Libsapcrypto - does it support 4096 - bit RSA keys

I have a few questions about the libsapcrypto library and it's use with SSL server certificates.  Will it support
4096 bit RSA keys?    Will transaction STRUST support openssl server certificates 4096 bit or otherwise with
the libsapcrypto installed?
Thanks.

Yes - see [SAP note 690999|https://service.sap.com/sap/support/notes/690999], point 4 as well as [SAP note 836367|https://service.sap.com/sap/support/notes/836367].

Similar Messages

  • ConfigMgr Certificate Support Clarification: CAs with 4096-bit RSA Key Lengths

    Hello,
    Does anyone know if ConfigMgr 2012 R2's certificate authentication will work with the following PKI configuration?
    Root CA - 4096 bit RSA
    Issuing CA - 4096 bit RSA
    ConfigMgr Client / ConfigMgr Servers - 2048 bit RSA
    I saw on the
    ConfigMgr Certificate Support Page that "AMT-based computers cannot support CA certificates with a key length larger than 2048 bits", but the other certificates are somewhat unclear. In this environment, I will not deploy AMT functionality.
    For example, the Windows client computers certificate requirements state "Maximum supported key length is 2048 bits.", but it isn't clear if that rule applies to the ConfigMgr Client certificate itself, or to the whole certificate chain including
    CAs.
    Dropps' post on
    this forum page seems to indicate that he has it working with a 4096-bit CA, but I'd like to hear some additional confirmation.
    Anyone out there running ConfigMgr certificates with a 4096-bit CA?
    Thanks!
    Frank Lesniak

    TL;DR: With the exception of out-of-band management/AMT, ConfigMgr 2012 works fine with a PKI hierarchy that includes 4096-bit key length RSA Root CA, Policy CA, and/or Issuing CA certificates. Just make sure that the certificates issued to
    the ConfigMgr servers and clients have a 2048-bit key length.
    Longer answer: Since I did not have any takers on this question, and since I needed an answer quickly, I decided to build a lab environment. I built a PKI hierarchy that is 4096-bit RSA with a SHA-256 signing algorithm. I created certificates templates per
    ConfigMgr requirements (with a 2048-bit key length) and deployed the appropriate certs to both the ConfigMgr server and client. Next, I installed ConfigMgr and configured site boundaries. Then I installed the ConfigMgr client on my client machine and
    watched the logs.
    Not only did the client initialize properly, the certificatemaintenance.log, clientidmanagerstartup.log, and clientlocation.log files all appeared happy.
    I think it's safe to say that ConfigMgr supports a 4096-bit PKI for everything but out of band management/AMT. Just make sure you limit the certs deployed to the ConfigMgr servers or clients to a 2048-bit key length.

  • Does ASA Support Android Hybird RSA Authentication ?

    Dear all
    Does ASA Support Android Hybird RSA Authentication  ?
    I should be such as to set the ASA firewall, let him support Android VPN Hybrid mode under my settings
    tunnel-group IPsec_Hybird_Tunnel general-attributes
    default-group-policy Android_Hybird
    authorization-required
    tunnel-group Android_Hybird_Tunnel ipsec-attributes
    ikev1 pre-shared-key **********
    chain
    ikev1 trust-point CA
    ikev1 user-authentication hybrid
    tunnel-group Android_Hybird_Tunnel ppp-attributes
    authentication ms-chap-v2
    crypto ikev1 policy 10
    authentication rsa-sig
    encryption aes-256
    hash sha
    group 2
    lifetime 86400
    when i debug find this message
    %ASA-7-713906: IP = 1.1.1.1, All SA proposals found unacceptable

    I've managed to configure IPSEC hybrid(Mutual group Authentication) with the Cisco VPN client, which uses a pre-shared key and CA certificate as well as Xauth. When using "IPSec Hyrbid RSA" on an an Android device, my attempts to configure it on the ASA have failed.
    Log message:
    3
    Jul 25 2013
    20:39:54
    713048
    IP = 192.168.7.76, Error processing payload: Payload ID: 1

  • Any JavaCard supporting 2048 bit RSA?

