Failure to generate key with keytool

I tried to use keytool to generate a key on Linux. It was successful on other Linux machines, but it is strange that it is failure on my production server.
# /usr/java/jdk/bin/keytool -genkey -v -alias test2 -keyalg RSA
Enter keystore password: changeit
What is your first and last name?
[Unknown]:
What is the name of your organizational unit?
[Unknown]:
What is the name of your organization?
[Unknown]:
What is the name of your City or Locality?
[Unknown]:
What is the name of your State or Province?
[Unknown]:
What is the two-letter country code for this unit?
[Unknown]:
Is CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown correct?
[no]: yes
Generating 1,024 bit RSA key pair and self-signed certificate (MD5WithRSA)
for: CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
And then the keytool keeps running but cannot generate a key.
My production server is:
- Intel Pentinum III 850 with 256MB RAM
- RedHat Linux 7.2
- Java 2 SDK build 1.4.0-beta3-b84
Remark: I tried with same version of Linux distro and Java SDK on other machine, but it was successful.

Chances are it is hung on the SecureRandom's use of the /dev/random
device. If I recall right the proper /dev/random on linux is really
/dev/urandom. So what you need to do is edit the
<java_home>/jre/lib/security/java.security file a change the property
to /dev/urandom instead of its default /dev/random value.....

Similar Messages

Problem generating Key with keytool command

Hi Everyone;
I'm having problems generating a key.
Here's my output.
C:\>keytool -genkey -alias learningIdeas -keysize 1024 -validity 365 -keyalg RSA
Enter keystore password: changeit
keytool error: java.io.IOException: Keystore was tampered with, or password was incorrect
note i already did something with the keystore such that i have generated a key and placed this in server.xml
<Connector className="org.apache.tomcat.service.PoolTcpConnector">
<Parameter name="handler" value="org.apache.tomcat.service.http.HttpConnectionHandler"/>
<Parameter name="port" value="8443"/>
<Parameter name="socketFactory" value="org.apache.tomcat.net.SSLSocketFactory" />
     <Parameter name="keystore" value="C:/stephen" />
     <Parameter name="keypass" value="changeit"/>
     <Parameter name="clientAuth" value="false"/>
</Connector>
any ideas on what I can do to generate this key?
stephen

I have almost resolved this problem. I'm at the last step and getting an error message when trying to import the certificate that I received from verisign into my keystore.
here's my error.
C:\>keytool -import -alias mycompanyname123 -keystore STEPHEN4 -file mycompanyname.cer
Enter keystore password: changeit
keytool error: java.security.cert.CertificateException: Unsupported encoding
but when I double click on this file mycompanyname.cer (which is exactly what I received from verisign, up comes the appropriate certificate
i was able to succesfully able to install it into the microsoft browser and i see it correctly represented and displayed in the certificates section for OTHER PEOPLE.
But I think i have to successfully import it into the keystore for it to work properly right when I start up the tomcaat app is that correct?
any ideas?
Stephen

Finding generated keys with batch updates

Is it possible to combine reading generated keys with batch updates?
In trying to improve performance of inserts into a database, I am using the addBatch functionality of the JDBC driver to insert several rows at once. Unfortunately some of my tables have auto numbered fields and I need to know what values they are taking so I can update my in-memory representation of the object in the database.
The getGeneratedKeys functionality works fine when I insert one row at a time, but when I try to insert a batch of rows, the method returns null.
I am using DB2 with the com.ibm.db2.jcc driver, though I have a hunch that this is a limitation of the JDBC spec. Can anyone confirm this? Does anyone have any ideas about a workaround?

What is "several"?
And have you actually measured the speed difference?
Since returning generated keys is a rather recent addition to JDBC I doubt that it exists for batch updates.

SNRO generate key with SM30

I have a Ztable where I want to use an unique index key which I have maintained by SNRO.
Is it possible to combine this with the data maintenance in SM30 so that I don't have to fill in the key myself but that it just takes the next one if I want to add a new record with SM30 ??
(ps perhaps a really stupid question but I can't figure out how I can search on SNRO AND SM30 in sdn ? so it was impossible for me to find if this question was already asked before how can you use the "and" function in sdn ? )

Hi,
Try this..
You can use the event 05 "Creating a new entry" and in the subroutine you can call NUMBER_GET_NEXT to get the next number and move it to the key field...
Check this example..
Create an entry in the view TVIMF with your table name..event 05 and subroutine GET_NUMBER_NEXT.
FORM GET_NUMBER_NEXT.
Types Declaration
TYPES: BEGIN OF ztable_wa.
          INCLUDE STRUCTURE ztable.
TYPES: update_fl TYPE char1,
          mark      TYPE char1,
         END OF ztable_wa.
Workarea Declaration
DATA: wa TYPE ztable_wa.
Assign the current workarea
    wa = <table1>.
Call the function module
   CALL FUNCTION 'NUMBER_GET_NEXT'
Assign the value.
    wa-key_field1 = 'Value got from the FM'.
ENDFORM.
Thanks,
Naren

