Private key from a file

Similar Messages

• Writing and retrieving RSA keys from a file

  Hello all,
  I'm trying to write a generated RSAPublicKey and RSAPrivateKey to a file, and then, later retrieve them.
  I thought I could use ObjectInput/OutputStream to do that, but when I do so I get the exception java.io.NotSerializableException: java.io.ObjectOutputStream
  (I'm surprised, because RSAPublic/PrivateKey are serializable, aren't they ?).
  If this is not the way to do it, I do not know how (no key constructor reading from byte [] ...).
  Can somebody please help me ?
  Thanks,
  Axelle.

  Hi,
  Can we generate public and private keys from fingerprint?
  where can i find a piece of code to view how it is.
  Thanks,
  Ganesh

• Private key from RSAKeyValue

  How to generate private key from <RSAKeyValue> generated by .net. in java? I got public/private key in following format.
  <RSAKeyValue>
  <Modulus>abcdyDdNySesa8sWsd8XRG9rFf1av
  hch9BSG+sgCSYumLm5gzeTxrrpSqUf2VYfLp8USqK4uFBX312368wOEfK+C/viScPZn/hKcq
  vFpd/gKyXJ0M6Oxybn7qJNjVjGtemQDJJdvUPNyV1bcTq0Ugw9lM2cDBVzqHjxxzzACJnab=
  </Modulus>
  <Exponent>AQAB</Exponent>
  <P>/UTBBgeTREzfbV9ev1tKwGtFovxi9BiK5
  crZ3Qns3rt+lrd6Xas6tJhAvedGakGP7eeaLHdXZjeXGnqvKzRHw==</P>
  <Q>8FBLHPccdNh//dRF7Uf6weB829bz+G+NvVrKJMcOzUr9QuKcyRqfZTslKiC/aG9p1PoFxWpeyoPFwDrqFzTYhw==</Q>
  <DP>MTvTPU3fnscdFbb3MaG4gzuArbgQNFc722pkgoakfOS9RQgf/VjKXoFllz7
  05d+z6SHvSGemnEcYtNcbscPt4Q==</DP>
  <DQ>0NOVUihSbB8uqe8sVZ11BEEFfyw9eafGrc
  NVYbww2qjNh+/QetlNpfRNiVxHuIMInnBdz31tveHgV/laLqyDxQ==</DQ>
  <InverseQ>X0KxLXzW2glIhkk5lP0OnQVWfTutwo9Qg4DSk/5MtbQMMek8SHju7X9Ae2iL4DDRbWG/5mbrPdQ1yQg+GXCWbw==</InverseQ>
  <D>NCBukE3dm5+xRXEY4qWk3Xe8XFvIHT5vENOzTZE4jz0aBPxzTYLIgbkZP+lXgllc4mricqYSsD3K8vCBMQXEhqHkc6pSiYfesZG3wlujJGRyVoT1pVk5M460RwJfwPsO0TxfYCYU80CIfZNzFIEpGEp6pAUF1TQbnTre11aFjU=</D>
  </RSAKeyValue>
  I was able to generate public key as below.
  BigInteger publicExponent = new BigInteger(new sun.misc.BASE64Decoder().decodeBuffer("AQAB"));
  RSAPublicKeySpec rsaPublicKeySpec = new RSAPublicKeySpec(modulus,publicExponent);
  But privateKey need privateExponent
  RSAPrivateKeySpec rsaPrivateKeySpec = new RSAPrivateKeySpec(modulus,privateExponent);
  How to get privateExponent from <RSAKeyValue> ?
  RSAPrivateCrtKeySpec need following parameters. Can not find where it map in <RSAKeyValue>
  RSAPrivateCrtKeySpec(BigInteger modulus,
  BigInteger publicExponent,
  BigInteger privateExponent,
  BigInteger primeP,
  BigInteger primeQ,
  BigInteger primeExponentP,
  BigInteger primeExponentQ,
  BigInteger crtCoefficient)
  Thanks,
  DP

