How Sign Message with Certificate (public key)?
Hi, I need to to send Sign xml message by Certificate file (public key) and read sign message
so how can i do it ??
and i should have 2 public key ?? or what ??
please help :)
Thanks
ejp has answered your question, but it seems you did not understand. This forum is not a good place to learn about public key cryptography and message encryption. You should already understand these fundamentals before asking questions here. This forum is about how to implement these crypto operations in the Java programming language. If you are cheap or poor, you can try googling for the more information; wikipedia is good starting point also. If you can afford it, I recommend you buy Practical Cryptography_ by Schneier.
Similar Messages
-
Signing message with certificate: JCE, IAIK or similar in IBM SDK 5.0
So, I'm in a very difficult problem.
Using Java:
I've an enterprise certificate (in .p12 format) altogether with its public key ("password" string). Also I've a text message which I've to sign in PKCS7 format. I've been reading a lot and I've realized that there's no STANDARD implementation to do what I want to do. There is the JCE/JCA API and the Certification API, but they are just API's, no implementation. Here are the facts:
-I've to run the application in the IBM JDK 5.0 (AS400 system).
-My application actually works in the SUN JDK 6.0 using the IAIK security provider, but not using JCE, its a very ugly code which I dont know really what it does, but it works. When I put it on the IBM JDK 5.0 it fails (java nullpointer blah blah).
-IAIK Documentation says that it works on JDK 5.0. Yeah, it works, but in SUN implementation, not in IBM's.
Today I don't know what the heck to do, really. What do you think it's the best solution?
-Trying to make the IAIK code work in IBM SDK 5.0 by test-and-error method.
-Trying to sign the message using JCE and the IBM JCE provider (this is what I'm actually trying to do). It would be very nice if somebody provides something to read about (I've read lot of IBM/SUN documentation and I couldnt find anything useful for now.
-Trying to put the SUN JDK 6.0 in the AS400. This would be the easy solution but my bosses said that this is impossible and very dangerous, and additionally this wouldn't work.
-Also I've another code which uses the BouncyCastle provider but this doesn't work. Would this be better to learn how to use? I prefer using standards, though.
In conclusion:
I've 4 security providers: IBM, SUN, IAIK and BouncyCastle (just IAIK works, and I need IBM), and
I've 4 SDK's: IBM 5.0, IBM 6.0, SUN 5.0 and SUN 6.0 (just SUN/IBM 6.0 works, and I need IBM 5.0).
I would like any documentation useful to read. I would provide any information which could be important to answer my question.But I hope this could fix it :(
My last code:
public static String firmar(String contenido, String certificado, String password)
throws Exception {
System.out.println(new Date() + ":: Signing using IAIK provider.");
boolean dettached = true;
boolean attributes = true;
boolean CRLF = true;
IAIK iaik = new IAIK();
Security.addProvider(iaik);
byte aByteInfoToSign[] = contenido.getBytes("UTF8");
if(aByteInfoToSign == null)
throw new IOException("Empty message.");
byte digest[] = SHA1(aByteInfoToSign);
String digestHEX = toHexString(digest);
KeyStore keystore = KeyStore.getInstance("PKCS12");
FileInputStream fileinputstream = new FileInputStream(certificado);
keystore.load(fileinputstream, password.toCharArray());
String alias = null;
Enumeration enumeration = keystore.aliases();
if(enumeration.hasMoreElements())
alias = enumeration.nextElement().toString();
else
throw new KeyStoreException("Firmador IAIK: Empty Keystore.");
Certificate certificate = keystore.getCertificate(alias);
PrivateKey privatekey = (PrivateKey)keystore.getKey(alias, password.toCharArray());
* Declared absolutely to avoid incompatibilities betwenn IAIK and Sun classes.