Generating symmetric key with RSA

Hello,
I have a problem. I want to generate symmetric keys with the use of RSA. But RSA is not supported by Java 1.4.2 except for the signature class.
My question is can I generate symmetric keys using RSA and Bouncy Castle provider??? Or is there a way around ???
Thanks a lot,
Ravi

Or write your own RSA. here is some working code:
///////////////// class BigIntegerRSA /////////////////
import java.math.*;
import java.util.*;
public class BigIntegerRSA {
int bits;
BigInteger p, q, n, nPrime, e, d;
public BigIntegerRSA(int _bits, BigInteger _p, BigInteger _q) {
    bits=_bits;
    p=_p;
    q=_q;
    n = p.multiply(q);
    nPrime = p.subtract(BigInteger.ONE).multiply( q.subtract(BigInteger.ONE));
    e=BigInteger.ZERO;
    BigInteger TEN=new BigInteger(""+10);
    for( e = nPrime.divide(TEN); !BigIntegerUtil.gcd( e, nPrime ).equals(BigInteger.ONE); e=e.add(BigInteger.ONE)){
    d = BigIntegerUtil.inverse( e, nPrime );
public static BigIntegerRSA generate(int _bits) {
    BigIntegerRSA rsa= null;
    boolean verified=false;
    while(!verified){
      BigInteger p=BigInteger.probablePrime(_bits/2+1,new Random(System.currentTimeMillis()));
      BigInteger q=BigInteger.probablePrime(_bits/2+1,new Random(System.currentTimeMillis()));
      rsa= new BigIntegerRSA(_bits,p,q);
      verified= rsa.verify();
    return rsa;
public BigIntegerRSAPublicKey getPublicKey(){
    return new BigIntegerRSAPublicKey(bits,e,n);
public BigIntegerRSAPrivateKey getPrivateKey(){
    return new BigIntegerRSAPrivateKey(bits,d,n);
public boolean verify() {
    //e * d % ( nPrime ) == 1
    BigInteger multiplied=e.multiply(d).mod(nPrime);
    if(!multiplied.equals(BigInteger.ONE)){
      return false;
    //test random
    BigIntegerRSAPublicKey pub=getPublicKey();
    BigIntegerRSAPrivateKey priv=getPrivateKey();
    BigInteger message, encoded, decoded;
    //random
    message=new BigInteger(bits-2, new Random(System.currentTimeMillis()));
    encoded=pub.code(message);
    decoded=priv.decode(encoded);
    if(!message.equals(decoded)){
      System.out.println("Failed to encode and decode "+message);
      return false;
    return true;
public static void main( String [ ] args ){
    BigIntegerRSA rsa=BigIntegerRSA.generate(512);
    BigIntegerRSAPublicKey pub=rsa.getPublicKey();
    BigIntegerRSAPrivateKey priv=rsa.getPrivateKey();
    BigInteger message=new BigInteger("2938798723423429020");
    System.out.println( "message: " + message );
    BigInteger code = pub.code(message);
    BigInteger decode = priv.decode(code);
    System.out.println( "Code: " + code );
    System.out.println( "Decode: " + decode );
///////////////// class BigIntegerRSAPublicKey /////////////////
import java.math.*;
import java.util.*;
public class BigIntegerRSAPublicKey{
int bits;
BigInteger e,n;
public BigIntegerRSAPublicKey(int _bits, BigInteger _e, BigInteger _n) {
    bits=_bits;
    e=_e;
    n=_n;
public BigInteger code(BigInteger message) {
    if(message.bitLength()>bits){
      return null;//"Cannot encode anything with more bits than bits while message had message.bitLength() bits
    return message.modPow(e,n);
///////////////// class BigIntegerRSAPrivateKey /////////////////
import java.math.*;
import java.util.*;
public class BigIntegerRSAPrivateKey {
int bits;
BigInteger d, n;
public BigIntegerRSAPrivateKey(int _bits, BigInteger _d, BigInteger _n) {
    bits=_bits;
    d=_d;
    n=_n;
public BigInteger decode(BigInteger code) {
    if(code.compareTo(n)>0){
      return null;//Cannot decode anything greater than n while code was code
    return code.modPow(d,n);
///////////////// class BigIntegerUtil /////////////////
import java.math.*;
import java.util.*;
public class BigIntegerUtil {
// Internal variables for fullGcd
private static BigInteger x;
private static BigInteger y;
public static BigInteger gcd( BigInteger a, BigInteger b )
    if( b.equals(BigInteger.ZERO) )
      return a;
    else
      return gcd( b, a.mod(b) );
public static BigInteger inverse( BigInteger a, BigInteger n )
    fullGcd( a, n );
    return x.compareTo(BigInteger.ZERO)>0 ? x : x.add(n);
private static void fullGcd( BigInteger a, BigInteger b )
    BigInteger x1, y1;
    if( b.equals(BigInteger.ZERO) )
      x = BigInteger.ONE;
      y = BigInteger.ZERO;
    else
      fullGcd( b, a.mod(b) );
      x1 = x; y1 = y;
      x = y1;
      y = x1.subtract(( a.divide(b) ).multiply(y1));
}And since BigInteger has the methods .toByteArray() and new BigInteger(byte[] b) this is perfect for encrypting and decrypting anything, eg a DES key or some other symmetric encryption

