Private Key Created

A private Key in my user name was created without my knowledge that expired after one month. It is in my keychain as a Root Certification in the System Keychain. I checked all of the Console Logs and could not find any mention at the date and time of its creation. Concerned about Malware, I also checked emails from that date and ran ClamXAV -nothing suspicious. I have Googled the issue thinking that someone else has noted this-no luck.
I hope it was not Hacker activity. I checked another Mac in the house and there is no similar Certificate. MacPro OS 10.8.5
Any Ideas?
Thanks

use openssl to convert your private key into a pkcs#12 format file. keytool should able to treat this file as a keystore. Then run keytool -importkeystore, specifying the pkcs#12 file as the source keystore.

Similar Messages

Creating a single public key and multiple private keys

Hello,
I am new to java cryptography. The problem statement is :-
We have an accounting application, with flexibility of number of users and companies. The number of users and companies for this application has to be restricted based on the license the user has. That is the user will download our application via web while the user downloads he has to be given the key according to the license he has requested (i.e. single or multiple users/companies), I am unable to get the logic of private and public keys as such, y because which ever alogorithm i saw will generate a public and private key in pairs hence i am bit confused. Clearly, For ever additional user (or company) we r charging additional amount hence different license (keys) have to be generated dynamically for different users. I think this can be achived by creating one single public key and multiple private keys, but i am not sure . Please help me out.

Hi kazim
would u pls elaborate this , since i am working on same kind of scenario and finding solutions is difficult . Since encryption is done at our end and wen some user downloads an application he is unable to track where it was encrypted . What i have undestand about public /private is that they work in agreement between client and server and both has to come to agreement to share the data. Pls correct me if i am wrong.
Ours is different senario we will send some key in download application and will want him to decrypt it . What would u suggest for this kind of scenario?
Thanks in advance
Janesh

I need to create public and private keys for security certificate and I can't find the certificate. Where is it?

I purchased a security certificate, and the site tells me that it was successfully installed. I need to export the certificate so that I can create the public and private keys, but I cannot find the certificate to do so.

Thank you.

Create User for Target (Terminal Adapter) with private key authentication through web service

Hi
I have a question about Terminal adapter.
My current aim is to create process "Execute script through ssh on remote Linux system" with input parameters ( login, path to private key, path to script)
It was very helpful to find this discussion https://supportforums.cisco.com/message/3543289#3543289 .
Is there a way to create Public-key Authenticated Admin Runtime User with private key for authentication by using NB webservice ?

I will second Shaun's comment...
Unfortunately, it looks like this is not possible in 2.3.X. (That is you can create the user but the fields you need to use to configure that user properly do not appear to be exposed to the Northbound Web Service).
It looks like something that will be fixed in a future release of Process Orchestrator.
Svetlana

'Error while signing data-Private key or certificate of signer not availabl

Hello All,
In my message mapping I need to call a web service to which I need to send a field value consist of SIGNED DATA.
I am using SAP SSF API to read the certificate stored in NWA and Signing the Data as explained in
http://help.sap.com/saphelp_nw04/helpdata/en/a4/d0201854fb6a4cb9545892b49d4851/frameset.htm,
when I have tested using Test tab of message mapping it is working fine and I am able to access the certificate Keystore of NWA(we have created a keystore view and keystore entry to store the certificate) and generate the signed data ,but when I test end to end scenario from ECC system,it is getting failed in mapping with the error
' Error while signing data - Private key or certificate of signer not availableu2019.
Appreciate your expert help to resolve this issue urgently please.
Regards,
Shivkumar

Hi Shivkuar,
Could you please let me know how you were trying to achieve the XML signature.
We have a requirement where we have to sign the XML document and need to generate the target document as following structure.
<Signature>
     <SignedInfo>
         <CanonicalizationMethod />
         <SignatureMethod />
         <Reference>
                 <Transforms>
                 <DigestMethod>
                 <DigestValue>
         </Reference>
    <Reference /> etc.
</SignedInfo>
<SignatureValue />
<KeyInfo />
<Object>ACTUAL PAYLOAD</Object>
</Signature>
I am analyzing the possibility of using the approach that is given in the help sap link that you have posted above. Any inputs will be apprecited.
Thanks and Regards,
Sami.