iaik.x509.X509Certificate ax509certificate[] = new iaik.x509.X509Certificate[1];
ax509certificate[0] = new iaik.x509.X509Certificate(certificate.getEncoded());
IssuerAndSerialNumber issuerandserialnumber = new IssuerAndSerialNumber(ax509certificate[0]);
SignerInfo asignerinfo[] = new SignerInfo[1];
asignerinfo[0] = new SignerInfo(issuerandserialnumber, AlgorithmID.sha1, AlgorithmID.rsaEncryption, privatekey);
Attribute aattribute[] = new Attribute[4];
aattribute[0] = new Attribute(ObjectID.contentType, new ASN1Object[] {
ObjectID.pkcs7_data
aattribute[1] = new Attribute(ObjectID.signingTime, new ASN1Object[] {
(new ChoiceOfTime()).toASN1Object()
ObjectID oid = new ObjectID("1.2.840.113549.3.2");
SEQUENCE seqRC2 = new SEQUENCE();
seqRC2.addComponent(oid,0);
seqRC2.addComponent(new INTEGER(40));
SEQUENCE seqEncrypAlgoritmos = new SEQUENCE();
seqEncrypAlgoritmos.addComponent(seqRC2);
Attribute atributo = new Attribute(ObjectID.symmetricCapabilities,
new ASN1Object[] {seqEncrypAlgoritmos});
aattribute[2] = atributo;
aattribute[3] = new Attribute(ObjectID.messageDigest, new ASN1Object[]{ new OCTET_STRING(digest) });
if(attributes)
asignerinfo[0].setAuthenticatedAttributes(aattribute);
byte byte0;
if(dettached)
byte0 = 2;
else
byte0 = 1;
SignedData signeddata = new SignedData(digestHEX.getBytes(), byte0);
signeddata.setCertificates(ax509certificate);
signeddata.addSignerInfo(asignerinfo[0]);
ContentInfo contentinfo = new ContentInfo(signeddata);
if(!contentinfo.hasContent())
throw new Exception("Couldn't create the sign");
ByteArrayOutputStream result = new ByteArrayOutputStream();
ByteArrayOutputStream source = new ByteArrayOutputStream();
contentinfo.writeTo(source); // <-- here is the error (line 136)
Base64OutputStream base64outputstream = new Base64OutputStream(result);
base64outputstream.write(source.toByteArray());
base64outputstream.flush();
base64outputstream.close();
String resFinal;
if(CRLF)
resFinal = result.toString();
else
resFinal = result.toString().replaceAll("[\r\n]+","");
// resFinal = sinCRLF(result.toString());
if(resFinal.equals(""))
throw new Exception("Couldn't create the sign");
* Restore the Security variable.
Security.removeProvider(iaik.getName());
return resFinal;
private static byte[] SHA1(byte abyte0[])
try
MessageDigest messagedigest = MessageDigest.getInstance("SHA-1");
byte abyte1[] = messagedigest.digest(abyte0);
messagedigest.reset();
return abyte1;
catch(NoSuchAlgorithmException nosuchalgorithmexception)
throw new Error("Configuration error", nosuchalgorithmexception);
private static String toHexString(byte abyte0[])
StringBuffer stringbuffer = new StringBuffer();
int i = abyte0.length;
for(int j = 0; j < i; j++)
byte2hex(abyte0[j], stringbuffer);
return stringbuffer.toString().toUpperCase();
private static void byte2hex(byte byte0, StringBuffer stringbuffer)
char ac[] = {
'0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
'a', 'b', 'c', 'd', 'e', 'f'
int i = (byte0 & 0xf0) >> 4;
int j = byte0 & 0xf;
stringbuffer.append(ac);
stringbuffer.append(ac[j]);
}Using the IBM SDK 5.0, the error:iaik.pkcs.PKCSException: iaik.asn1.CodingException: iaik.asn1.CodingException: Unable to encrypt digest: No installed provider supports this key: (null)
at iaik.pkcs.pkcs7.SignedData.toASN1Object(Unknown Source)
at iaik.pkcs.pkcs7.SignedDataStream.toASN1Object(Unknown Source)
at iaik.pkcs.pkcs7.ContentInfo.toASN1Object(Unknown Source)
at iaik.pkcs.pkcs7.ContentInfo.writeTo(Unknown Source)
at aeat.FirmadorIAIK.firmar(FirmadorIAIK.java:136)
... more irrelevant data... -
Configuration/Setup for securing PI messages with certificates
Hello Experts,
I'm looking for some guidance/suggestions/direction in regards to installing and using certificates when exchanging data with trading partners via PI 7.0. It's something new to us and it's been a bit of a struggle.
In scenario 1, we want to send to, and receive from, xml documents with a partner. We currently send from our PI system, but want to receive the messages back thru an F5 network (?) which would decrypt the message and pass it along to PI. This also takes care of load-balancing.