Generate DES key with java card with JCRE 2.1.2

Hi everyone,
I want to generate DES key in my applet . my card supports GP 2.0.1 and JCRE 2.1.2 .
I have tested my applet with JCRE 2.2.1 and used this JCSystem class functions to generate DES key and it compiles and works correctlly .
but when I want to compile my applet with JCRE 2.1.2 I recieve an error which says that API 2.1.2 doesn't support JCSystem class .
so I'll really appreciate it if anyone could tell me how can I generate DES key with JCRE 2.1.2
and also I use JCSystem class functions to get my card's persistent and transistent memory , so with this class not working on JCRE 2.1.2 I have problem to read my free memories too .
So I'll appreciate your help on this matter too.
Best Regards,
Vivian

Hi Vivian,
I don't seem to have any problem with the code you posted. What is the error you are getting? Is it with the compiler or with the CAP file converter? If it is a compiler error, you will need to ensure that the Java Card API jar is in your build path.
Here is a simple class that works with JC 2.1.1 (which will work with JC 2.1.2 as well). I have confirmed that this applet compiles and will return encrypted data to the caller.
package test;
import javacard.framework.APDU;
import javacard.framework.Applet;
import javacard.framework.ISO7816;
import javacard.framework.ISOException;
import javacard.framework.JCSystem;
import javacard.security.DESKey;
import javacard.security.KeyBuilder;
import javacard.security.RandomData;
import javacardx.crypto.Cipher;
* Test JC2.1.1 applet for random DES key.
* @author safarmer - 1.0
* @created 24/11/2009
* @version 1.0 %PRT%
public class TestApplet extends Applet {
    private DESKey key;
    private Cipher cipher;
     * Default constructor that sets up key and cipher.
    public TestApplet() {
        RandomData rand = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
        short lenBytes = (short) (KeyBuilder.LENGTH_DES / 8);
        byte[] buffer = JCSystem.makeTransientByteArray(lenBytes, JCSystem.CLEAR_ON_DESELECT);
        key = (DESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_DES, KeyBuilder.LENGTH_DES, false);
        rand.generateData(buffer, (short) 0, lenBytes);
        key.setKey(buffer, (short) 0);
        cipher = Cipher.getInstance(Cipher.ALG_DES_CBC_ISO9797_M1, false);
    public static void install(byte[] bArray, short bOffset, byte bLength) {
        // GP-compliant JavaCard applet registration
        new TestApplet().register(bArray, (short) (bOffset + 1), bArray[bOffset]);
    public void process(APDU apdu) {
        // Good practice: Return 9000 on SELECT
        if (selectingApplet()) {
            return;
        byte[] buf = apdu.getBuffer();
        switch (buf[ISO7816.OFFSET_INS]) {
            case (byte) 0x00:
                cipher.init(key, Cipher.MODE_ENCRYPT);
                short len = cipher.doFinal(buf, ISO7816.OFFSET_CDATA, buf[ISO7816.OFFSET_LC], buf, (short) 0);
                apdu.setOutgoingAndSend((short) 0, len);
                break;
            default:
                // good practice: If you don't know the INStruction, say so:
                ISOException.throwIt(ISO7816.SW_INS_NOT_SUPPORTED);
}Cheers,
Shane

Error in generating form with 6i

I have installed designer 6i rel 2 with form developer 6i on NT
4.0.
When in design editor, I want to generate the form with generate
module, the system generate "CDR-21600: A running Generator or
Utility has failed."
Also in action column writes: " It is possible that the internal
cache is now in an inconsistent state. You are therefore
recommended to close and restart the application."
Could anyone tell me what is the problem and how to solve it.
thanks