  PKCS#1 1.5 definition:
     RSAPrivateKey ::= SEQUENCE {
       version Version,
       modulus INTEGER, -- n
       publicExponent INTEGER, -- e
       privateExponent INTEGER, -- d
       prime1 INTEGER, -- p
       prime2 INTEGER, -- q
       exponent1 INTEGER, -- d mod (p-1)
       exponent2 INTEGER, -- d mod (q-1)
       coefficient INTEGER -- (inverse of q) mod p }RSAParameters as documented in .NET Framework Class Library:
  D Represents the D parameter for the RSA algorithm.
  DP Represents the DP parameter for the RSA algorithm.
  DQ Represents the DQ parameter for the RSA algorithm.
  Exponent Represents the Exponent parameter for the RSA algorithm.
  InverseQ Represents the InverseQ parameter for the RSA algorithm.
  Modulus Represents the Modulus parameter for the RSA algorithm.
  P Represents the P parameter for the RSA algorithm.
  Q Represents the Q parameter for the RSA algorithm. The KeySpec (CRT = Chinese Remainder Theorem)
  RSAPrivateCrtKeySpec(BigInteger modulus, 
  BigInteger publicExponent,
  BigInteger privateExponent,
  BigInteger primeP,
  BigInteger primeQ,
  BigInteger primeExponentP,
  BigInteger primeExponentQ,
  BigInteger crtCoefficient)So we could try some guessing:
  modulus <- Modulus
  publicExponent <- Exponent
  privateExponent <- D
  primeP <- P
  primeQ <- Q
  primeExponentP <- DP
  primeExponentQ <- DQ
  crtCoefficient <- InverseQTry it and tell me if it worked. Good luck.

• How to read DES key from a file?

  I stored the DES key in the file as follows:
  KeyGenerator keygen = KeyGenerator.getInstance("DES");
  SecretKey Key = keygen.generateKey();
  FileOutputStream ostream = new FileOutputStream("t.tmp");
       ObjectOutputStream p = new ObjectOutputStream(ostream);
       p.writeObject(Key) ;
       p.flush();
       ostream.close();
  I don't know if there is problem with the above code, I am just new to java cryptography.
  I have problem read in the key and store it in the DES key object to be used for decryption.
  Can someone please tell me how to do it and a simple example will be appriciated.
  thanks
  Jeff

  Thank you for your help. after getting the key from the file( the output of the key is com.sun.crypto.provider.DESKey@fffe786d, not sure if it is right), I use this key to decrypt the message sent from the client program.
  here is the code:
  ObjectInputStream ois=new ObjectInputStream(data.getInputStream());
  String c = ois.readLine() ;//should I convert the byte[] data to String?
  ois.close() ;
  jTextField1.setText(c) ;//display the cipher text to the first textfield
  byte[] ciphertext = c.getBytes() ;
  // System.out.write(ciphertext) ;
  // get key from file
  FileInputStream in = new FileInputStream("t.tmp");
  ObjectInputStream oin = new ObjectInputStream(in);
  SecretKey Key = (SecretKey)oin.readObject();
  oin.close();
  in.close();
  System.out.println(Key) ;
  //decrypt
  Cipher C = Cipher.getInstance("DES");
  C.init(Cipher.DECRYPT_MODE, Key);
  // Decrypt the ciphertext
  byte[] cleartext1 =C.doFinal(ciphertext);
  System.out.write(cleartext1) ;//doesn't show anything!!
  System.out.println("this is cleartexxt");//doesn't even show this!!
  String display = new String(cleartext1);
  jTextField2.setText(display);
  why there is no output from System.out.write(cleartext1)? where did I go wrong?
  thank you.
  Jeff

• Private key from 5.1 to 7.0

  Hi, we're currently upgrading from WebLogic server 5.1 to 7.0. The private
  key generated by WLS 5.1 does not use any password, and can therefore not be
  used with 7.0
  Do I have to generate a new private key and order a new SSL certificate, or
  is there a way I can assign a password to my existing private key so I can
  continue using this ??
  Thanx in advance !!!
  Jan Espen Hansen