In scenario 2, we want to exchange EDI messages using the AS2 Adapter from Seeburger. Again, messages would be sent from PI and received by the F5 network.
The F5 would act as the SSL termination point (if that's the correct term), and pass the decrypted message to PI via a normal http transfer.
We are storing our partners' certificates within PI, and configuring the communication channels to use them. Is this correct? Do they need to be stored on the F5 as well? Do we then give them our certificate from the F5, or do they need a certificate from our PI server, or both?
I guess what I'm looking for is some straight-forward SSL 101 documentation, especially where it applies to middleware like the F5. Thanks in advance for any help you can give.Hi,
Just a quick note on the certificates; if you want to encrypt messages sent from PI you need the public key of the receiver stored in PI (J2EE key store) with which to encrypt the messages. When receiving files back from partners, they would need to encrypt the messages with the public key of F5 certificate. F5 would then use its private key to decrypt the message before passing to PI.
So, yes, you are correct to store the certificates of your partners in PI which will be used in encryption of outbound messages. F5 would only need the private keys of the certificate that your partners have encrypted with, no need for PI certificates to be stored in F5 (unless you also need digital signatures).
Hope this helps.
Br,
Kenneth -
How to Work with Composite Primary Key
Hi All,
I'm working with Toplink JPA. Here I have A problem with inserting into database table which have composite Primary Key.
What I'm doing is, I have two tables. to maintain many to many relation between these two tables I created another intermediate table which consists of foreign Keys (reference) of above two tables.
Now these two foreign Keys in the Intermediate table made as composite Primary Keys.
When I'm trying to the data in the Intermediate table I'm getting the foreign Keys values are null..
could anyone suggest me how to work with composite Primary Keys
Thanks,
SatishI have the same problem, I have 3 tables with a join table joining them all. I have created an intermediate table entity. When I go to create a an entry, it says that I cannot enter null into "ID". Here is the SQl toplink generates:
INSERT INTO Z_AUTH_USER_AUTHORIZATION (CONTEXT_ID, AUTHORIZATION_ID, USER_ID) VALUES (?, ?, ?)
bind => [null, null, null]
Here are the classes:
-----------------------Join Table-----------------------------------------------
@Entity()
@Table(name = "Z_AUTH_USER_AUTHORIZATION")
public class AuthUserAuthorization implements Serializable{
@EmbeddedId
private AuthUserAuthorizationPK compId;
// bi-directional many-to-one association to AuthAuthorization
@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(name = "AUTHORIZATION_ID", referencedColumnName = "ID", nullable = false, insertable = false, updatable = false)
private AuthAuthorization authAuthorization;
// bi-directional many-to-one association to AuthContext
@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(name = "CONTEXT_ID", referencedColumnName = "ID", nullable = false, insertable = false, updatable = false)
private AuthContext authContext;
// bi-directional many-to-one association to AuthUser
@ManyToOne(fetch = FetchType.EAGER)
@JoinColumn(name = "USER_ID", referencedColumnName = "ID", nullable = false, insertable = false, updatable = false)
private AuthUser authUser;
---------------------------------------User table--------------------------------------------------------------
@Entity()
@Table(name = "Z_AUTH_USER")
public class AuthUser implements Serializable, IUser{
@Id()
@SequenceGenerator(name = "AUTH_USER_ID_SEQ", sequenceName = "Z_AUTH_USER_ID_SEQ")
@GeneratedValue(strategy = GenerationType.SEQUENCE, generator = "AUTH_USER_ID_SEQ")
@Column(name = "ID", unique = true, nullable = false, precision = 10)
private Integer id;
// bi-directional many-to-one association to AuthUserAuthorization
@OneToMany(mappedBy = "authUser", fetch = FetchType.EAGER)
private java.util.Set<AuthUserAuthorization> authUserAuthorizations;
-----------------------------------Context table-----------------------------------------------------------------
@Entity()
@Table(name = "Z_AUTH_CONTEXT")
public class AuthContext implements Serializable, IContext{
@Id()
@SequenceGenerator(name = "AUTH_CONTEXT_ID_SEQ", sequenceName = "Z_AUTH_CONTEXT_ID_SEQ")
@GeneratedValue(strategy = GenerationType.SEQUENCE, generator = "AUTH_CONTEXT_ID_SEQ")