Here is an document which describes some known causes of CDR-
21600 errors. I hope it will help you.
PURPOSE
To describe some known causes of CDI-21600 errors and to
suggest possible solutions and workarounds.
SCOPE & APPLICATION
This note was written for users of Oracle Designer releases 2.1.x
and 6.0.
CDI-21600 errors occur most frequently during Design Capture and
when generating forms with the Forms and WebServer generators.
Investigating CDI-21600 errors
In Oracle Designer Release 2.1.2 and Release 6.0, this error has
the form:
CDI-21600 'A running generator or utility has failed'
The Release 2.1.1 error message was: 'Generator or Utility throw
an Exception'
The CDI-21600 error message means that the generator is hitting
an unhandled exception, also known as a GPF (general protection
fault). The CDI-21600 error masks the underlying exception error.
To see the real error do the following:
1. Go into the Registry Editor (REGEDIT).
2. Navigate to HKEY_LOCAL_MACHINE\software\oracle\des2_70
3. Set EXCEPT_HANDLING to 0 (by default it is 1).
Repeat the action that resulted in the error.
Known Causes of CDI-21600 Errors and Possible Solutions
Some of the reasons why CDI-21600 errors occur are listed below.
1. A common cause of CDI-21600 errors is failure to install the
necessary
Developer patches.
See [NOTE:64630.1] Developer Patches required to run
Designer with Developer
2. Check that Designer is running on a supported database. Also
check that the
TNS connection is correct.
See [NOTE:60705.1] Designer Certification Matrix (HTML)
3. Check for 'dangling' foreign keys, in other words FKs no longer
owned by any
table in the repository. Delete all invalid constraints.
Invalid constraints may be created if you use the repository
dump utility to
dump and restore external foreign keys referencing tables
shared into the
application system, without dumping and restoring the tables
that own them.
If you restore a complete dump (rather than a 'skeleton' one),
and then use
the 'Reconnect Share Links' option when restoring, you may be
able to
resolve this problem.
To get a complete list of 'dangling' constraints in your
repository, connect
using SQL*Plus and use the following query:
SELECT app.name, key.name
FROM ci_application_systems app, ci_constraints key
WHERE key.table_reference IS NULL
AND key.application_system_owned_by = app.id;
You can also run CKAZANAL.ANAL_REFERENCES on your
repository and delete all
the invalid constraints that it finds. You can run the Repository
Analyzer
from: Front Panel -> Repository Administration Utility -> Utilities.
NOTE: There may be inconsistencies in the repository that the
Repository
Analyzer cannot fix. You might solve such problems by
dropping all the
tables of your application, recreate them from the ERD,
then use the
DDT and recreate your modules.
[BUG:847190] CDI-21600 during forms generation: 'dangling'
foreign key
"Since the generator is running on a repository that contains
invalid
constraints and the Repository Analyzer solves the problem,
bug closed as
unfeasible to fix."
4. Check your modules for invalid or missing references such as
missing window
placements.
5. Try generating your module against default templates and
object libraries.
6. When capturing forms or libraries, try capturing the form or
library without
application logic, then capture the application logic on its own.
See [NOTE:1064690.6] CDI-21600 when capturing design of
form with
application logic
[BUG:757541] DESCAP: CDI-21600 error reported when
capturing with
application logic
Fixed In Ver: 6.0
[BUG:926383] Duplicate of [BUG:757541] This has been fixed in
2.1.2 patch
779559. However you would be advised to apply a later patch
such as 855635
which fixes more bugs in this area.
7. Make sure that all objects that are referenced by the form have
been
captured into the repository before capturing the form.
8. A CDI-21600 will occur if a lookup usage displays only one
column of
datatype DATE or if the column of datatype DATE is displayed
as the first
item in the block.
Workaround
Add more column usages to the lookup block and do not
display the DATE data
type column usage as the first item in the block.
9. [BUG:810472] CDI-21600 when 'Argument in Caller' is set
Fixed In Ver: 6.5.3.0
Workaround
Make sure that you have an argument in the called module that
is mapped to
the "Argument Passed Value" in the calling module. The only
way to get this
mapping back once the APV has the <Module Argument> label
is to delete it
and recreate it.
10. [BUG:801736] CDI-21600 on design capture of a form with
subclassed object
Fixed In Ver: 6.0.3.1.0 (backport)
Fixed In Ver: 6.5
You have an item that has been subclassed to an object.
Checking the Design
Capture option 'Capture Control Blocks' causes the CDI-21600
error. Uncheck
'Capture Control Blocks' and the problem does not occur. Open
the FMB in
Forms*Builder and look at Data Blocks -> Items. Break the link
to the
object, save the FMB, and the form will capture (similar to
[BUG:794872]).
Alternatively, ensure the link can be established.
11. [BUG:850436] CDI-21600 on generation of a form with template
having
subclassed object group
You try to generate a form out of Designer that uses a user-
defined
template. If a collection of objects in the template is grouped
into an
object group, dragged into the object library and then either
copied or
subclassed into a form, when the form is generated you get a
CDI-21600
error.
12. [BUG:822659] Module generation fails (CDI-21600) with multi-
column PK having
long prompt text
Fixed In Ver: 6.5.3.2
Module generation with multi-column primary key having long
prompt text
causes CDI-21600 with preference MSGSFT set.
Workaround
Shorten the prompt text of PKs may not be not applicable. You
may loose end
user information.
You may have the same problem with a mandatory compound
FK. CASEOFG tries to
generate a message '<P1> must be entered', where <P1>
contains all the
prompts of the bound items from the FK. If you reduce the
length of the
prompts, or set MSGSFT = NULL or WEDI = S or property
Mandatory?=No, it
works correctly.
13. [BUG:792542] Capturing application logic causes CDI-21600
(V2 style
triggers)
Fixed In Ver: 6.5.5
After removal of the v2 triggers, the form captures/merges OK
on 5.0.24.8,
provided patch 875027 has not been applied.
14. [BUG:790877] CDI-21600 if the primary/foreign keys have no
key components
Fixed In Ver: 6.5.11
Generating a module with tables having a primary key not
correctly defined
(no PK component) will cause a CDI-21600 error. This can
occur when
unloading a module from the RON. If you pick up the module
(and only the
module) in the unload set, the table and its PK are unloaded as
a skeleton.
Loading the .DAT file into a new application will create a PK
without a
component.
15. [BUG:771549] CDI-21600 if cannot connect to the DB with
connect string in
Options (Compile)
Fixed In Ver: 6.5.13
If you cannot connect to the DB with the connect string
specified in options
(Compile), the forms generator will fail with CDI-21600.
This problem occurs when you cannot connect to the DB
because:
- the username or password is wrong;
- or the SQL*Net alias is not defined in the TNSNAMES.ORA
file;
- or the SQL*Net listener is not started;
- or the DB is down.
16. [BUG:785106] CDI-21600 when generate master detail form
with preserve layout
[BUG:855812] is a duplicate of this bug.
Fixed In Ver: 5.0.24.6.0 (Bug:860426 Backport request for 2.1.2)
Fixed In Ver: 6.0
Fixed In Ver: 6.5.3
You have a master-detail Form with the Master having items
partly on a TAB
Canvas. Generate Module works OK. You enter Forms Builder
and move some
items on the tabs (just small changes, items are still on the
same tabs).
You change the look of the Detail and change Records
Displayed. Now in
Designer you generate the Module with Preserve Layout. You
get a CDI-21600
error. The problem might reproduce without doing any changes
in Forms
Builder, just by generating with Preserve Layout.
17. [BUG:891306] If primary key column of lookup in check
constraint comment of
base table
Fixed In Ver: 6.5.5
Workaround
Do not use the name of the bound item that is based on the
primary key
column of the lookup table in a check constraint comment of
the base table.
18. [BUG:896026] Forms gen throws assertion failure in
CVINI/BUILDACTIONITEM@/CV/CVI/CVIBNI.CPP
Fixed In Ver: 6.5.7
A problem is caused by a PL/SQL definition (function, package,
procedure)
being defined as a called module for the module you are trying
to generate.
To resolve the problem and enable the module to be generated,
remove all
Called Modules that are PL/SQL definitions (functions,
procedures or
packages).
See [NOTE:2107207.6] CDI-21600 during generation of module
or Assertion
Failure \cv\cvi\cvibni.cpp
19. [BUG:812333] CDI-21600 generating a web module after
adding an unbound item
Fixed In Ver: 6.5.3.0
Backport [BUG:1280667] raised to fix by 6.0.3.9
You add an unbound item (SQL expression) to a Web module.
When you try to
generate the module you get a CDI-21600 error. If you delete the
unbound
item the Web module generates correctly.
In a test case the problem occurred during validation of the
derivation
text, if the master module component was in a different module.
A workaround
was to rearrange module components so that this was not the
case.
20. [BUG:1627963] CCVDIAG::TRACEGENERATORMESSAGE
WHEN GENERATING INCORRECT
DERIVATION EXPRESSION
Message
CDR-21605: Failed while processing Module <mod> in function
CCVDiag::TraceGeneratorMessage BOF
Cause
The generator failed due to an unexpected error - the
error indicates the object the generator was processing
when it failed.
Helena