Reconver SSL private key?

I have a bit of a dilemma since I tried to install an SSL certificate on my server that needs intermediate certs. Here's what I did:
1) In Server Admin, create a new key for my domain and use that key to create a CSR to send to a certificate authority. (This creates a public key, a private key and a self-signed certificate in the system keychain on the server).
2) Sent the CSR away and got the signed certificate back.
3) Used Server Admin to add the signed certificate to the existing domain cert (this replaces the self-signed cert). Restart services etc.
Here's the problem: the cert that I have needs intermediate certs installed in order to be functional- currently the certificate shows as an untrusted authority. If I delete the current certificate in Server Admin to start again from scratch, it will delete the private key that I need to reinstall. I downloaded the intermediate certificates from the CA's website, but now the certificate installed on the server can't be modified. Besides, there is no place to enter the intermediate certificates. My plan was to try to paste all the certs into the box where it asks for the new certificate, but no joy since it is now locked.
I would like to create a new certificate (there is a place in there to install intermediate certs), but I'll need to get my private key out of Keychain Access into a pem formatted file but I can't seem to get the thing to export.
Questions:
1) Is there a way to export a private key from Keychain Access so that it can be used for server admin?
2) Is there a way to get at this from the command line?
3) Is there some other procedure that can magically fix this problem?
Thanks,
Miles

Thanks,
This is the part that I was looking for:
Launch Keychain Access as root:
sudo /Applications/Utilities/Keychain\ Access.app/Contents/MacOS/Keychain\ Access &
I then went here http://www.gridsite.org/wiki/Convert_p12 and converted the p12 to pem so I could use it in server admin.
Thanks again,
Miles

Recovering Private Key Password

I have a customer who is trying to load a private key from a file but can not remember the Private Key password. Does anyone have an idea of what the best way to recover this would be if its possible?

this is not possible since this is the most important part of the security protocol.
You have to created a new key and get a new certificate.
Regards,
Gilles.

Private key password for Default DemoIdentity Keystore?

Hi
I am trying to Configure SSL in ALSB. I have created the PKI Credential mapping for the Default DemoIdentity Keystore
But it is asking for the password to access the Keypair.
The document states that i need to provide the password set during the creation of the keystore
but as i am using the default keystore i dont know where to look for the password.
Error :
[Security:090809|The key pair could not be retrieved from the keystore with the supplied alias demoidentity and its password
I tried using the KeyStorePassphrase but it didnt help me much ..
Can any one help me on this?
Regards
Anusha

Jay is right
To be more precise you can use something like
keytool -list -keystore ${wl_home}/server/lib/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrasewhich leads to the following output
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 4 entries
certgenca, Mar 22, 2002, trustedCertEntry,
Certificate fingerprint (MD5): 8E:AB:55:50:A4:BC:06:F3:FE:C6:A9:72:1F:4F:D3:89
wlsdemocanew2, Jan 24, 2003, trustedCertEntry,
Certificate fingerprint (MD5): 5B:10:D5:3C:C8:53:ED:75:43:58:BF:D5:E5:96:1A:CF
wlsdemocanew1, Jan 24, 2003, trustedCertEntry,
Certificate fingerprint (MD5): A1:17:A1:73:9B:70:21:B9:72:85:4D:83:01:69:C8:37
wlscertgencab, Jan 24, 2003, trustedCertEntry,
Certificate fingerprint (MD5): A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FEThe following list provides the location and passwords of the demo certificates:
Trust store location: ${WL_HOME}/server/lib/DemoTrust.jks
Trust store password: DemoTrustKeyStorePassPhrase
Key store location: ${WL_HOME}/server/lib/DemoIdentity.jks
Key store password: DemoIdentityKeyStorePassPhrase
Private key password: DemoIdentityPassPhrase

