Keytool generated keys portable to other platforms?

I generated asymmetric keys using Java Keytool on Windows NT. Are the keys portable to Unix ? Also, can programs like Perl, ASP read these keys? Thank you.

This is not completely correct. Key tool does not allow export of
private keys. It is a real drag for developers.You no need to export anything. BTW, PKCS#12 keystore could be created by using keytool with appropriate JCE provider with PKCS#12 support. Then you can open it on other platform, that supports PKCS#12 (i.e. mozilla or msie web browsers can do it). For more detail on PKCS#12 refer to OpenSSL PKCS#12 FAQ. http://www.drh-consultancy.demon.co.uk/pkcs12faq.html

Similar Messages

  • Generating key pair on PKCS#11token and save it there

    Hello,
    again i'm completely lost in this PKCS11 jungle.
    What i want to do:
    Generating key pair on crypto pkcs11 token and store it there.
    In the moment i've tried eg:
    sun.security.pkcs11.SunPKCS11 p = new sun.security.pkcs11.SunPKCS11(configName);
    Security.addProvider(p);
    Builder builder = KeyStore.Builder.newInstance("PKCS11", p, new KeyStore.CallbackHandlerProtection(new UserInputDialog(new JDialog(),"test","test")));
    KeyStore ks = builder.getKeyStore();
    ks.load(null,null);
    KeyPairGenerator gen = KeyPairGenerator.getInstance("RSA", p);
    gen.initialize(1024);
    KeyPair kp = gen.generateKeyPair();
               Here access to token works. The callback PIN dialog comes up and i can login.
    But i'm not sure whether the key are generated on this PKCS11. And they are not stored there.
    How i can generate keys are stored there.
    (like with keytool -genkeys ). In keytool case a certificate is stored.
    ... every little hint, also to some documentation i've not seen, is very welcome ...
    Thank You !
    Regards
    Thomas
    .

    First, you need to get a KeyStore representation of the PKCS#11 token with code similar to this, I'm using NSS as the PKCS#11 token in this example:
    Provider nss = new sun.security.pkcs11.SunPKCS11(configFile);
    Security.insertProviderAt(nss, 1);  //you may not want it at highest priority
    KeyStore ks = KeyStore.getInstance("PKCS11", nss);
    ks.load(null, password);From the testing I've done in the past with various tokens, when you generate an asymmetric keypair (e.g. RSA like you are) specifying the PKCS11 provider, it creates it right on the token automatically and code like below is not needed.
    To store the key in the keystore, use code similar to this, I'm using NSS again and storing a symmetric key:
    KeyGenerator kg = KeyGenerator.getInstance("DESede",nss);
    SecretKey tripleDesKey = kg.generateKey();
    KeyStore.SecretKeyEntry skEntry = new KeyStore.SecretKeyEntry(tripleDesKey);
    ks.setEntry(randAlias, skEntry, new KeyStore.PasswordProtection(password));

  • How to use "keytool" generated certificates in B2B

    Hi,
    I have generated few certificate stores(files containing private key and trust certificate) in ".jks" format and exported client certificate from them in ".der" format using "keytool" commands in java. Now I want to use them for SSL authentication.
    Is there any possible way of doing this ?
    I tried to open these keystores in Wallet Manager but it did not accept those keystores. Even I tried to create a keystore with name "ewallet.pk12" (in PKCS12 format) but wallet manager did not accept it's password.
    Please provide a solution if it exists.
    Thanks in advance.
    Regards,
    Anuj Dwivedi