Is there a way to make a self-signed client certificate with keytool...

Is there a way to make a self-signed client certificate with keytool
that will install successfully into the personal store in IE?

hi,
It is possible to make a self-signed client certificate with keytool and i am successfully using in my dummy application.
The first thing you need to do is create a keystore and generate the key pair. You could use a command such as the following:
keytool -genkey -dname "cn=Mark Jones, ou=JavaSoft, o=Sun, c=US"
-alias business -keypass kpi135 -keystore C:\working\mykeystore
-storepass ab987c -validity 180
(Please note: This must be typed as a single line. Multiple lines are used in the examples just for legibility purposes.)
This command creates the keystore named "mykeystore" in the "working" directory on the C drive (assuming it doesn't already exist), and assigns it the password "ab987c". It generates a public/private key pair for the entity whose "distinguished name" has a common name of "Mark Jones", organizational unit of "JavaSoft", organization of "Sun" and two-letter country code of "US". It uses the default "DSA" key generation algorithm to create the keys, both 1024 bits long.
It creates a self-signed certificate (using the default "SHA1withDSA" signature algorithm) that includes the public key and the distinguished name information. This certificate will be valid for 180 days, and is associated with the private key in a keystore entry referred to by the alias "business". The private key is assigned the password "kpi135".
Also please go through the http://java.sun.com/j2se/1.3/docs/tooldocs/win32/keytool.html
This would help u better.
bye,
Arun

Generating key pair on PKCS#11token and save it there

Hello,
again i'm completely lost in this PKCS11 jungle.
What i want to do:
Generating key pair on crypto pkcs11 token and store it there.
In the moment i've tried eg:
sun.security.pkcs11.SunPKCS11 p = new sun.security.pkcs11.SunPKCS11(configName);
Security.addProvider(p);
Builder builder = KeyStore.Builder.newInstance("PKCS11", p, new KeyStore.CallbackHandlerProtection(new UserInputDialog(new JDialog(),"test","test")));
KeyStore ks = builder.getKeyStore();
ks.load(null,null);
KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA", p);
gen.initialize(1024);
KeyPair kp = gen.generateKeyPair();
Here access to token works. The callback PIN dialog comes up and i can login.
But i'm not sure whether the key are generated on this PKCS11. And they are not stored there.
How i can generate keys are stored there.
(like with keytool -genkeys ). In keytool case a certificate is stored.
... every little hint, also to some documentation i've not seen, is very welcome ...
Thank You !
Regards
Thomas
.