  Thanks a lot Tony !!!!! This solved my problem.
  JEH
  "Tony" <TonyV> wrote in message news:[email protected]..
  Incorrect PEM headers/footers can confuse the tool.
  Double check that the header and footer for your PEM file match thecontents
  of the
  data in the file.
  If it was an unprotected RSA private key, the header and footer shouldlook
  like
  this:
  -----BEGIN RSA PRIVATE KEY-----
  -----END RSA PRIVATE KEY-----
  It should not say it is a certificate (which is the default for theder2pem
  utility), and it
  should not say it is an encrypted private key.
  Tony
  "a" <[email protected]> wrote in message news:3f9f7705$[email protected]..
  Hi, and thank you for your answer. I've tried the tool you mention, but
  I
  get the following error message:
  "Error parsing BER private key data 3000"
  Since my private key is in .der format I have first run the weblogicutil
  utils.der2pem on it, but I still get this error message.
  Any ideas ??
  JEH
  "Tony" <TonyV> wrote in message news:[email protected]..
  You should not have to generate a new key.
  There is a native tool that is supplied on the WLS kit that can
  protect
  an
  unprotected private key for you:
  wlkeytool inputkey.pem outputkey.pem
  It will prompt for passwords, I believe that will do what you want.
  Tools such as OpenSSL should also be able to protect the private key.
  Tony
  "Janne K" <[email protected]> wrote in message
  news:[email protected]..
  Hi, we're currently upgrading from WebLogic server 5.1 to 7.0. Theprivate
  key generated by WLS 5.1 does not use any password, and can
  therefore
  not
  be
  used with 7.0
  Do I have to generate a new private key and order a new SSL
  certificate,
  or
  is there a way I can assign a password to my existing private key so
  I
  can
  continue using this ??
  Thanx in advance !!!
  Jan Espen Hansen

• How to install PEM-format SSL private key from weblogic to NES

  I have unexpired PEM-format certificates in my weblogic 8.1sp4 domain. Since the architecture requires us to use Iplanet 6.0sp2 as the http/https server, we have to move the certificates to iplanet side. Is that possible ? Especially the private key ? Iplanet has key8.db format files. How do I install a PEM key in iplanet and store it in key3.db file ? Thanks !

  Hi
  I've already found code to answer my second question, but my first question still remains, is there a way that I can change a Encrypted Private Key Info for PEM to DER format??? I tried to delete the header and footer of some key in PEM format and Base64 decode the body, but It launches a Exception when I'm trying to create the EncryptedPrivateKeyInfo object.
  Thank you

• Reading private key: works in jdk 1.5, but throws exception in 1.4

  Hello,
  I am trying to read an RSA private key from a file. I am using the following code snippet:
  KeySpec spec = new RSAPrivateKeySpec(modulus, pExp);
  KeyFactory factory = KeyFactory.getInstance("RSA");
  PrivateKey key = factory.generatePrivate(spec);
  This runs perfectly fine under jdk 1.5 on keys I generate with OpenSSL. However, if I recompile and run under jdk 1.4, I get the following exception:
  java.security.spec.InvalidKeySpecException: Unknown key spec.
       at com.sun.net.ssl.internal.ssl.JS_KeyFactory.engineGeneratePrivate(DashoA6275)
       at com.sun.net.ssl.internal.ssl.JSA_RSAKeyFactory.engineGeneratePrivate(DashoA6275)
       at java.security.KeyFactory.generatePrivate(KeyFactory.java:237)
  I have also tried using RSAPrivateCrtKeySpec but I get the same error. Can anyone shed some light on what is going on?
  Thank you.

  'Unlimited Strength Jurisdiction Policy Files 1.4' Could be the solution.
  I had a similar problem with java 1.4 and those files do the work.
  ... finally the problem was that the password that protectd the keystore had 7 characters, using one of 5 characters works ok...

• Recovering Private Key Password

  I have a customer who is trying to load a private key from a file but can not remember the Private Key password. Does anyone have an idea of what the best way to recover this would be if its possible?

  this is not possible since this is the most important part of the security protocol.
  You have to created a new key and get a new certificate.
  Regards,
  Gilles.

• BizTalk Server 2013 SFTP Adapter with private key - Did not poll any files

  Hello, 
  We have a requirement to connect SFTP secure site with the private key and polling files.   Initially I have
  tested BizTalk Server 2013 SFTP Adapter receiver Port using  Bitvise SSH SFTP Server tool and it was working perfectly in our local network environment( with public private key authentication).
  However when we connected to Client SFTP server with private key authentication, It successfully connected to SFTP Server but
  did not poll any files from SFTP Site.  I added only one file to SFTP Server ( 145 kb file) for testing purpose.
  However BizTalk Server 2013 SFTP Send Adapter is working well with the same configuration.
  I could not find any errors in Event viewer also.  I can download\upload file using WinSCP tool .
  So I downloaded nSoftware SFTP Adapter trial version and deployed on server. nSoftware SFTP adapter  is also working find
  without any issues for Client SFTP Site.
   This is the configuration on SFTP Receive Adapter
  This is how SFTP Server download folder permission configured. I have got this details using WinSCP tool. 
  <o:p></o:p>
  Appreciate your help on this.<o:p></o:p>
  Thanks<o:p></o:p>
  PrabathD<o:p></o:p>

