How to enter a Private key into a keystore

Similar Messages

• Importing a PKCS12 private key into java Keystore

  Hi,
  We have an existing private key, stored in a ".p12" file.
  Currently, our existing program will access this file directly to retrieve the private key, however, we need to import this private key into a keystore so it can be retrieved by our new code.
  Does anyone know whether it is possible to do this, and if so, is there any criteria that need to be met.
  If it is possible, then how do we do it?
  Assistance is appreciated!
  Regards
  Steve Williams

  Sorry to cross-post, but I have a similar problem.
  I have an existing certificate (public/private keypair) that I'm using in Microsoft IIS. Using Cert Manager in Windows2000 I export the certificate preserving the private key into a pfx file. I need to import the public/private keypair into the keystore. I also have the original certificate request and reply from Verisign if that helps any. I've looked everywhere and have been unable to find any information about doing this. Please Help!
  If there is a way to do this using keytool that would be great. If someone knows how to programmatically do this that would also be great.
  Thanks in advance,
  Trey Caldwell
  Software Engineer
  Intrannuity, LLC
  [email protected]

• How does a public/private key encrypt and decrypt each other?

  I understand the logic that when a communication takes place both parties pass their public keys to each other which is used to encrypt all messages. Once the party receives the messages the private key is used to decrypt them however I'm wondering how a private key is generated from a public key. If the private key is based on an algorithm wouldn't each party be able to generate what the other person's private key would be based on the public? Wouldn't a third party?

  How the public and private keys are generated depends on what public key cryptosystem is being used, but in general the private key cannot be derived from the public with a computationally feasable algorithm, while the public key can be derived from the private key very quickly. Two examples:
  RSA: private keys are 2 primes, p and q, and an encryption exponent d. Public key is the product p*q, and an encryption exponent e. How does the attacker get p and q, or d, from n and e? The best attack known against this (for properly chosen p, q, and d) is factoring. Factoring can be made infeasable by choosing the primes to be large enough.
  Diffie-Hellman: a prime modulus p and a base g < p is known by everyone (including the attacker). The private key is an integer x chosen randomly, 2 <= x < p-1 (there are better ways to choose x). The public key is g^x mod p. How does the attacker get x from g^x mod p? Again, the best known attack is one that is computationally roughly equal to factoring a composite number of about the size of p.

• How do enter my product code into a trial version when I have a student copy of Adobe Photoshop CS6

  How do enter my product code into a trial version when I have a student copy of Adobe Photoshop CS6

  Redemption Code Help
  Installing and Activating a Try & Buy product
  Mylenium

• How to load the certificate authority into the keystore for the weblogic8.1

  how to load the certificate authority into the keystore for the weblogic8.1
  ==================================================
  Getting the message below when trying to improt the certificate to the weblogic 8.1 web server. Received this certificate from our internal IT certificate authority. Trying to import the certificate to our test sytem.
  ===================================================
  keytool error: java.lang.Exception: Failed to establish chain from reply
  Import failed. Verify that the Certificate Authority that signed 'certi.pem'
  has been loaded into your keystore 'keystore\pskey'
  To view keystore contents issue 'PSkeymanager -list -keystore keystore\pskey [-v
  To preview a certificate file issue 'PSkeymanager -previewfilecert -file certi.pem'

  You need to populate that field using cmod code. Find out from which table that field is and go to transaction cmod then enter project name and select component radio button then display.
  Now select the FM EXIT_SAPLRSAP_001  if your datasource is transactional dataource
  EXIT_SAPLRSAP_002 for master data attibute
  EXIT_SAPLRSAP_003 for Hierarchies
  EXIT_SAPLRSAP_004 for text
  then populate code .
  After your code then delete data from ods then reinit to populate the enhanced field.
  Hope it helps..