First, you need to get a KeyStore representation of the PKCS#11 token with code similar to this, I'm using NSS as the PKCS#11 token in this example:
Provider nss = new sun.security.pkcs11.SunPKCS11(configFile);
Security.insertProviderAt(nss, 1); //you may not want it at highest priority
KeyStore ks = KeyStore.getInstance("PKCS11", nss);
ks.load(null, password);From the testing I've done in the past with various tokens, when you generate an asymmetric keypair (e.g. RSA like you are) specifying the PKCS11 provider, it creates it right on the token automatically and code like below is not needed.
To store the key in the keystore, use code similar to this, I'm using NSS again and storing a symmetric key:
KeyGenerator kg = KeyGenerator.getInstance("DESede",nss);
SecretKey tripleDesKey = kg.generateKey();
KeyStore.SecretKeyEntry skEntry = new KeyStore.SecretKeyEntry(tripleDesKey);
ks.setEntry(randAlias, skEntry, new KeyStore.PasswordProtection(password));

Getting generated keys inside Java

Is there any way to get generated keys in Java running on CF
server?
I have some java code accessed from CF, I get a connection to
the data source by name via
"coldfusion.server.DataSourceService.getDatasource(datasourceName).getConnection()"
call within java, which works. However if I try to do a
connection.prepareStatement(sql,
PreparedStatement.RETURN_GENERATED_KEYS) call or
preparedStatement.getGeneratedKeyts() call I get a
"java.lang.AbstractMethodError" exception like:
java.lang.AbstractMethodError:
coldfusion.server.j2ee.sql.JRunConnectionHandle.prepareStatement(Ljava/lang/String;I)Ljav a/sql/PreparedStatement;
Which seems to indicate to me that CF does not implement
getting generated keys via JDBC - is there another way or do I have
to just give up and do a "select" after "insert"?
Hope this made sense.
Thanks,
-HH
P.S. In case this is usefull, CF MX7 with MSSQL2005 , JDK
1.4

Hichhiker wrote:
> Is there any way to get generated keys in Java running
on CF server?
CF6/7 uses JDBC 2 so I don't think you can get it to work
there. In CF 8
it should work (if your database supports it).
Jochem
Jochem van Dieten
Adobe Community Expert for ColdFusion

How to generate report with dynamic variable number of columns?

How to generate report with dynamic variable number of columns?
I need to generate a report with varying column names (state names) as follows:
SELECT AK, AL, AR,... FROM States ;
I get these column names from the result of another query.
In order to clarify my question, Please consider following table:
CREATE TABLE TIME_PERIODS (
PERIOD     VARCHAR2 (50) PRIMARY KEY
CREATE TABLE STATE_INCOME (
     NAME     VARCHAR2 (2),
     PERIOD     VARCHAR2 (50)     REFERENCES TIME_PERIODS (PERIOD) ,
     INCOME     NUMBER (12, 2)
I like to generate a report as follows:
AK CA DE FL ...
PERIOD1 1222.23 2423.20 232.33 345.21
PERIOD2
PERIOD3
Total 433242.23 56744.34 8872.21 2324.23 ...
The TIME_PERIODS.Period and State.Name could change dynamically.
So I can't specify the state name in Select query like
SELECT AK, AL, AR,... FROM
What is the best way to generate this report?