@Column(name = "ID", unique = true, nullable = false, precision = 8)
private Integer id;
// bi-directional many-to-one association to AuthUserAuthorization
@OneToMany(mappedBy = "authContext", fetch = FetchType.EAGER)
private java.util.Set<AuthUserAuthorization> authUserAuthorizations;
----------------------------Authorization table-------------------------------------------------
@Entity()
@Table(name = "Z_AUTH_AUTHORIZATION")
public class AuthAuthorization implements Serializable, IAuthorization{
@Id()
@SequenceGenerator(name = "AUTH_AUTHORIZATION_ID_SEQ", sequenceName = "Z_AUTH_AUTHORIZATION_ID_SEQ")
@GeneratedValue(strategy = GenerationType.SEQUENCE, generator = "AUTH_AUTHORIZATION_ID_SEQ")
@Column(name = "ID", unique = true, nullable = false, precision = 8)
private Integer id;
// bi-directional many-to-one association to AuthUserAuthorization
@OneToMany(mappedBy = "authAuthorization", fetch = FetchType.EAGER)
private java.util.Set<AuthUserAuthorization> authUserAuthorizations;
I have tried to create the new entity several ways. I have tried to create one with the default constructor then set this entity on each of the other entities, I have also tried to pass in the entities to the join entity and set them there, but this doesn't work. Any help would be very appreciated!
Thanks,
Bill -
How to Provide the Certificate Generation key while configuring WorkFlow Manager 1.0
Hi,
I am new to Workflow manager.I am configuring it in a SharePoint Farm with Allow Workflow Management over Http on this computer option.
Its asking for Certificate Generation key for joining to the Farm.
Could anyone help me how to get the Certificate Generation key.
Please advice
Thanks, Vijay Arul Lourduwe forgot the auto-generated Certificate
Generation Key. Can you tell us the detail instructions to find it? Thanks. -
I used Adobe Reader XI to sign PDFs with certificate, which worked perfectly. Except that the PDF could still be edited by other programs (for example, Nitro PDF) after the signing (but not the fill out fields and the signature). To apply password protection makes sense to avoid changes in the PDF being made after it has been signed. So I applied password protection via Nitro PDF that allows only enter fill-out fields and signing. But when I open it with Adobe Reader, the filling out works fine, but the signing part is not available to click on it (all of the buttons under "Sign" tab are grey). When I go on the Security properties with Adobe Reader, I can explicitly see that signing of this PDF is allowed and yet the option is not open to use for me anymore.
Any ideas on why it is the case and what I could do about that?
Many thanks!
O.Actually yes, I just asked my colleague to assist me with this, he password-protected the PDF with Acrobat 8, explicitly allowing for signing and fill-out functions, it also appears in Adobe Reader under security properties as "allowed", but it is not open to use in the Reader for me anymore (grey buttons).
-
How having "messages" with iOS X Lion 10.7 ?
How having "messages" with iOS Lion 10.7.5 ?
I use iCloud, Airplay ... but i can't find messages, do i really need to pay ?Messages is part of Mountain Lion. Older OS's still use iChat.
-
Mail does not allow signed message with .Mac certificate
Hi all,
until a few weeks ago, I was able to send signed or encrypted message with my .Mac account and .Mac certificate. Both of them are still valid, and I can still read all messages I sent as encrypted and/or signed, however, Mail does not show the two buttons to crypt and/or sign emails. The certficate seems to work to encrypt iChat dialogs as well.
I repaired my Keychain, looked at how certficates were configured, everything seems normal to me.
Any clue ??Well, it seems that we've come across something finally.
In comparing notes, my friend (who is currently able to sign and encrypt messages) and I were comparing notes on our respective certificates. In doing so, he pointed out that he'd noticed a difference in the PURPOSE of my cert versus his cert.
His cert shows the following purposes:
1 - Client Authentication
2 - Email Protection
3 - Apple .Mac Identity
4 - Apple iChat Signing
5 - Apple iChat Encryption
Whereas mine only shows these purposes:
1 - Client Authentication
2 - Apple iChat Signing
3 - Apple iChat Encryption
Another thing I noticed while comparing his cert to mine after he pointed this out...his cert is due to expire at the end of October. Mine, on the other hand, was created this past Friday.