    Hi,
    If you are generating key/certficates may be you could make the "keytool" to generate the keystore in PKCS12 format. This format can be opened using Oracle Wallet Manager. Here's the command,
    keytool -genkey -keyalg "RSA" -keystore ewallet.p12 -storepass welcome1 -storetype PKCS12
    The above command would create a wallet in the current directory and the same can be opened in the "Oracle wallet manager".
    Other Approach:
    If you want to export just certificates alone from "JKS" format keystore and add it to the ewallet.p12 as an trusted entry, you can very well do that.
    One thing note here, make sure keys are generated using algorithm "RSA". Sample commands below,
    1. keytool -genkey -keyalg RSA -keystore test.jks
    2. keytool -export -file test.crt -keystore test.jks
    3. You could import the certifcate "test.crt" created in the previous step to ewallet.p12 using "Oracle wallet manager".
    Regards,
    Sinkar
    [From Ramesh Team]

  • Prioryly generated key problem.

    public String encrypt(String password){
    String algo = "DESede";
    Cipher cipher = Cipher.getInstance(algo);
    String s = null;
    Key key = (Key)com.sun.crypto.provider.DESedeKey@4f9655f1;
    cipher.init(Cipher.ENCRYPT_MODE, key);
         byte[] inputBytes = password.getBytes();
         s = cipher.doFinal(inputBytes);
    return s;
    public String decrypt(String password){
    String algo = "DESede";
    Cipher cipher = Cipher.getInstance(algo);
    String s = null;
    Key key = (Key)com.sun.crypto.provider.DESedeKey@4f9655f1;
    cipher.init(Cipher.DECRYPT_MODE, key);
         byte[] vas = cipher.doFinal(password);
         String s = new String(vas);
         return s;
    I got a problem with the above code the character @ in the object com.sun.crypto.provider.DESedeKey@4f9655f1 does not compile in java, but I need to use it because its my pre generated key that i wish to use in encryption and decryption function.
    Thanks for the help in advance.

    Wow. This one is...surreal. Let's see:
    As silk.m noted, what you're trying to do doesn't make any sense. You need to have the bytes of the Key in order to recreate it. Use generatedKey.getEncoded() to get the byte[] that describes the Key, and then look at how to use DESedeKeySpec and SecretKeyFactory to recreate the Key object.
    On top of that, you have other problems.
    You can't just use byte[] plaintext = s.getBytes(). The default String encoding is different on different platforms. You need to tell getBytes() which encoding you really want.
    You're attempting to return the output of doFinal() as a String. You can't - it's a byte[]. You can't just return "new String(doFinalBytes)", either - ciphertext IS NOT "String-able". You'll need to Base64 it first.
    It's also possible you'll be bitten by having a plaintext that isn't an integral number of blocks. I don't recall if the default DESede uses padding, or assumes NoPadding.
    You've got some fixing to do...
    Good luck,
    Grant

  • WHY SUCH AN INJUSTICE THAT BBM CANNOT BE USED ON MY CURVE 9300 OVER NORMAL DATA SERVICE AND OTHER PLATFORMS CAN USE!

    Hello,
    I am using Blackberry Curve 9300. I purchased this phone for Rs. 17,250 before some 3 years, I considered RIM to be a Company providing premium services which is unique in itself and which worth spending on them and the most important thing is those are not available to non-blackberry users! Especially in case of Blackberry Messenger, which is such a service connecting all the blackberry users around the world, making a mark of precious symbol of the users of BBM.
     Before few days I came to know about BBM being available on Android and Windows phones, my question is why this injustice with your own customers, you provide the app which they will use with their normal data plan and we people who are your real customers, who trusted in you have to spend not less than Rs.129 for just BBM!I must say RIM is the most back-stabbing company I have had ever dealt with! People are laughing at us as they are using the same service for almost free and we have to spend a huge sum for availing the same service, my question is are these non blackberry people your customers or we people who contributed in your success with hopes of trust?
    My question is not why you made available BBM usage to non-blackberry users with such flexibility but my question is why can't you be loyal to your own customers?
    I hope that RIM would have a pleasing justification.