SQL> -- test tables and test data:
SQL> CREATE TABLE states
2    (state VARCHAR2 (2))
3 /
Table created.
SQL> INSERT INTO states
2 VALUES ('AK')
3 /
1 row created.
SQL> INSERT INTO states
2 VALUES ('AL')
3 /
1 row created.
SQL> INSERT INTO states
2 VALUES ('AR')
3 /
1 row created.
SQL> INSERT INTO states
2 VALUES ('CA')
3 /
1 row created.
SQL> INSERT INTO states
2 VALUES ('DE')
3 /
1 row created.
SQL> INSERT INTO states
2 VALUES ('FL')
3 /
1 row created.
SQL> CREATE TABLE TIME_PERIODS
2    (PERIOD VARCHAR2 (50) PRIMARY KEY)
3 /
Table created.
SQL> INSERT INTO time_periods
2 VALUES ('PERIOD1')
3 /
1 row created.
SQL> INSERT INTO time_periods
2 VALUES ('PERIOD2')
3 /
1 row created.
SQL> INSERT INTO time_periods
2 VALUES ('PERIOD3')
3 /
1 row created.
SQL> INSERT INTO time_periods
2 VALUES ('PERIOD4')
3 /
1 row created.
SQL> CREATE TABLE STATE_INCOME
2    (NAME   VARCHAR2 (2),
3      PERIOD VARCHAR2 (50) REFERENCES TIME_PERIODS (PERIOD),
4      INCOME NUMBER (12, 2))
5 /
Table created.
SQL> INSERT INTO state_income
2 VALUES ('AK', 'PERIOD1', 1222.23)
3 /
1 row created.
SQL> INSERT INTO state_income
2 VALUES ('CA', 'PERIOD1', 2423.20)
3 /
1 row created.
SQL> INSERT INTO state_income
2 VALUES ('DE', 'PERIOD1', 232.33)
3 /
1 row created.
SQL> INSERT INTO state_income
2 VALUES ('FL', 'PERIOD1', 345.21)
3 /
1 row created.
SQL> -- the basic query:
SQL> SELECT   SUBSTR (time_periods.period, 1, 10) period,
2            SUM (DECODE (name, 'AK', income)) "AK",
3            SUM (DECODE (name, 'CA', income)) "CA",
4            SUM (DECODE (name, 'DE', income)) "DE",
5            SUM (DECODE (name, 'FL', income)) "FL"
6 FROM     state_income, time_periods
7 WHERE    time_periods.period = state_income.period (+)
8 AND      time_periods.period IN ('PERIOD1','PERIOD2','PERIOD3')
9 GROUP BY ROLLUP (time_periods.period)
10 /
PERIOD             AK         CA         DE         FL
PERIOD1       1222.23     2423.2     232.33     345.21
PERIOD2
PERIOD3
              1222.23     2423.2     232.33     345.21
SQL> -- package that dynamically executes the query
SQL> -- given variable numbers and values
SQL> -- of states and periods:
SQL> CREATE OR REPLACE PACKAGE package_name
2 AS
3    TYPE cursor_type IS REF CURSOR;
4    PROCEDURE procedure_name
5       (p_periods   IN     VARCHAR2,
6        p_states    IN     VARCHAR2,
7        cursor_name IN OUT cursor_type);
8 END package_name;
9 /
Package created.
SQL> CREATE OR REPLACE PACKAGE BODY package_name
2 AS
3    PROCEDURE procedure_name
4       (p_periods   IN     VARCHAR2,
5        p_states    IN     VARCHAR2,
6        cursor_name IN OUT cursor_type)
7    IS
8       v_periods          VARCHAR2 (1000);
9       v_sql               VARCHAR2 (4000);
10       v_states          VARCHAR2 (1000) := p_states;
11    BEGIN
12       v_periods := REPLACE (p_periods, ',', ''',''');
13       v_sql := 'SELECT SUBSTR(time_periods.period,1,10) period';
14       WHILE LENGTH (v_states) > 1
15       LOOP
16         v_sql := v_sql
17         || ',SUM(DECODE(name,'''
18         || SUBSTR (v_states,1,2) || ''',income)) "' || SUBSTR (v_states,1,2)
19         || '"';
20         v_states := LTRIM (SUBSTR (v_states, 3), ',');
21       END LOOP;
22       v_sql := v_sql
23       || 'FROM     state_income, time_periods
24           WHERE    time_periods.period = state_income.period (+)
25           AND      time_periods.period IN (''' || v_periods || ''')
26           GROUP BY ROLLUP (time_periods.period)';
27       OPEN cursor_name FOR v_sql;
28    END procedure_name;
29 END package_name;
30 /
Package body created.
SQL> -- sample executions from SQL:
SQL> VARIABLE g_ref REFCURSOR
SQL> EXEC package_name.procedure_name ('PERIOD1,PERIOD2,PERIOD3','AK,CA,DE,FL', :g_ref)
PL/SQL procedure successfully completed.
SQL> PRINT g_ref
PERIOD             AK         CA         DE         FL
PERIOD1       1222.23     2423.2     232.33     345.21
PERIOD2
PERIOD3
              1222.23     2423.2     232.33     345.21
SQL> EXEC package_name.procedure_name ('PERIOD1,PERIOD2','AK,AL,AR', :g_ref)
PL/SQL procedure successfully completed.
SQL> PRINT g_ref
PERIOD             AK         AL         AR
PERIOD1       1222.23
PERIOD2
              1222.23
SQL> -- sample execution from PL/SQL block
SQL> -- using parameters derived from processing
SQL> -- cursors containing results of other queries:
SQL> DECLARE
2    CURSOR c_period
3    IS
4    SELECT period
5    FROM   time_periods;
6    v_periods   VARCHAR2 (1000);
7    v_delimiter VARCHAR2 (1) := NULL;
8    CURSOR c_states
9    IS
10    SELECT state
11    FROM   states;
12    v_states    VARCHAR2 (1000);
13 BEGIN
14    FOR r_period IN c_period
15    LOOP
16       v_periods := v_periods || v_delimiter || r_period.period;
17       v_delimiter := ',';
18    END LOOP;
19    v_delimiter := NULL;
20    FOR r_states IN c_states
21    LOOP
22       v_states := v_states || v_delimiter || r_states.state;
23       v_delimiter := ',';
24    END LOOP;
25    package_name.procedure_name (v_periods, v_states, :g_ref);
26 END;
27 /
PL/SQL procedure successfully completed.
SQL> PRINT g_ref
PERIOD             AK         AL         AR         CA         DE         FL
PERIOD1       1222.23                           2423.2     232.33     345.21
PERIOD2
PERIOD3
PERIOD4
              1222.23                           2423.2     232.33     345.21