• Adobe Content Server 4.1 - Cound not find server's private key in the keystore

  Hello,
  I have getting following error when i setup fulfillment services of Adobe Content Server 4.1.1
  type Exception report
  message
  description The server encountered an internal error () that  prevented it from fulfilling this request.
  exception
  javax.servlet.ServletException: Servlet execution threw an exception
  root cause
  java.lang.Error: Cound not find server's private key in the keystore
       com.adobe.adept.fulfillment.security.ServerConfig.init(ServerConfig.java:156)
       com.adobe.adept.fulfillment.security.ServerConfig.getSigningURL(ServerConfig.java:48)
       com.adobe.adept.fulfillment.servlet.FulfillmentServerStatus.getServers(FulfillmentServerStatus.java:34)
       com.adobe.adept.common.servlet.Status.checkUp(Status.java:355)
       com.adobe.adept.common.servlet.Status.doGet(Status.java:424)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
       javax.servlet.http.HttpServlet.service(HttpServlet.java:717)
  note The full stack trace of the root cause is available in the  Apache Tomcat/6.0.20 logs.
  My fulfillment-conf.txt contains following:
  com.adobe.adept.log.level=trace
  com.adobe.adept.log.file=C:\acs4\log\fulfillment.log
  com.adobe.adept.persist.sql.driverClass=com.mysql.jdbc.Driver
  com.adobe.adept.persist.sql.dialect=mysql
  com.adobe.adept.persist.sql.connection=jdbc:mysql://127.0.0.1:3306/adept
  com.adobe.adept.persist.sql.user=acesdbuser
  com.adobe.adept.persist.sql.password=******
  com.adobe.adept.serviceURL=http://127.0.0.1:8080/fulfillment
  com.adobe.adept.fulfillment.security.licensesignURL=https://nasigningservice.adobe.com/licensesign
  com.adobe.adept.fulfillment.security.keystore=pkcs12
  com.adobe.adept.fulfillment.security.pkcs12.file=file:///C:/ACS4/operator.p12
  com.adobe.adept.fulfillment.security.keystore.user=operator4acs
  com.adobe.adept.fulfillment.security.keystore.password=******
  Any Idea?
  Regards,

  Are you sure you created the .p12 file with the correct '-name' friendly name? The value for -name must match the value com.adobe.adept.fulfillment.security.keystore.user

• Import a signed public key into a keystore

  Hai all,
  When I followed the steps listed at the end of the email, to create a cert request using keytool (from jdk 1.3.0), make it signed by a CA and import the signed public key into a keystore,
  I got the following error when I did step 9: keytool error: java.security.cert.CertificateException: IOException: data is not sufficient
  Could you please give me a help? Thanks in advance. ---
  1.Generate the CA key
  $ openssl genrsa -rand -des -out ca.key 1024
  2.Create a self signed certificate
  $ openssl req -new -x509 -days 365 -key ca.key -out ca.crt
  3.Setup the OpenSSL CA tools
  $ mkdir demoCA $ mkdir demoCA/newcerts $ touch demoCA/index.txt
  $ cp ca.crt demoCA/ $ echo "01" > demoCA/serial
  4.Create a new key store for the client application
  $ keytool -keystore testkeys -genkey - alias client
  5.Export the client's public key
  $ keytool -keystore testkeys -certreq -alias client -file client.crs
  6.Sign the client's key with our CA key
  $ openssl ca -config /etc/openssl.cnf -in client.crs -out client.crs.pem -keyfile ca.key
  7.Convert to DER format
  $ openssl x509 -in client.crs.pem -out client.crs.der -outform DER
  8.Import CA certificate into client's key store
  $ keytool -keystore testkeys -alias jsse_article_ca -import -file ca.crt
  9.Import signed key into client's key store
  $ keytool -keystore testkeys -alias client -import -file client.crs.der
  (The above steps are available at <http://www.ddj.com/articles/2001/0102/0102a/0102a.htm>)
  I have created CA and Server certificates using openssl and client certificate request using keytool and it is signed by our CA.
  I am using openssl server (C++) and JSSE client (JAVA)...
  to communicate these two what certificates i need to put in the client keystore (created using keytool).
  I have imported CA into keytool ,but i am unable to import client cert into keystore.
  Please tell me some way to sort out this problem...
  Prasad.