    Thanks with the signature but I already removed it from my profile too.
    I was never under a rock when it comes to technology I know that in India before few months yoru Blackberry Z10 was Rs.44,000 and now it is Rs.21,000. I understand the ploy of making BBM cross platform to generate revenue, first in a technical sense and another by creating it advrtisement in the marker.
    Do you think that taking an undue advantage of our loyaty and enduring the mockery of your own customer would take you anywhere? Don't you think that abusing your own customer's prestige would even affect you negatively? While your customer is paying Rs.129 for just BBM the Android person sitting next to him is lauging at him for he paid you and call him fool! Profits doesn't starts only by making huge business decisions but from the loyal and satisfied customers. You may always find customers all around always complaining but deep down if you have touched their needs they will bless you with good words at your back, maybe in such a way that you will never come to kow but it will grow you more. I am not here to deliver you a marketing lecture as i am in corporate law field but let me tell you what I read during my graduation, it said something like one disatisfied customer can discourage ten potential customers from buying your product and I have started feeling the same in case of online shopping but I do not know when the company giant blackberry would come to know! 
    When you said about expanding customer base, think about a company who is expanding its base of customers by disatisfing their current customers who always took pride in you by providing them services at harsh terms and in front of their eyes others are getting benefits at a very low cost.
    Our family business is textile manufacturing, not as big as blackberry but we always knew that if we will start selling our goods by describing them as really premium goods and start charging out of lips and bounds, of course my product could be premium worth the price but one thing I could be missing would be a point of finance, there could be cheaper alternatives in market which could be selling at lower price which same usage. My concern is just to keep our eyes open.
    Now consider a phone on which I can use Whatsapp which satisfies my messaging needs, gtalk and yahoo messengers for my im needs, push mails for emails, browsing and downloading for just Rs.99 and on the other hand Blackberry services for Rs.389, it is indeed clear the reason of downfall, though it is labelled as premium service and indeed it could be, permium service as I said earlier.
    When you feel that your boat is sinking, you do not have only have to pull out the waters but on the priority basis you have to cover the hole too! Blackberry is just pulling out the water leaving the hole as it is!
    If you say that legacy mode in BBOS could bother you  from providing BBM for BB device, you know that it cannot be and even I know that, any technical person can know that as it is a little secret that I can use BB browser without BIS and many other apps are example of the same (to be a bit informal). See, I never asked this thing from last three years but now when you are making it cross platform why not to give a little benefits to those who paid you till now, if you can give it to those who are nothign to you?
    My question is that why can't you provide BBM to be used on the normal data paln for your own old and loyal customers who paid you such a handsome amount from many years for your services as how you provide on other platform, just for BBM not email and rest of your services?

  • Can't open libHaru-generated PDF with Reader, other readers work.

    Our application uses libHaru to export PDF images.  These PDFs can be opened using PDFlite on Windows, Preview on Mac and some other readers.  However, I have tried several versions of Adobe Reader on both platforms and the files fail to open with the message: "There was an error processing a page.  There was a problem reading this document (14)."   So, it seams that Adobe Reader believes that there is problem with this file.  However, from my very limited understanding of PDF structure, I have no idea what might be wrong, so I don't know how to fix it.  The file is written unencrypted.  It is about as simple a PDF as we can generate - a red-filled rectangle.  I would greatly appreciate any suggestions or help.
    Here is a sample PDF:
    %PDF-1.3
    %∑æ≠™
    1 0 obj
    <<
    /Type /Catalog
    /Pages 2 0 R
    >>
    endobj
    2 0 obj
    <<
    /Type /Pages
    /Kids [ 4 0 R ]
    /Count 1
    >>
    endobj
    3 0 obj
    <<
    /Producer (Haru Free PDF Library 2.3.0-dev)
    >>
    endobj
    4 0 obj
    <<
    /Type /Page
    /MediaBox [ 0 0 236 207 ]
    /Contents 5 0 R
    /Resources <<
    /ProcSet [ /PDF /Text /ImageB /ImageC /ImageI ]
    /Pattern <<
    /Type /Pattern
    /PatternType 1
    /PaintType 2
    /TilingType 2
    /BBox [ 0 0 100 100 ]
    /XStep 100
    /YStep 100
    >>
    >>
    /Parent 2 0 R
    >>
    endobj
    5 0 obj
    <<
    /Length 6 0 R
    >>
    stream
    1 0 0 -1 -118 296 cm
    1 w
    0 0 0 RG
    [] 0 d
    1 0.3 0.3 rg
    q
    % Rect
    119.25 90 m
    352.5 90 l
    352.5 294.75 l
    119.25 294.75 l
    119.25 90 l
    h
    B
    Q
    endstream
    endobj
    6 0 obj
    135
    endobj
    xref
    0 7
    0000000000 65535 f
    0000000015 00000 n
    0000000064 00000 n
    0000000123 00000 n
    0000000188 00000 n
    0000000458 00000 n
    0000000647 00000 n
    trailer
    <<
    /Root 1 0 R
    /Info 3 0 R
    /Size 7
    >>
    startxref
    666
    %%EOF