Setting "Friendly name" with keytool

Hi. I run Java 1.4.1 and Tomcat 4.1. Using keytool, I would like to generate a keystore which generates certificates that have a friendly name that I specify. For example, in Internet Explorer, after installing a certificate as a Trusted Root Authority, I would like to go to Tools->Contents tab->Certificates->Trusted Root Certification Authorities tab, and see under the "Friendly name" column the friendly name that I chose for a certificate. I don't see a -genkey option to specify a friendly name in the keytool help. If there's no way to directly change the certificate's friendly name with keytool, I can change the certificate's friendly name in IE. How may I then import the modified certificate into the keystore and have the webserver reference the keystore to return the modified certificate?
Thank you.
Raj

Friendly Name is an attribute of the certificate defined in PKCS#9:
5.5.1 Friendly name
The friendlyName attribute type specifies a user-friendly name of the
object it belongs to. It is referenced in [17].
friendlyName ATTRIBUTE ::= {
WITH SYNTAX BMPString (SIZE(1..pkcs-9-ub-friendlyName))
EQUALITY MATCHING RULE caseIgnoreMatch
SINGLE VALUE TRUE
ID pkcs-9-at-friendlyName
where
pkcs-9 OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840)
rsadsi(113549) pkcs(1) 9}
pkcs-9-at-friendlyName OBJECT IDENTIFIER ::= {pkcs-9 20}
See RFC2985.
If you add/change an attribute to an existing certificate its thumbprint (SHA-1 hash) will be changed.
Apparently keytool can't change such attribute, but see its source at the SCSL J2SDK Source code.

Keychain not generating keys for email certificates

In trying to set up email signing for two different machines I ran into a problem when adding email authentication certificates from Comodo. After downloading the .p7s files each of the users double clicked the files, adding them to their key chains. However, when they opened Mail there were no options for adding the lock(encrypt) and star(digitally sign) icons to their 'compose new message' windows.
After a lot of screwing around, I discovered that the new certificates had been added, but just as regular certificates and never made it to the 'My certificates' section. After some more comparisons I discovered that the private keys had not been generated automatically when the keys were added. The solution was to send the origional files to a machine that was generating keys, add them to that machine's keychain and then export the certificates (this time with a .p12 extention) and re-import the keys back to the owners machines.
That's a pain. Anyone seen this before? Have a better fix?
Configs as follows
Working configuration (generates keys)
iMac 27" 3.4ghz Intel core i7
Mac os 10.7.2
keychain 5.0
Broken configurations (not generating keys)
Mac Mini 2.66 intell core duo
Mac os 10.7.2
keychain 5.0

Hi Jack,
Open Keychain Access in Utilities, use Keychain First Aid under the Keychain Menu item, then either check the Password under that item, change it, or delete it and start over.
Resetting your keychain in Mac OS X...
If Keychain First Aid finds an issue that it cannot repair, or if you do not know your keychain password, you may need to reset your keychain.
http://support.apple.com/kb/TS1544

Error? on Example 16-7 XMLFOREST: Generating Elements with Attribute and Ch

Error in example on page http://download-east.oracle.com/docs/cd/B19306_01/appdev.102/b14259/xdb13gen.htm#i1028612
Example 16-7 XMLFOREST: Generating Elements with Attribute and Child Elements
Example appears as
SELECT XMLElement("Emp",
                  XMLAttributes(e.first_name ||' '|| e.last_name AS "name"),
                  XMLForest(e.hire_date, e.department AS "department"))
AS "RESULT"
FROM employees e WHERE e.department_id = 20;
1. employees table not qualified as hr.employees
2. e.department as "department" should be e.department_id as "department"
corrected would be
SELECT XMLElement("Emp",
                  XMLAttributes(e.first_name ||' '|| e.last_name AS "name"),
                  XMLForest(e.hire_date, e.department_id AS "department"))
AS "RESULT"
FROM hr.employees e WHERE e.department_id = 20;albert

It was subreport-related, though I still do not know the exact root cause.
I was having trouble with both the built-in export as well as a custom process.
Removing the subreports as suggested, I isolated the failure to one of the three subs and rebuilt this subreport from scratch (it was only three fields) and now the report has no trouble with the pdf export. I am not sure if it had a resolvable technical issue or if it was just corrupted, as it is now working, I am not going to expend much energy on finding out.
Thanks for the suggestion.

Support for Generated Keys in oracke jdbc drivers?

Hi All,
Anyone know when the Oracle Thin JDBC drivers are going to support generated keys?
Regards,
Lee

Sure Justin,
I should have made myself more clear. Sorry about that.
I have a sequence for generating primary keys in a particular table, and a trigger to replace a null in my insert query with the nextval. That all works fine. I would like to use the DB-neutral means of getting a generated primary key...
prepStmt = connection.prepareStatement(insertSQL, Statement.RETURN_GENERATED_KEYS);
prepStmt.executeUpdate();
... and later ...
ResultSet generatedKeyRS = prepStmt.getGeneratedKeys();
... etc.
I am aware that I can get this information several other Oracle9i-specific ways, including using the sequence's .currval and creating a callable statement that returns the primary key column. However I would still like to use the nice, neat, vendor-neutral JDBCv3 way. Call me pedantic.
Regards,
Lee

Failure to generate key with keytool

Similar Messages

Maybe you are looking for