    Hi all,
    I am finding a java card that supports 2048-bit RSA. I know there are existing products in the market. However, they are black-box operating, e.g. process digital signature. What I need is PLAIN RSA computation - if there is a plain Java card, I can program it by myself.
    I have found some vendor, however, it seems they don't provide such plain Java cards.
    Anyone know if there is such a 2048-bit Java card?
    Thank in advance.
    Cheers,
    Hue

    Oh thanks!!!!!!!!!!!!!!
    Would you please give more detail to me?
    At the mean time, I am searching on the web!!~~
    =D thz!!!!

  • I have a message on my iMac 24 says Boot Camp does not support 64-bit on this computer. how do i fix is?

    I have a late 2009 iMac 24 that i downloaded Windows 7 Ultimate 64-bit on. When i tried to download Windows 7 Support, i got a message that says Boot Camp does support 64-bit on this computer. I do have Windows 7 Ultimate 32-bit CD. What would be the easy way to fix this. Thanks

    There is no OS X 5.0.5. If you can boot to OS X on your computer select About This Mac from the Apple menu. It will display the version you have installed.
    I think the message meant you can only install 64-bit Windows 7.
    Perhaps one of these will help you:
    Mac Basics- Using Windows on your Mac with Boot Camp
    Boot Camp- System requirements for Microsoft Windows operating systems
    Boot Camp Help- Overview of Boot Camp setup
    Boot Camp- Installing Windows 7 Frequently Asked Questions
    Boot Camp 4, OS X Lion and Mountain Lion- Frequently asked questions

  • Why does JadTool say "Not an RSA key: DSA"?

    I'm trying to sign a midlet with a CA's blessing and have followed the sequence described in WTK tool documentation, http://www.spindriftpages.net/blog/dave/2006/06/18/midlet-jar-signing-a-tutorial-revised/ , http://www.forum.nokia.com/document/Java_ME_Developers_Library_v2/ , and such. I created a keypair with my company info, then a certificate signing request as described in many places, gave Verisign the request and $500, imported the reply in my keystore, and am now using JadTool from the WTK (we're at WTK2.5.1). JadTool.jar -addcert works fine. JadTool.jar -addjarsig throws "java.security.InvalidKeyException: Not an RSA key: DSA". If I dump the keystore I see no refs to a DSA key. I do see "Signature algorithm name: SHA1withRSA" which is surprising, following MD5 and SHA1 fingerprints, for certificate 1 (us) and 2 (Verisign).
    Thanks in advance for any suggestions / answers.

    Verisign tech support had the answer. In my case, the replaced key in the keystore had only 2 certificates in the chain, not 3. Because I did not say "-trustcacerts" when importing the reply from Verisign, it did not look up their top-level certificate from the cacerts file in the JRE, the one signed by God that vouches for Verisign. Since I did not have a copy of the pre-reply-import keystore, I had to start over, generate another certificate signing request, and go to the Verisign site to request a replacement. (They don't charge you another $500 for this.)
    There was a new issue here - apparently I had been using some earlier version of keytool before. When importing the base64-encoded reply, -rfc is no longer necessary; it checks auto'ly. But where before I had to remove the "-----BEGIN CERT..." and "-----END ..." lines from the reply that I import, now they are required.
    Stan

  • Does JRE supports 64 bit?

    Which version of JDK and JRE supports 64bit?
    In windows OS, using java whether it is possible to convert a 32 bit file into 64 bit file?

    Does JRE supports Windows 64 bit? If yes whats the vesrion.

  • Does LR5 support 10-bit color?

    I'm about to make a significant investment in GPU and monitor if LR5 supports 10-bit color.  Please confirm.

    Thanks.  There are varying posts that suggest it might exist, but they all seem vague:
    http://photo.net/digital-darkroom-forum/00bQ0n

  • Does Mozilla support 128-bit encryption?

    To use IRS Business Services Online (http://www.socialsecurity.gov/employer/bsohbnew.htm), 128-bit encryption is needed. They say:
    "To determine whether your browser supports 128-bit encryption, select Help/About from your browser menu. Most browsers will display the phrase ?128-bit encryption? or "128-bit cipher strength.? If you are unsure whether your browser supports 128-bit encryption, contact the software company that developed the browser."
    But I can't seem to find this information on the about page or in online articles about encryption. Would you please help?