  The following script using openssl and keytool (JDK1.3)
  works. Be sure to have the following in
  your extension directory (/opt/java1.3/jre/lib/ext):
  jcert.jar
  jnet.jar
  jsse.jar
  sunrsasign.jar
  Pierre
  #!/bin/ksh
  rm -f Keystore Config
  rm -rf certs
  mkdir certs
  touch certs/index
  echo "01" > certs/serial
  chmod 600 certs/*
  netstat > /tmp/.rnd
  echo "Creating config file for openssl"
  cat > Config <<EOCNF
  [ ca ]
  default_ca = CA_default
  [ CA_default ]
  dir = certs
  database = \$dir/index
  serial = \$dir/serial
  default_days = 365 # Duration to certify for
  default_crl_days= 30 # Time before next CRL
  default_md = SHA1 # Message digest to use.
  preserve = no # Keep passed DN ordering?
  policy = policy_anything
  [ policy_anything ]
  countryName = optional
  stateOrProvinceName = optional
  localityName = optional
  organizationName = optional
  organizationalUnitName = optional
  commonName = supplied
  emailAddress = optional
  [ req ]
  default_bits = 1024
  default_keyfile = privkey.pem
  distinguished_name = req_distinguished_name
  attributes = req_attributes
  [ req_distinguished_name ]
  countryName = Country Name (2 letter code)
  countryName_default = US
  countryName_value = US
  countryName_min = 2
  countryName_max = 2
  stateOrProvinceName = State or Province Name (full name)
  stateOrProvinceName_default = CA
  stateOrProvinceName_value = CA
  localityName = Locality Name (eg, city)
  localityName_default = Loc
  localityName_value = Loc
  0.organizationName = Organization Name (eg, company)
  0.organizationName_default = Org
  0.organizationName_value = Org
  organizationalUnitName = Organizational Unit Name (eg, section)
  organizationalUnitName_default = OrgUnit
  organizationalUnitName_value = OrgUni
  commonName = Common Name (eg, YOUR name)
  commonName_default = CN
  commonName_value = CN
  commonName_max = 64
  emailAddress = Email Address
  emailAddress_default = [email protected]
  emailAddress_value = [email protected]
  emailAddress_max = 40
  [ req_attributes ]
  EOCNF
  echo "Creating DSA params"
  openssl dsaparam -outform PEM -out DSAPARAM -rand /tmp/.rnd 1024
  echo "Creating CA key pair and cert request"
  openssl req -config Config -nodes -newkey DSA:DSAPARAM -keyout certs/caprivkey.pem -out certs/req.pem
  echo "Signing own CA cert"
  openssl x509 -req -in certs/req.pem -signkey certs/caprivkey.pem -out certs/cacert.pem
  echo "Generating client key pair and cert in keystore"
  keytool -genkey -alias myalias -keyalg DSA -keysize 1024 -keypass password -storepass password -keystore Keystore -dname "CN=Common Name, OU=Org Unit, O=Org, L=Locality, S=State, C=Country" -validity 365
  echo "Generating cert request"
  keytool -certreq -alias myalias -keypass password -storepass password -keystore Keystore -file certs/CertReq.csr
  echo "Signing client cert"
  openssl ca -config Config -policy policy_anything -batch -in certs/CertReq.csr -keyfile certs/caprivkey.pem -days 365 -cert certs/cacert.pem -outdir certs -out certs/public.pem -md SHA1
  echo "Importing CA cert into keystore"
  keytool -import -alias CA -keystore Keystore -storepass password -noprompt -file certs/cacert.pem
  # Clean the certificate file, contains extra stuff from openssl
  sed "/^-----BEGIN CERTIFICATE-----/,/^-----END CERTIFICATE-----/!d" \
       certs/public.pem > certs/tmp-public.pem
  cp certs/tmp-public.pem certs/public.pem
  rm certs/tmp-public.pem
  echo "Importing client cert into keystore"
  keytool -import -alias myalias -keystore Keystore -storepass password -noprompt -file certs/public.pem

• SSL: how to use Multiple Private key/Certificate pair for authentication.