NAC and SSL - fails to import password protected private key

I am attempting to import an SSL certificate on my CCA Manager and Server. I purchased a wild card SSL cert *.domain.com. The private key used to generate the certificate was created on an Cisco ACS 3.2 server and has a password. When attempting to import the private key into the CCA Manager the browser times out and no error is reported.
My guess is that it is waiting for the password to allow access to the private key. Unfortunately there is no place on the form and no pop-up to enter the password.
Is there a command line option for importing a private key that may work for me?
Thanks
Sherm

The best Possible way is to generate a CSR from the CCA server and then purchase a certificate using that CSR. Then you dont have problems with private keys.
Regards
sathappan

Private key

Hello people,
i'm creating a program that needs to generate private keys,
i've found out that java has built in libraries that support this so i've tried:
                KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
                keyGen.initialize(1024);
                KeyPair keypair = keyGen.genKeyPair();
                PrivateKey privateKey = keypair.getPrivate();
                PublicKey publicKey = keypair.getPublic();but after i set the privateKey i can't find a way to retrieve the actual numbers used in the private key (probably to prevent attacks...)
eventually, all my app really needs, is a table of , lets say, 100 private keys (each one as 2 big primes)
is it possible for me to use the java.security to do that?
thanks for your time.

i still need small ones in the begining. a modolus in
the size of 16 DWORDS is too big for me right now, i
need something like 4.
i guess i have no escape but to generate them myself,
the problem is that i probably won't do it
professionaly :(Well - nobody will generate 32-bit RSA keys "professionally", because it'd take about 2 CPU minutes to break your keys when they're that small. 512 bits was acceptable in the eighties - current best-practice, IIRC, is 2048 bit keys for anything you're serious about protecting, and 4096-bit keys for anything you want to protect for extended periods of time.
Grant

Private Key for RSAalgorithm

Hello,
I used RSA algorithm for encryption and i can send the encrypted text to the server , on the server side
in order to decrypt the message i passed the public key, but how to generate the private key on the server side, i am a beginner in cryptography, can anybody help me , if possible give me the coding for encryption and decryption which will work on the client side for encryption and server side for decryption,i need RSA algorithm for it

well, but i just used receivers public key to encrypt the data at the senders side, at the receivers side both secret and public key is generated, and the receivers secret key is used to decrypt. The ecrypted text can be accessed at the receivers side but it can't be decrypted, my program part is given below
Sender's side
// Create a new instance of Message class, to encrypt / decrypt message
Message M = new Message();
// Create a new instance of Keys, to generate keys
Keys K = new Keys ();
// Set the Plain Text message
M.PlainText = ta.getText(); (ta is the text area i displayed the text file)
// Display the Plain Text message
System.out.println (" Message:" + M.PlainText);
// Set the Number of Rounds
M.NumRounds = 2;
// Display the Number of Rounds
System.out.println (" Rounds:" + M.NumRounds);
// Create RSA Public, Secret key pairs
K.CreateKeys();
// Display Public Key individual number
System.out.println ("Public Key:" + K.PublicKey);
// Display Secret Key individual number
System.out.println ("Secret Key:" + K.SecretKey);
// Display n, the shared number (of Public and Secret Keys)
System.out.println (" n:" + K.n);
// Encrypt the Message
M.Encrypt (publicKey, n);
/* where publickey and n are generated at the receivers side and saved in the database, which is taken
at the senders side to encrypt the data. */
// Display the Encrypted Message
System.out.println (" Encrypted Message:" + M.CipherText);
String crp=M.CipherText.toString();
AT the receiving side
// Create a new instance of Message class, to encrypt / decrypt message
Message M = new Message();
// Create a new instance of Keys, to generate keys
Keys K = new Keys ();
// Set the Plain Text message
//M.PlainText = ta.getText();
// Display the Plain Text message
//System.out.println (" Message:" + M.PlainText);
// Set the Number of Rounds
M.NumRounds = 2;
// Display the Number of Rounds
System.out.println (" Rounds:" + M.NumRounds);
// Create RSA Public, Secret key pairs
K.CreateKeys();
// Display Public Key individual number
System.out.println ("Public Key:" + K.PublicKey);
pbk=K.PublicKey.toString();
// Display Secret Key individual number
System.out.println ("Secret Key:" + K.SecretKey);
// Display n, the shared number (of Public and Secret Keys)
System.out.println (" n:" + K.n);
bi=new BigInteger (bi.toString().concat(String.valueOf(K.SecretKey)));
bn=new BigInteger (bn.toString().concat(String.valueOf(K.n)));
System.out.println("SECRET:"+bi);
System.out.println("N:"+bn);
M.Decrypt(bi,bskbi); // where bi is secret generated at the recivers side and bn is retrieved
from the database , n = (p-1)*(q-1) where p and q are two large priome numbers */
at the receivers side the encrypted text can be accessed , but the text can be decrypted, what is the problem here, can u help me to change the codings
thanks in advance