Now, from what I understand, these certs expire one year from date of issue, unless they are revoked earlier. So, I suppose the big question to everyone else out there that is having trouble with using their .Mac issued certificates is "When did yours get renewed?".
I'm suspecting at this point that somewhere around the end of June the certificates issued by Apple for iChat signing suddenly stopped having the "Purpose" of mail protection. It would also seem that they suddenly stopped having the purpose of .Mac Identity.
Now I'm curious why Apple would do this, make it actually relatively easy to create a cert that could be used for iChat and Mail encryption, then suddenly take it away. Is this actually what has happened here?
I'd be really interested in seeing what the renewal dates are and the corresponding "Purposes" are for many of the folks that are reporting trouble with this very issue.
If you are one of those people who had mail encryption working using your .mac certificate, and it suddenly stopped working...feel free to post your cert information here.
To get the ball rolling, here's the information from mine...
Issued By:
- Apple .Mac Certificate Authority
Expires:
- September 14, 2007
Purposes:
- Client Authentication
- Apple iChat Signing
- Apple iChat Encryption
G4 800 (Quicksilver) / Powerbook 1.5 GHz Mac OS X (10.4.7) -
Retrieved public key not match with real public key on certificate
//@@public key from certificate
*30 81 89 02 81 81*
+00 92 28 98 7b 71 5e 3b 58 93 7a 58 cd 9e b8 17 c6 8e 74 51 c7 32 be 73 c6 54 d6 e5 3b c8 3c 89 c5 6c cd 59 b2 40 58 f2 83 f4 8d c8 b0 5f 57 26 d9 27 88 ff 76 1b 2d 5e 78 8c aa 66 2e 68 1e ed 01 5a 09 c9 5f fb 11 9d 33 4d 57 f1 02 f8 61 4b 71 08 c9 da db 5c a7 c8 fa a6 ed f6 d5 1b 78 72 20 33 0b 80 6c 07 e0 14 7c 49 b5 e3 aa 39 79 28 9e 76 3f 9c 23 7b ea 5c b3 fd 79 cb d5 71 3d d4 f9 02 03 01 00 01+
//@@retrieved public key from certificate partially not match
*30 3F 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 01 05 00 03 3F 3F 00 30 3F 89 02 3F 3F*
+00 92 28 98 7B 71 5E 3B 58 93 7A 58 CD 9E B8 17 C6 8E 74 51 C7 32 BE 73 C6 54 D6 E5 3B C8 3C 89 C5 6C CD 59 B2 40 58 F2 83 F4 3F C8 B0 5F 57 26 D9 27 88 FF 76 1B 2D 5E 78 8C AA 66 2E 68 1E ED 01 5A 09 C9 5F FB 11 3F 33 4D 57 F1 02 F8 61 4B 71 08 C9 DA DB 5C A7 C8 FA A6 ED F6 D5 1B 78 72 20 33 0B 80 6C 07 E0 14 7C 49 B5 E3 AA 39 79 28 9E 76 3F 9C 23 7B EA 5C B3 FD 79 CB D5 71 3D D4 F9 02 03 01 00 01+
* Convert into hex values
private static String hex(String binStr) {
String newStr = new String();
try {
String hexStr = "0123456789ABCDEF";
byte [] p = binStr.getBytes();
for(int k=0; k < p.length; k++ ){
int j = ( p[k] >> 4 )&0xF;
newStr = newStr + hexStr.charAt( j );
j = p[k]&0xF;
newStr = newStr + hexStr.charAt( j ) + " ";
} catch (Exception e) {
System.out.println("Failed to convert into hex values: " + e);
return newStr;
* Get public key from keystore.
