSA algorithm.
P Represents the P parameter for the RSA algorithm.
Q Represents the Q parameter for the RSA algorithm. The KeySpec (CRT = Chinese Remainder Theorem)
RSAPrivateCrtKeySpec(BigInteger modulus,
BigInteger publicExponent,
BigInteger privateExponent,
BigInteger primeP,
BigInteger primeQ,
BigInteger primeExponentP,
BigInteger primeExponentQ,
BigInteger crtCoefficient)So we could try some guessing:
modulus <- Modulus
publicExponent <- Exponent
privateExponent <- D
primeP <- P
primeQ <- Q
primeExponentP <- DP
primeExponentQ <- DQ
crtCoefficient <- InverseQTry it and tell me if it worked. Good luck. -
I generated a CSR with the certificate servlet. I modified
config.xml in order to set the right files :
<SSL Enabled="true" ListenPort="7002" Name="test2" ServerCertificateChainFileName="config/mydomain/cacrt.pem"
ServerCertificateFileName="config/mydomain/servercert.pem"
ServerKeyFileName="config/mydomain/serverkey.der"/>
The serverkey.der is a copy of the file generated by the
certificate servlet.
At startup the following error occurs :
<30 juil. 01 20:23:26 CEST> <Alert> <WebLogicServer> <Security configuration problem
with certificate file config/mydomain/serverkey.der, java.io.EOFException>
java.io.EOFException
at weblogic.security.Utils.inputByte(Utils.java:133)
at weblogic.security.ASN1.ASN1Header.inputTag ASN1Header.java:125)
at weblogic.security.ASN1.ASN1Header.input(ASN1Header.java:119)
at weblogic.security.RSAPrivateKey.input(RSAPrivateKey.java:119)
at weblogic.security.RSAPrivateKey.<init>(RSAPrivateKey.java:91)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:397)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:300)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1028)
at weblogic.t3.srvr.T3Srvr.initialize(T3Srvr.java:475)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:197)
at weblogic.Server.main(Server.java:35)
More over the conversion of the serverkey.der in serverkey.pem
with openssl gives the following error :
openssl rsa -in serverkey.der -outform PEM -out serverkey.pem
read RSA key
unable to load key
1276:error:0906D06C:PEM routines:PEM_read_bio:no start line:./crypto/pem/pem_lib
.c:662:Expecting: ANY PRIVATE KEY
and reading the file by the default W2K reader gives an error too.
Need help !Agree with S Guna, the ISP/Certificate Authority won't generate the private key, the request from your Lync server does. So the private key is already sitting on your Lync 2010 Server. Once you import the certificate generated by the certificate
authority, the private key and certificate should be paired and can be assigned to Lync.
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications
Maybe you are looking for
-
ITunes will not open in Windows XP Media Center
I have had my computer (Compaq SR1850NX) for over 6 months and ran iTunes flawlessly on it since then. I recently restored and formatted my computer and now when I attempt to use iTunes it will not work. The install process works fine with no errors,
-
How do i sync my phone to a new itunes without loosing everything?
I had to have my laptop restored as it was broken which meant everything was wiped so i had to reinstall itunes. When i plugged my phone in expecting it to be fine it wouldnt sync with my laptop without wiping the contents and replacing it with the c
-
Hi I want a report of only wire payments for the month.Is any std report there ? or can any body give me idea how to make a report of just wire payments for vendor ? Thanks in advance Satya
-
AsyncOS 7.1.1 for Email is GA
Hi, Cisco is pleased to announce the General Availability (GA) of a new major release of AsyncOS 7.1.1-012 for Email to all customers. This release applies to all our Email Security Appliances (C and X-Series). Please be advised that a new maintenanc
-
I have veritas volume manager in a couple of systems. Zfs is it similar ? I read the documentation, and, the pool disk creation, file systems depend of the pool of disk. Its like veritas. What is the big difference ?