  BizTalk Adapter for SFTP is where the polling logic is implemented. It is not part of the SFTP Client logic. any SFTP Client is for User Interaction and you do what you want/when you want.
  The BizTalk Receive however is for purposes of automation and the adapter polls the receive location using the credentials every polling interval to check for the files matching the filter. When it find a file, it will read and publish to message box or
  submit to pipeline for processing. Your setting the polling interval to 0 (ZERO) might actually be disabling the polling.
  Set your poll interval to a non-zero value and check the behavior.
  Regards.

• EXS24 read root key from file name only

  Has anyone encountered this with EXS24 in Logic 7? If you set preferences to "read root key from file name only" then EXS reads the root key from the file itself when loading samples. On the other hand if you set them to "read root key from file only" then it reads the root key from the file name. Or am I just imagining this?
  P.S. if anyone from Apple is reading, could you please update EXS24? It's a bit primitive by today's standards.

  Hi
  Not a direct answer to your question, but if you are doing a lot of sample mapping etc, you may want to check out Redmatica's KeyMap Pro or the simpler Keymap 1:
  http://www.redmatica.com
  CCT

• SSL private key password

  Hello everyone,
  I'm trying to upgrade a WLS 6.1 SP2 with WLP 4.0 SP2 instance to WLS 7.0 SP2
  with WLP 7.0 SP2. Everythng is fine except for that we cannot use the same
  SSL certificate. By defaul the private key is not encrypted with password
  (SSL.KeyEncrypted = false by default, according to the documentations) in
  both WLS 6.1 and WLS 7.0. But running WLS 7.0 startup script results the
  following error:
  <Sep 17, 2003 5:06:40 PM HST> <Alert> <WebLogicServer> <000297>
  <Inconsistent se
  curity configuration, java.lang.Exception: Cannot read private key from file
  C:\
  bea7\user_projects\agencyPortal\portal_islandinsurance_com-key.der. Make
  sure pa
  ssword specified in environment property weblogic.management.pkpassword is
  valid
  .>
  java.lang.Exception: Cannot read private key from file
  C:\bea7\user_projects\age
  ncyPortal\portal_islandinsurance_com-key.der. Make sure password specified
  in en
  vironment property weblogic.management.pkpassword is valid.
  at
  weblogic.security.service.SSLManager.getServerPrivateKey(SSLManager.j
  ava:434)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:153)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:122)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1513)
  at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:852)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:295)
  at weblogic.Server.main(Server.java:32)
  Is this happening because the private key is actually encrypted with the
  password? It was working, although the KeyEncrypted is not set to true and
  the startup script for WLS 6.1 instance did have a line
  with -Dweblogic.management.pkpassword. Or could this error be result of
  something else? The physical machine the instances are located is the same
  and IP address and the DNS entry hasn't been changed, either.
  Any insight will be greatly appreciated. Thanks!
  Makoto