* The public key is in the certificate.
private static Key getPublicKey(String keyname, String keystore)
throws IOException, KeyStoreException, NoSuchAlgorithmException,
CertificateException {
KeyStore ks = KeyStore.getInstance("JKS");
ks.load(new FileInputStream(keystore), KEYSTORE_PASS.toCharArray());
X509Certificate cert = (X509Certificate) ks.getCertificate(keyname);
if (cert != null) {
return cert.getPublicKey();
return null;
// Read the public key from keystore certificate
RSAPublicKey keystorepub = (RSAPublicKey) keystorecert.getPublicKey();
tempPub = keystorepub.getEncoded();
sPub = new String( tempPub );
System.out.println("Public key from keystore:\n" + hex(sPub) + "\n");Italic part is match part however bold part is not match, i think should be calculation on convert hex incorrect.the public key on certificate can view direct in hex format although inside the certificate is in byte[] format,hence during extract public key from certificate via java code,need to convert from byte[] to hex string and then compare it.
this is the picture of certificate that display public key in hex format
[http://i225.photobucket.com/albums/dd135/ocibala109/cert.jpg]
Edited by: ocibala on Oct 7, 2008 8:51 PM -
Ability to sign emails with certificates
Hi all,
I was just wondering if anyone had been able to setup their email on the iphone (I am using a mobile me account which syncs - I don't know the terminology) with digital signatures.
I have setup my macbook that, when I compose an email, I can sign it with a free certificate I got from Comodo.
I was wondering if there was a way of setting up the iphone so that I can also sign the messages I compose when I am about?
I had a look at the iphone configuration utility (briefly) but got scared that I might change some other setting and break my phone (everything else is working so nicely).
Is there any guides as to how set this up (am happy to look at the iphone utility if I could get all the current settings I have loaded onto it and then just change the required changes). I don't know if this is even allowed in the device...
Any information would be helpful
Cheers
AusQBallHi Sean,
Thanks for replying but I am not sure that the application does quite what I am after...
I am not trying to add an image with my signature on it but rather add a cryptographic signature which allows the recipient to know that it came from me. My knowledge on this topic is a little sketchy but I think that, for it to work, a hash of the entire message would need to be calculated and then encrypted with a private key found in my signature certificate (which only I have). The recipient can then check that the message has not been altered using the public key (provided in the email and signed by a certificate authority) to confirm that the hashes match.
Please reply if I have misunderstood something with the application.
Also thank you for looking into this for me. Any help is appreciated.
Cheers
AusQBall -
How to reconstruct same EC public key
Hello
I need to reconstruct EC public key from certificate.
I have these information as:
x = 66:6d:59:b1:fb:53:c1:c9:98:c1:2c:71:73:1d:3a:36:a3:7c:d9:95:
y = ca:de:ee:96:c1:56:c8:d7:c7:85:2b:39:b5:fe:fd:1f:a3:ce:18:c7
secp160r2
How can I create ECParameterSpec object from information secp160r2 ?
Because for creating of ECPublicSpec are necessary to have knowledge of ECPoint and ECParameterSpec objects.
Can somebody help me resolve this problem ?
I want to achieveI found this sollution:
ECPoint tempPoint = new ECPoint(
new BigInteger("666d59b1fb53c1c998c12c71731d3a36a37cd995", 16),
new BigInteger("cadeee96c156c8d7c7852b39b5fefd1fa3ce18c7", 16));
org.bouncycastle.jce.spec.ECNamedCurveParameterSpec params =
ECNamedCurveTable.getParameterSpec("secp160r2");
org.bouncycastle.jce.spec.ECNamedCurveSpec xxx = new ECNamedCurveSpec(
params.getName(), params.getCurve(), params.getG(), params.getN(),
params.getH());
ECPublicKeySpec spec = new ECPublicKeySpec(tempPoint,xxx);
PublicKey pub2 = keyFactory.generatePublic(spec);
byte[] encPub = pub2.getEncoded();
FileOutputStream pubfos = new FileOutputStream("pub2.key");
pubfos.write(encPub);
pubfos.close(); -
How can I hardcode the public key into my coding?
Hi! I need to hardcode the public key into my program so can someone tell me how can i do it.
Purpose:-
I am trying to create a license file( signature file) and the public key in my product.Hi! Thank for your reply.
I dont understand, but anywhere i get the solution already.
Thanks.
byte[] pubKey = pub.getEncoded();
String hexPubKey = toHexString(pubKey);
FileOutputStream pubKeyfos = new FileOutputStream("suepubk");
PrintWriter pwPubKey = new PrintWriter(pubKeyfos);
pwPubKey.write("PublicKey="+hexPubKey);
pwPubKey.close();the following method i got it from internet. I forget the link.
private static String toHexString(byte[] block) {
StringBuffer buf = new StringBuffer();
int len = block.length;
for (int i = 0; i < len; i++) {
byte2hex(block, buf);
//if (i < len-1) {
// buf.append(":");
return buf.toString(); -
How to authenticate with certificate?