    You would need to post a sample PDF that demonstrates the problem.  All you posted there is text.  (PDF is a BINARY file format)
    From: Adobe Forums <[email protected]<mailto:[email protected]>>
    Reply-To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>>
    Date: Thu, 13 Oct 2011 11:02:42 -0700
    To: Leonard Rosenthol <[email protected]<mailto:[email protected]>>
    Subject: Can't open libHaru-generated PDF with Reader, other readers work.
    Can't open libHaru-generated PDF with Reader, other readers work.
    created by Fred Snerd<http://forums.adobe.com/people/Fred+Snerd> in PDF Language and Specifications - View the full discussion<http://forums.adobe.com/message/3969828#3969828

  • Getting generated keys inside Java

    Is there any way to get generated keys in Java running on CF
    server?
    I have some java code accessed from CF, I get a connection to
    the data source by name via
    "coldfusion.server.DataSourceService.getDatasource(datasourceName).getConnection()"
    call within java, which works. However if I try to do a
    connection.prepareStatement(sql,
    PreparedStatement.RETURN_GENERATED_KEYS) call or
    preparedStatement.getGeneratedKeyts() call I get a
    "java.lang.AbstractMethodError" exception like:
    java.lang.AbstractMethodError:
    coldfusion.server.j2ee.sql.JRunConnectionHandle.prepareStatement(Ljava/lang/String;I)Ljav a/sql/PreparedStatement;
    Which seems to indicate to me that CF does not implement
    getting generated keys via JDBC - is there another way or do I have
    to just give up and do a "select" after "insert"?
    Hope this made sense.
    Thanks,
    -HH
    P.S. In case this is usefull, CF MX7 with MSSQL2005 , JDK
    1.4

    Hichhiker wrote:
    > Is there any way to get generated keys in Java running
    on CF server?
    CF6/7 uses JDBC 2 so I don't think you can get it to work
    there. In CF 8
    it should work (if your database supports it).
    Jochem
    Jochem van Dieten
    Adobe Community Expert for ColdFusion

  • Keychain not generating keys for email certificates

    In trying to set up email signing for two different machines I ran into a problem when adding email authentication certificates from Comodo.  After downloading the .p7s files each of the users double clicked the files, adding them to their key chains.  However, when they opened Mail there were no options for adding the lock(encrypt) and star(digitally sign) icons to their 'compose new message' windows.
    After a lot of screwing around, I discovered that the new certificates had been added, but just as regular certificates and never made it to the 'My certificates' section.  After some more comparisons I discovered that the private keys had not been generated automatically when the keys were added.  The solution was to send the origional files to a machine that was generating keys, add them to that machine's keychain and then export the certificates (this time with a .p12 extention) and re-import the keys back to the owners machines.
    That's a pain.  Anyone seen this before?  Have a better fix?
    Configs as follows
    Working configuration (generates keys)
    iMac 27" 3.4ghz Intel core i7
    Mac os 10.7.2
    keychain 5.0
    Broken configurations (not generating keys)
    Mac Mini 2.66 intell core duo
    Mac os 10.7.2
    keychain 5.0

    Hi Jack,
    Open Keychain Access in Utilities, use Keychain First Aid under the Keychain Menu item, then either check the Password under that item, change it, or delete it and start over.
    Resetting your keychain in Mac OS X...
    If Keychain First Aid finds an issue that it cannot repair, or if you do not know your keychain password, you may need to reset your keychain.
    http://support.apple.com/kb/TS1544

  • Support for Generated Keys in oracke jdbc drivers?