Private key protection in Keychain

Hi!
I have a keypair for email in a MS environment (Entourage) so I know it is there and works.
Q1: When I open Keychain and expand my email certificate I can see that private key ( RSA, 1024-bit) and it looks very much like being the 'real thing' i.e. in clear, not protected by any passphrase. Is that the case? If I export this, then a passphrase seems to required.
Q2: How can I export only my public key part?
BR, Petri

This is what I do:
.- In Keychain Manager, create a new keychain (File->New Keychain). Choose any name you like (Confid in this example).
.- Move your sensistive keys from "login" to "Confid".
.- Change the properties to each private key, allowing their access in Access Control to each program (like Mail) which you want to use the keys with. Make sure you check "Ask for password" every time the programs access the key.
.- Finally, change the properties (Edit->Change Settings) of Confid. I use "Lock after 1 minute of inactivity" and "Lock when sleeping".
This way I am asked for a password every time that I try to sign a mail or read a ciphered message.
Good luck.

Private Key Anomaly

Hi Gurus,
Here is situation, I finding it hard to solve. Any assistnace will be helpful.
SSL is a transport level security solution and hence is independent of any application level protocol (where a standard protocol like HHTP, LDAP or non-standard like t3s).
I started my SSL skills with keystores for Weblogic and used kestore formats like JKS and JCEKS. Given that in an enterprise setup we use more infrastructure softwares than just Weblogic. Now please assume a hypothetical scenario
OS :: Windows
App Server #1 :: Weblogic
App Server #2 :: Websphere
App Server #3 :: Tomcat
Web Server #1 :: IIS
Web Server #1 :: Apache
Web Server #1 :: iPlanet
Web Server #1 :: IHS
SSH Server on Windows (its possible and we use it)
(reason to mention this ridicilous number of softwares is highlight that they all use different type of keystores)
Now given that I want to protect these services at transport layer using SSL or TLS by using some valid x.509 certificate from a internal PKI suite and cerificate will be for the hostname.
Is there a way I can standardize on a common format for keystore and common format for private key. (Server Cert and CA cert is almost a non issue, having a .pem format is almost portable to any type of keystore).
I want to keep SSL/TLS certs as host resource and not dedicated to a particular software or keystore type...
There are some workarounds in the internet...seems like they are mostly around java application servers and sun keystore formats(JKS JCEKS) and some java code has to written to create your own utility...or somthing like pkeytool etc....
Suggestions guys..