I wanna try to build a more secure LAN. I want every client (wired/wireless) to connect the network used a certificate not a user/password pair.
But now, as i am a newbie, I don't know what to choose between TACACS+ and RADIUS. Because I have a Mac mini, maybe RADIUS is more suitable, but i don't know how to establish the CA.
Any help or suggestion will be appreciated!We most typically do this in the context of implementing a product like Cisco's Identity Services Engine (ISE). ISE uses 802.1x and has the ability to check clients for things like a certificate during the authentication / posture assessment / remediation process.
It also acts as a RADIUS server and can dynamically push out Change of Authorization (CoA) to the authenticator (i.e switch or Wireless controller) in order to control things like client VLAN assignment and any access-lists you may want to apply.
On the client side, a supplicant is used to interact with the authenticator. You can use native supplicants from OS X or Windows etc. but we generally recommend use of Cisco's AnyConnect Secure Mobility client with its Network Access Module (NAM) as it's much more full-featured for that purpose.
You could also do 802.1x with certificate authentication and use a different backend authentication server (like a regular Cisco ACS or Microsoft Network Policy Server) but you would just get more basic authentication vs. the rich functionality ISE gives (albeit ISE costs a lot more ;) ).
Have a look at this Youtube video for an example of setting up certificate authentication on ACS:
https://www.youtube.com/watch?v=U7qWJ7bIMHA -
I am using pdfwriter on Windows to sign my pdf's with a certificate. Does an equivalent exist for archlinux? My google-fu didn't turn up anything... Thanks!
It sounds like your problems stem from needing to adhere to whatever protocol pdfwriter uses. I'm not familiar with that piece of software myself.
Basically, you have three options in front of you: pdfwriter uses some open specification which *nix has already implemented under some other name; pdfwriter uses a closed specification which has been partially re-implemented in *nix so you can do basic stuff; pdfwriter uses a totally closed spec which no one else cares about.
If it's one of the first two, you'll be able to find a work around. If it's the last one, you should kick your employer right in the nuts. -
Hi guys,
I'm working on my thesis,and my prof. told me that I have to sign a
java object with a public key.
Looks to be impossible, but I asked him again and he confirmed what he
said.
How do I create a digital signature of a java object using a Publik
Key??
Thanks a Lot guys!!!
Bye!How do I create a digital signature of a java object using a Public Key??Well as my fellow poster said it makes no sense siging (Encrypting) an Object using a Public Key as it would be available for access.
If it is about Siging an Object with a Single Key where there is concept having a public / private key i think most of the Symmentric Encryption Algorithms come into picture. where there would be a single key used for both encrypting & decrypting data.
However, you can very well have a look of the specified links below to recheck on things.
http://www.unix.org.ua/orelly/java-ent/security/ch12_01.htm
http://www.developer.com/java/other/article.php/630851
http://mindprod.com/jgloss/digitalsignatures.html
Hope these might be of some help...
REGARDS,
RaHuL
Maybe you are looking for
-
I am having problems with the new itunes set up ........ when i plug in my iphone or ipod touch it shows in the top right hand corner of itunes BUT when i click on the shown iphone/ipod the icon its no longer there, i was useing this fine yesterday a
-
Adobe Air installer is not opening on Mac
Hi, I have downloaded the last version of Adobe Air but the installer is not opening. I have followed the steps written on this page : http://helpx.adobe.com/air/kb/troubleshoot-air-installation-mac-os.html , but after step 4 'after hitting enter you
-
How to set up an Ubuntu chroot inside Arch Linux [solved]
I use Arch Linux (64 bits) as my desktop, but I'd like to have an Ubuntu chroot for development purposes. I installed schroot and debootstrap, created a directory for the jail, and executed: sudo debootstrap --arch amd64 lucid /var/chroot/ubuntu http
-
Displaying BEx Error Messages in WebI
Hi Is it possible to have the BEx error messages displayed in a WebI Report? We have various scenarios where an error message is returned from customer exit variables, which is displayed nicely in the browser if the BEx query is executed, but is not
-
How to select odd/even rows from table....
How to select odd/even rows from a table? Please help. Edited by: vaibhav on May 7, 2012 5:30 AM