    Hi All,
    Anyone know when the Oracle Thin JDBC drivers are going to support generated keys?
    Regards,
    Lee

    Sure Justin,
    I should have made myself more clear. Sorry about that.
    I have a sequence for generating primary keys in a particular table, and a trigger to replace a null in my insert query with the nextval. That all works fine. I would like to use the DB-neutral means of getting a generated primary key...
    prepStmt = connection.prepareStatement(insertSQL, Statement.RETURN_GENERATED_KEYS);
    prepStmt.executeUpdate();
    ... and later ...
    ResultSet generatedKeyRS = prepStmt.getGeneratedKeys();
    ... etc.
    I am aware that I can get this information several other Oracle9i-specific ways, including using the sequence's .currval and creating a callable statement that returns the primary key column. However I would still like to use the nice, neat, vendor-neutral JDBCv3 way. Call me pedantic.
    Regards,
    Lee

  • Question about generate key press event to system. help plz.

    I am wondering if it is possible to write a java program to generate key press event(not receiving)to the local system so all the other program in the system receive those key press event also. Thanks.

    Hi,
    :. I don't know what exactly you intend to accomplish. But, I have used the following code in order to simulate keys pressing inside a Java application.
          /* - - - Simulates TAB (java.awt.Event)
          EventQueue evtq = Toolkit.getDefaultToolkit().getSystemEventQueue();
          evtq.postEvent( new KeyEvent(this, KeyEvent.KEY_PRESSED,
                          0, 0, KeyEvent.VK_TAB, KeyEvent.CHAR_UNDEFINED) );
          evtq.postEvent( new KeyEvent(this, KeyEvent.KEY_RELEASED,
                          0, 0, KeyEvent.VK_TAB, KeyEvent.CHAR_UNDEFINED) );
          /* - - - Simulates Shift+TAB (java.awt.Event)
          evtq.postEvent( new KeyEvent(this, KeyEvent.KEY_PRESSED, 0,
                          InputEvent.SHIFT_DOWN_MASK, KeyEvent.VK_TAB,
                          KeyEvent.CHAR_UNDEFINED) );
          evtq.postEvent( new KeyEvent(this, KeyEvent.KEY_RELEASED, 0,
                          InputEvent.SHIFT_DOWN_MASK, KeyEvent.VK_TAB,
                          KeyEvent.CHAR_UNDEFINED) );:. However, as far as I know to send keys to the whole OS you have to create a 'Hook' as described inside Win32API documentation. That's for Microsoft Windows naturaly.
    Cheers.
    Roque

  • JPA: Availability of generated keys

    Hi
    If I create an entity which has an auto-generated key and call the persist method of the entity manager, can I then assume that the key is immediately available in the entity or only after a subsequent call of the flush method?
    In general, the synchronization with the datasource may be delayed by the application server until commit time of the associated transaction. But the immediate availability of auto-generated keys can be crucial in session beans with container-managed transactions if the corresponding creation methods want to make use of the keys.
    Unfortunately, I couldn't find any definitive answer in the JPA specification.
    Thanks for any help, Stephan

    I must be missing something. I'm calling persist on my entity but i'm not getting a value for my primary key. Then when I go to put it in a relationship the whole thing dies. I even tried using flush and that didn't help either.
    I'm essentially doing
    beginTransaction();
    EntityA a = new EntityA();
    persist(a);
    EntityB b = new EntityB();
    b.setA(a);
    persist(b);
    commit();Is there some annotation I need so that the primary key is set on persist ?