  Hi all,
  i am implementing SSL in java using X509 Certificate/private key combination.
  i have two set of private key/certificate pair.
  one is factory default and another is generated at run time.
  my problem is to try ssl connection with both pairs on same tcp/ip connection.
  e.g. on server side: first try ssl connection with factory default certificate, if it fails try connecting with generated certificate on same tcp/ip connection.
  on client side: if generated certificate(this certificate was generated at server side) is present first perform server authentication using this certificate otherwise authenticate server with factory default certificate.
  can someone please help and let me know how do i need to configure both ends(client and server) for achieving the same.
  Thanks In Advance
  Saurabh Ahuja

  Client code does not contain any default truststore and needs a certificate for authentication.Of course it does. OpenSSL has a way of doing that: some kind of equivalent for the truststore. None of the stuff you've posted here about generating certificates at runtime has any bearing on that problem.
  It's like this. The idea of PKI with SSL is as follows:
  - the server has a private key and a signed certificate. Preferably it's signed by a CA that the client already trusts, otherwise if it's self-signed it has to be exported from the server's keystore and imported into the truststores of all the clients.
  - the client has a truststore that trusts the server, one way or the other, see above.
  - the server's private key is private to it. Nobody else has it. Nobody else can ever get it. If it ever leaks, the server is compromised, and server authentication via that private key now means absolutely nothing. You have lost security.
  - the server sends its cert to the client along with a digital signature signed by its private key.
  - the client (a) decides whether it trusts the cert, via its truststore, and (b) verifies the digital signature, which establishes that the server owns the certificate.
  At this point the server is authenticated to the client and the SSL connection is open. It can now be used as an ordinary socket connection.
  If you want client authentication too, you need all the above in reverse as well, i.e. reading server for client and client for server throughout. Note particularly that each client must have its own private key. Otherwise the private key isn't private, so signing something with it doesn't establish ownership, so client authentication isn't valid.
  You need to understand all this stuff and relate it to the apparently broken security design of your application. Generating a private key and a certificate at runtime is complete nonsense within the context of PKI and SSL. It proves nothing, establishes nothing, authenticates nothing; it just wastes time.

• How to enter 08 product key

  we only use 08 at work and I have 06. Work gave me the product key, but I can't figure how to enter the key so I can open the 08 download.

  Hi Fran J and welcome to the Pages forum!
  Could you explain in more detail? Have you downloaded the iWork08? or not?
  You have to install iWork first and then open the apps to use the key.

• Storing encrypted username and password along with the Key into Windows Keystore

  I have a WPf application and I need to allow the user to enter the username and password. Username and Password should be encrypted and store them with the key into the windows Keystore. I used the Cryptography class to encrypt the username and password but
  I am not sure how to store them in the Windows Key Store.
  This login is used for configuration purpose only. User enters  and  it is saved into the clients machine. As long these credentials are correct, we are going to allow this machine to call another API to download files.
  I would really appreciate for any sample code. Basically, I need to store them in the registry and be able to call them to verify.

  Data encryption and key management is certainly not a WPF topic so you are in the wrong forum but you could take a look at the ProtectedData class:
  https://msdn.microsoft.com/en-us/library/system.security.cryptography.protecteddata.aspx.
  It provides methods for encrypting and decrypting data on user or machine level. Please refer to the following link for more information:
  http://stackoverflow.com/questions/4967325/best-way-to-store-encryption-keys-in-net-c-sharp
  Here is another link on the subject that may be helpful:
  http://stackoverflow.com/questions/7459069/where-to-store-sensitive-information-needed-for-an-application-to-run
  Please remember to mark helpful posts as answer to close your threads.