    Current Firefox releases can't even go below 128 bit, SSL2 that supported this have been removed quite a few releases now (Firefox 8 dropped support for SSL2).
    *https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Releases/8
    128 bit is the minimum that you can use with Firefox and you can only go higher (e.g. 168 or 256).<br />
    128 bit shouldn't be used these days and servers that only support 128 bit should update their software.
    Firefox supports AES-256 since 2002, so that is already more than 10 years.
    * https://www.fortify.net/sslcheck.html

  • Macbook Pro & Mini Dispalyport Does NOT Support 10 bit Color Monitors

    I am extremely concerned regarding Apple's Mini Displayport. Mini Displayport has been out for a year now, and is the video out port with the maximum signal output on Macbook Pro's. Apple's Mini Displayport still does not offer the compatibility and performance, that is possible with the standard Displayport implantation on Windows.
    Case in point two monitors from NEC and Eizo, the NEC PA214W and the Eizo CG223W:
    http://www.eizo.com/global/products/coloredge/cg223w/index.html
    http://www.necdisplay.com/Products/Product/?product=5a6621b9-e9c4-4f02-8542-e625 1364bf7c
    All current Macbook Pro's with Mini Displayport are unable to support the 10 bit color that these monitors are capable of. This is unacceptable, and an example of Apple leading customers to believe that Mini Displayport, offers the same capabillities and performance as Displayport.
    It is my understanding that on paper MBP's with the NVidia 9400/9600 are capable of outputting a 10 bit signal. They just do not at this point in time, unlike all PC notebooks with Displayport. Mini Displayport has been sold by Apple as being every bit as capable only smaller than Displayport. The truth is it is not.
    Apple notebooks can not currently produce the same level of quality on these monitors as Windows notebooks with Displayport that have also been on the market for a year now.
    http://www.tftcentral.co.uk/newsarchive/19.htm#10-bitips

    Displayport:
    http://www.displayport.org/consumer/
    http://www.displayport.org/consumer/?q=content/faq
    "Performance for a display interface is really bandwidth. So Displayport offers up to 10.8 Gigabits per second. That bandwidth can be allocated for greater color depth (more colors per pixel, i.e.. 30 bit color monitors), it can be allocated to resolution, i.e.. WQXGA , or refresh rate."
    Note: The bandwidth has increased to 21.6 Gbps with the announcement of Displayport v1.2.
    It appears to me that aside from the top of the line (Windows PC) notebooks, that the only systems that will currently be able to achieve 30 bit color with these monitors are going to be desktop systems with Displayport/Mini Displayport and the necessary GPU and Operating System. This is an example of the difficulty in getting accurate information when it comes to what a system can and can not do. Rod correctly pointed out that I was mistaken in saying that "all" PC notebooks with Displayport are capable of achieving 10 bit per channel output, some do not. As BSteely, Lewis, and Rod have discussed Mini Displayport is not what is responsible for the fact that Macbook Pros can not currently output 10 bit per channel signal. Displayport exists and allows for this capability, and I stand by my opinion that currently Macbook Pros with Mini Displayport do not implement the full Displayport spec, in particular the ability to output 10 bit per channel signal to 30 bit color monitors. On the PC side it is the "workstation" class notebooks that have had and continue to have this capability. There may be others, but in reviewing Dell, HP, and Lenovo I am only finding it in the Precision, W series, and Elitebook models. The latest T Series Thinkpads with Quadro GPU's may work as well. At this point, I am not going to research each and every model to determine exactly which notebook models and configurations will work, except to say none of them are Macbook Pros. The lesson here should be get multiple confirmations regarding your system's configuration and your intentions in its use. I was mistaken in my understanding that the MBP 17 with Mini Displayport would support the Displayport spec as it relates to 30 bit color monitors. I have stated what I think is wrong about that, but that is the way it is for now. Apple is not the only company to hype a technology, only to offer a limited implementation of it. "Vista Capable" comes to mind.
    http://www.informationweek.com/news/windows/operatingsystems/showArticle.jhtml?a rticleID=212100567
    This post will hopefully alert others to this limitation. To end on a positive note, in my experience the last six months with my Macbook Pro, Apple has demonstrated it can resolve issues quickly and effectively, and I have been extremely pleased to the extent that they have worked with me to address the few significant issues that have come up, including a system replacement in quick order. This may or may not be something they will be able to address with the current Macbook Pros or even the next generation. We will see.