  • Generating Key for new installation

    Hi,
    I installing IDES , I am trying to generate key. the FYI steps i have involved
    goto SMSY>select other object>generate key==yes got the key
    When i entered the generated key from solution manager
    The system does not accepts.
    The error message read as<b>"HOST directory to central instance and system ID incorrect"
    Please help tell me basic requiremnts or procedures to follow.
    REGARDS,
    PAUL

    Hello Paul,
    Kindly follow the steps mentioned in the below link to generate the key...
    http://help.sap.com/saphelp_sm40/helpdata/en/45/51fbdbd4941803e10000000a1553f7/frameset.htm
    regards,
    Anand

  • Generate Key Events without pressing key???

    Hi,
    Is it possible to generate key events without pressing a key in swing???
    i dont know if the question is logical or not, but just i want to generate some display as if the key is pressed by the user
    Ashish

    assuming c represents a text field.
    This will type the character 'a' in the text field:
    c.dispatchEvent( new KeyEvent (c, KeyEvent.KEY_TYPED, 0, 0, KeyEvent.VK_UNDEFINED, 'a') );
    This will invoke Ctrl+F1, which will show the tool tip for the text field:
    c.dispatchEvent( new KeyEvent (c, KeyEvent.KEY_PRESSED, 0, KeyEvent.CTRL_MASK, KeyEvent.VK_F1) );

  • CF 9.0.2 and Oracle - On update returns error "Auto-generated keys were not requested..."

    We have a simple update statement to Oracle 11g Database. When running the statement the data is not getting updated and we are getting an error "Auto-generated keys were not requested, or the SQL was not a simple INSERT statement. ErrorCode=0 SQLState=HY000". We found this error by dumping the SQL to a file.
    But most other Update statements are working fine.
    Also, the same statment works for Oracle 10g and Coldfusion 9.0.0.
    Any idea if this is a problem with Coldfusion or Oracle? Is there any resolution.
    I found the CF 8 had a similar issue and was fixed in a hotfix (http://helpx.adobe.com/coldfusion/kb/error-auto-generated-keys-requested.html).

    Hi,
    Thanks. I compiled my code using JDeveloper 10.1.2, didn't dare to use the latest. It works in 10g apps server. When I deployed to 9ias apps server, those weird errors showed up. Unfornately, our dev environment is at a newer version than the production one.
    So, you think the error is generated because I referenced some newer technologies that was not provided by 9ias?
    Jia

  • How to generate key events to a componet without keyboard

    I want to generate a key event, a Keylistener is already there, (in fact, java3D's KeyNavigatorBehavior). I want to use other input methods instead of key pressings, so how I generate the key event manually
    thx,

    Look at java.awt.Robot. It has a keyPress() method to simulate key presses.

Maybe you are looking for

  • Best way to add mass unorganized mp3 library to iTunes to stream on AppleTV

    Ok so I have a fairly large mp3 collection(well over 100 GB).  It is somewhat organized.  It is all on an external HDD under the folder music then from there there are subfolders for genres, then bands, then albums.  I am not sure I want to add all o

  • Why do you need an iPad?

    How does an iPad serve your needs compared to say, a macbook air, or something similar (ie. another small netbook or laptop) ? The reason I ask is because as I have started using my iPad, I am realizeing some magor deficiencies such as inability to w

  • 1/2 moon icon??

    what does the 1/2 moon icon near time on ipod touch mean??

  • How to connect asm instance

    hi I cannot be able to connect to the asm instance.I want to check the space and datafiles inside the asm. su - oracle $ export ORACLE_SID=+ASM1 $ export ORACLE_HOME=/oracle/products/asm $ pwd /oracle/products/asm/bin $ ./asmcmd ORA-01034: ORACLE not

  • How do we find first date of a month and last date of month?

    is it required long caluculation or is there any simple method?