• How to enter a WEP key

  I'm trying to join an existing wireless network of Windows machines. Connecting to the ZyXEL router software shows that it is using 64 bit WEP for its password and this is of the form 64 6F xx xx etc. However, entering this in the Airport configuration for the Mac does not allow me to connect. I've tried putting $ or & in front of the password to no effect. How do I enter this on the Mac?
  The Mac offers me 40 bit or 128 bit but not 64 bit. Is this relevant?
  Alternatively, if can I just change the router password to alphanumeric e.g. macfan?

  I've turned on 64 bit WEP on the router and entered a five letter password. I'm allowing broadcast of SSID while trying to fix this and the Mac can see the network but asking to join and selecting either just WEP Password or WEP 40 bit ASCII and entering the same five letter password, it fails to join and gives the error message invalid password.
  Bummer!
  an exact 5 ASCII character password should have worked for a WEP 40/64 bit key. But if it didn't, then it didn't.
  The router should be able to tell you the WEP Hex Equivalent Password. It should looks something like 1A2B3C4D5E (this is just a made up example, you must get the real hex value from your router). You enter this as the password.
  NOTE: Apple has played games with entering hex passwords over the years, and I DO NOT know the current rules, so I'm going to suggest you try 3 different ways to enter this hex value. One of them should work, or there is something else wrong.
  $1A2B3C4D5E
  0x1A2B3C4D5E
  1A2B3C4D5E
  One of these mentions of entering the WEP Hex Equivalent Password should work (I'm placing my bets on the leading dollar sign).

• How to load composite business key into Dimension

  Hi,
  Maybe what I'm asking is very basic but, well, here I go:
  I have a dimension, CollectingAgent, and several tables to populate from:
  Bank (bank_code, bank_name ) [PK: bank_code]
  Agency (bank_code, agency_code, agency_name, address, etc) [PK: bank_code, agency_code]
  Now, for my purposes, collecting agent is the bank+agency descriptions concatenated. I don't know hoy to load, or map, the combinated key (bank_code, agency_code) into the business field of the dimension. OWB won't let me define more than one attribute as business key.
  I'm using OWB 10g Rel2.
  Thanks in advance for your help,
  --oswaldo.
  [osantos]