  • Does Firefox support 128 bit encryption, as required on certain financial sites?

    Some financial sites and credit card sites require 128 bit technology on the browser. Does Firefox use this or will I have to resort to using I.E?

    Firefox supports up to 256 bit encryption.

  • Does iDVD support 24 bit audio?

    I have a project that calls for impeccable audio quality. The client has supplied me with 24 bit aiff files.
    The files import easily into Final Cut Express and when placed in the a 1080i60 timeline show no sign of needing a render.
    Does this mean that I will retain the 24 bit quality all the way through export to authoring of the DVD in iDVD? Does iDVD compress the audio in such a way that it will no longer be 24 bit?
    I can find little or no information about this particular question in the manuals or the discussions.
    Thanks in advance.
    Mike Pulcinella

    Apple has never said much about the audio encoding in iDVD.
    'Traditionally' it was just two channel uncompressed PCM audio; DVD SP (with Compressor) gives several other choices (including Dolby Digital).
    Toast gives you the choice of uncompressed PCM or Dolby Digital as well.
    Here is what the Toast manual has to say: Audio Format: Choose Dolby Digital or uncompressed PCM. In almost all cases, Dolby Digital is the best choice. It uses less disc space, so you can fit more video on the DVD, and the sound quality is almost the same as PCM.
    Data Rate: Choose the bit rate to encode the Dolby Digital audio. Higher bit rates can produce slightly better sounding audio, but use more disc space. Toast uses 192 kbps by default.
    Dynamic Range Compression: Enabling dynamic range compression reduces the range between loud and soft sounds in order to make dialogue more audible, especially when listening at low volume levels.
    PCM audio should be used if you want to maintain 100% fidelity and only if the audio source is already uncompressed PCM, such as tracks on an audio CD or a high quality audio recording. If the audio files are already compressed (such as MP3 or AAC songs in your iTunes library) do not use PCM—it will not improve the sound quality.
    Toast records PCM at 48 kHz / 16 bit levels or 48 KHz / 24 bit levels, which are higher than standard CD quality. Audio that has been recorded at 96 kHz / 24 bit is downsampled automatically unless you choose the 96 kHz / 24 bit option, which maintains the higher quality but significantly reduces disc space.
    When you choose PCM, any existing Dolby Digital audio files will be “passed through” without reconverting to PCM.
    Hope this helps.

  • Does DPL support custom sorter for key?

    Hi all,Is there any approach to implement my own sorter for key?
    I know that this is supported with Basic API,but I failed to find the document about this.
    Thanks in advance.

    Hi,
    See the Key Sort Order section on this page:
    http://docs.oracle.com/cd/E17277_02/html/java/com/sleepycat/persist/model/PrimaryKey.html
    --mark                                                                                                                                                                                                                                                                                                               

  • Does java supports 64 bit processing?

    Hello
    I'm using Pentium D 930, dual core 64 bits CPU, I wonder how can I take advantages from this 64 processor. Could someone give me ideas or what I have to do is just changing to 64 bits JVM.

    http://www.google.com/search?hl=en&q=java+64+bit&btnG=Google+Search

  • I have a new computer but unfortunately it has a 64 bit.  I can not do so many things on this new computer b/c you need adobe flash player and adobe does not support 64 bit.  Is there anything to be done so this computer can work the way it is suspossed 2

    It is very frustrating.  I have an old computer that I have to go to just to do half the things I want my new computer to do.  Any advise?? Thanks

    See this technote:
    http://kb2.adobe.com/cps/000/6b3af6c9.html

Maybe you are looking for