PKCS#1 1.5 definition:
   RSAPrivateKey ::= SEQUENCE {
     version Version,
     modulus INTEGER, -- n
     publicExponent INTEGER, -- e
     privateExponent INTEGER, -- d
     prime1 INTEGER, -- p
     prime2 INTEGER, -- q
     exponent1 INTEGER, -- d mod (p-1)
     exponent2 INTEGER, -- d mod (q-1)
     coefficient INTEGER -- (inverse of q) mod p }RSAParameters as documented in .NET Framework Class Library:
D Represents the D parameter for the RSA algorithm.
DP Represents the DP parameter for the RSA algorithm.
DQ Represents the DQ parameter for the RSA algorithm.
Exponent Represents the Exponent parameter for the RSA algorithm.
InverseQ Represents the InverseQ parameter for the RSA algorithm.
Modulus Represents the Modulus parameter for the RSA algorithm.
P Represents the P parameter for the RSA algorithm.
Q Represents the Q parameter for the RSA algorithm. The KeySpec (CRT = Chinese Remainder Theorem)
RSAPrivateCrtKeySpec(BigInteger modulus,
BigInteger publicExponent,
BigInteger privateExponent,
BigInteger primeP,
BigInteger primeQ,
BigInteger primeExponentP,
BigInteger primeExponentQ,
BigInteger crtCoefficient)So we could try some guessing:
modulus <- Modulus
publicExponent <- Exponent
privateExponent <- D
primeP <- P
primeQ <- Q
primeExponentP <- DP
primeExponentQ <- DQ
crtCoefficient <- InverseQTry it and tell me if it worked. Good luck.

Private key import via ImportPrivateKey

I used the Certificate web app included with WLS 7.0 SP1 to generate my private
key and my CSR. I then used the CSR to request a certificate from my Dept. of
Defense Certificate Authority. I received my certificate. I then tried to use
the WLS ImportPrivateKey utility to import my key with the following steps as
shown in the ImportPrivateKey reference example.
1) I used keytool -printcert to verify the contents of my servercert.pem file
and my CAcert.pem file.
2) I combined the certificate returned for my server with the CA's root certificate
cat servercert.pem CAcert.pem > combined.pem
3) I converted my private key file produced by the Certificate web app to pem
format using the WLS der2pem utility
4) I ran the Import utility
java utils.ImportPrivateKey serverkey.jks store_pwd key_alias key_pwd combined.pem
server_private_key.pem.
I received the following error.
ImportPrivateKey will create serverkey.jks
ImportPrivateKey failed, java.security.KeyManagementException: ASN.1: Unxpected
ASN.1 tag
java.security.KeyManagementException: ASN.1: Unxpected ASN.1 tag
at com.certicom.security.cert.internal.x509.SSLPlusSupport.getLocalIdentityPartial(Unknown
Source)
at com.certicom.net.ssl.CerticomContextWrapper.inputPrivateKey(Unknown
Source)
at utils.ImportPrivateKey.importKey(ImportPrivateKey.java:76)
at utils.ImportPrivateKey.importKey(ImportPrivateKey.java:44)
at utils.ImportPrivateKey.main(ImportPrivateKey.java:32)
Does anyone have an idea where I went wrong? Can anyone offer an explanation?
Thanks

"Mallik" <[email protected]> wrote in message
news:3f3274e9$[email protected]..
>
I am trying to install weblogic generated ssl certificate and because theprivate
key needs to be encrypted with a password, i am loading this in a new JDKkeystore
and trying to configure WL.
I am running utils.CertGen from weblogic 7.0 sp3 on XP.
X:\SSLTest>java utils.CertGen testpassword testcert testkey
Creating Domestic Key Strength - 1024
..... Certificate CommonName will contain Hostname KUNDULA_M-DGS
Encoding
Try this on 8.1 and see if it works. There was a bug fix with respect to "_"
in hostnames.

Private key from a file

dear all
I want to create rsa private key from .key file. I searched a lot but could not find a way to do so. how can i do that ???

'pem' stands for Privacy Enhanced Mail and defines an encoding to ASCII of binary data and not the format of the content of the file. Having said that, it looks to me that your file is a PEM encoded SSLeay format RSA key generated using OpenSSL and encrypted using the '-des3' option. Before loading into Java I normally convert, using OpenSSL, SSLeay files to a PKCS8 format private key and an X509 format public key certificate file. These are then easily loaded into Java.
The OpenSSL documentation will tell you how to generate the PKCS8 and X509 files but there are numerous sites that will hand-hold you through the commands. Google is your friend. Once you have generated these files then Google will also provide source code for loading them into Java.

Private Key Created

Similar Messages

Maybe you are looking for