  Ok, let me try to give an example made up with completely bogus information. I'm going to make a dimension called clothing that has two hierarchies that look like this:
  "Item" hierarchy:
  All Clothing --> Item Type --> Color / Item
  "Color" hierarchy:
  All Clothing --> Color --> Color / Item
  Item type would be values such as pants, shirts, dresses, etc. The low level "color / item" is just a combination of those two (i.e. "Blue Shirt") - and note in this example that it will have 2 composite natural keys. It will roll up over the item type hierarchy under shirts, and under the color hierarchy in blue. Here's a sample of what I'm talking about:
  (Item hier)
  All Products
  ...Pants
  ......Blue Pants
  ......Red Pants
  ......Green Pants
  ...Shirts
  ......Blue Shirts
  ......Red Shirts
  etc.
  (Color Hier)
  All Products
  ...Blue
  ......Blue Pants
  ......Blue Shirts
  ...Red
  ......Red Pants
  ......Red Shirts
  like I said, completely bogus, but this will let me illustrate how to set up the dimension. I'd create the following attributes (hard to format, sorry):
  Key....................Surrogate Key
  ID.......................Natural Key
  Item_Type_ID......Natural Key
  Color_ID..............Natural Key
  Short_Desc.........short description
  Long_Desc..........long description
  Having created these attributes, I'd then create the following levels and assign the attributes as follows:
  All_Products_Level:
  ...Key
  ...ID
  ...Short_Desc
  ...Long_Desc
  Item_Type_Level:
  ...Key
  ...Item_Type_ID
  ...Short_Desc
  ...Long_Desc
  Color_Level:
  ...Key
  ...Color_ID
  ...Short_Desc
  ...Long_Desc
  Color_Item_Level:
  ...Key
  ...Color_ID
  ...Item_Type_ID
  ...Short_Desc
  ...Long_Desc
  Should be pretty easy from there. The whole trick is to have a SERIES of different natural keys - a "generic" one (ID) for dimension levels you don't really care about, and "named" ones (color_id, item_type_id) you can use for given levels. And note that you CAN have more than one natural key at any level, and you can have some natural keys that are not used at all levels.
  For your simple dimension, you can probably do the following (note that I'm assuming the lowest level has your composite two business keys, while the top level is completely separate):
  TOP_LEVEL:
  ...Key (for the surrogate key)
  ...ID (for the business natural key)
  ...Short_Desc
  ...Long_Desc
  BOTTOM_LEVEL:
  ...Key (for the surrogate key)
  ...Business_natural_key_1 (rename to be match your first business key)
  ...Business_natural_key_2 (rename to match your second business key)
  ...Short_Desc
  ...Long_Desc
  Hope this helps! If you need to see something a little more concrete, feel free to email me at SPowell at columbus.rr.com, send me some details on exactly what your keys are, etc. and I'll whip up a quick example for you.
  Thanks,
  Scott

• How to enter WPA2-PSK  key ?

  Hi,
  To connect to my network at work I have a key with 64 hexadecimal digits.
  How do i enter that in the iphone ?
  I read somewhere that for WEP you need to prefix '$' in front of the hex digits. Someone also told me to try to prefix 0x.
  I tried the 64 hex digits without any prefix too.
  None of this worked.
  I also tried to create a configuration profile using the configuration tool, but it doesnt let you enter a password or key in the profile (it has to be done on the phone i guess)
  Thanks

  9 Alphanumeric characters will work just fine, hexadecimal is just another representation of the ASCII characters. In theory, it would take 1000 PC's about 16 years to crack a 9 alphanumeric password.

• How to enter two different arrays into two columns of a multi column listbox

  Hi All,
  I have two different arrays of values suppose 1 array A(1,2,3,4,5) and another array B(3,4,5,6,7). I want to write these to arrays into a multicolumn listbox such that 1st column would be array A and 2nd column would be array B.
  Thnx in advance
  Solved!
  Go to Solution.

  I still couldnt understand how to do it...
  I am posting here my VI. here the 1, 2, 3, 4 are some controls. If i enter any value, the calculated Voltage and current are continously pushed in the array. Now i have display these arrays in the multi column listbox as 1st column be the voltage and second column being the current.
  Attachments:
  manual_graph.vi ‏643 KB

• I have the key; but it's not recognized. I can't enter the whole key into the 3 boxes provided

  ''locking as a duplicate - https://support.mozilla.com/en-US/questions/874827''
  The key I was provided is about 30 characters long, with 5 dashes.
  When I try to set up the sync, I am provided with 3 textboxes. When I enter the key, the characters' size is so large, I can only fit 3 characters per box. Therefore I can not enter whole key.
  I don't see option to change the size. So, what do I do?
  I have tried entering a number of different sequences of characters, starting with the first letter and then starting with the second, etc.
  Nothing seems to work. I keep getting an error.

  If you have a sync key instead of the passphrase then you need to click the link that I don't have the device with me and fill the name (email) and password and sync key fields.
  * Click "I already have a Firefox Sync account" : Connect
  * Click "I don't have the device with me" at the bottom
  * https://support.mozilla.com/kb/How+to+sync+Firefox+between+my+desktop+and+mobile
  * https://support.mozilla.com/kb/where-can-i-find-my-firefox-sync-key