  Thanks Tony - it worked!!
  "Tony" <TonyV> wrote in message news:[email protected]...
  It may be because the private key is both unprotected and in DER format.
  There are some things to try:
  1) Convert the private key file from a DER file to a PEM file and try
  that:
  a) Follow the for converting an unprotected private key at:
  http://e-docs.bea.com/wls/docs70/adminguide/utils.html#1143743
  b) Look at the resulting PEM file, it should look something like
  this:
  -----BEGIN RSA PRIVATE KEY-----
  -----END RSA PRIVATE KEY-----
  (Be sure there is no extra lines or whitespace after thefooter)
  >
  c) Change your configuration to point at the PEM file
  If that doesn work, then you can try protecting the key with apassword
  using
  the wlkeytool utility (It should be in the server/bin directory). The
  tool should prompt
  for a password to use to protect it:
  wlkeytool inputkey.pem outputkey.pem
  Then change your configuration to use the protected private key, andset
  the passwod to use.
  Tony
  "Makoto Suzuki" <[email protected]> wrote in message
  news:[email protected]...
  Hello everyone,
  I'm trying to upgrade a WLS 6.1 SP2 with WLP 4.0 SP2 instance to WLS 7.0SP2
  with WLP 7.0 SP2. Everythng is fine except for that we cannot use the
  same
  SSL certificate. By defaul the private key is not encrypted withpassword
  (SSL.KeyEncrypted = false by default, according to the documentations)in
  both WLS 6.1 and WLS 7.0. But running WLS 7.0 startup script resultsthe
  following error:
  <Sep 17, 2003 5:06:40 PM HST> <Alert> <WebLogicServer> <000297>
  <Inconsistent se
  curity configuration, java.lang.Exception: Cannot read private key fromfile
  C:\
  bea7\user_projects\agencyPortal\portal_islandinsurance_com-key.der. Make
  sure pa
  ssword specified in environment property weblogic.management.pkpassword
  is
  valid
  .>
  java.lang.Exception: Cannot read private key from file
  C:\bea7\user_projects\age
  ncyPortal\portal_islandinsurance_com-key.der. Make sure passwordspecified
  in en
  vironment property weblogic.management.pkpassword is valid.
  at
  weblogic.security.service.SSLManager.getServerPrivateKey(SSLManager.j
  ava:434)
  atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:153)
  atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:122)
  atweblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1513)
  at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:852)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:295)
  at weblogic.Server.main(Server.java:32)
  Is this happening because the private key is actually encrypted with the
  password? It was working, although the KeyEncrypted is not set to true
  and
  the startup script for WLS 6.1 instance did have a line
  with -Dweblogic.management.pkpassword. Or could this error be result of
  something else? The physical machine the instances are located is thesame
  and IP address and the DNS entry hasn't been changed, either.
  Any insight will be greatly appreciated. Thanks!
  Makoto

• Reconver SSL private key?

  I have a bit of a dilemma since I tried to install an SSL certificate on my server that needs intermediate certs. Here's what I did:
  1) In Server Admin, create a new key for my domain and use that key to create a CSR to send to a certificate authority. (This creates a public key, a private key and a self-signed certificate in the system keychain on the server).
  2) Sent the CSR away and got the signed certificate back.
  3) Used Server Admin to add the signed certificate to the existing domain cert (this replaces the self-signed cert). Restart services etc.
  Here's the problem: the cert that I have needs intermediate certs installed in order to be functional- currently the certificate shows as an untrusted authority. If I delete the current certificate in Server Admin to start again from scratch, it will delete the private key that I need to reinstall. I downloaded the intermediate certificates from the CA's website, but now the certificate installed on the server can't be modified. Besides, there is no place to enter the intermediate certificates. My plan was to try to paste all the certs into the box where it asks for the new certificate, but no joy since it is now locked.
  I would like to create a new certificate (there is a place in there to install intermediate certs), but I'll need to get my private key out of Keychain Access into a pem formatted file but I can't seem to get the thing to export.
  Questions:
  1) Is there a way to export a private key from Keychain Access so that it can be used for server admin?
  2) Is there a way to get at this from the command line?
  3) Is there some other procedure that can magically fix this problem?
  Thanks,
  Miles

  Thanks,
  This is the part that I was looking for:
  Launch Keychain Access as root:
  sudo /Applications/Utilities/Keychain\ Access.app/Contents/MacOS/Keychain\ Access &
  I then went here http://www.gridsite.org/wiki/Convert_p12 and converted the p12 to pem so I could use it in server admin.
  Thanks again,
  Miles

• WBL 7.0 and SSL private key problem

  Having generated certificate request, and associated private key, I obtained
  the corresponding server level certificate. I am having problems starting the
  server with the cert. I have configured my server appropriately, here is the SSL
  configuration from the domain config.xml
  <SSL Enabled="true" HostnameVerificationIgnored="true"
  ListenPort="8090" Name="SampleServer"
  ServerCertificateChainFileName="nasaca.pem"
  ServerCertificateFileName="mydomain-cert.pem"
  ServerKeyFileName="mydomain-key.pem"/>
  and I am using -Dweblogic.management.pkpassword=mypassword
  in the startup script, however I get :
  java.lang.Exception: Cannot read private key from file /usr/user_projects/Sample/mydomain-key.pem.
  Make sure password specified in environment property weblogic.management.pkpassword
  is valid.
  I have given the right password. So the question is why am I seeing the error
  I am running this server on Sun Solaris. The password contains the usual ascii
  characters, including shell special characters.
  Any way checking the private key file ?
  Also as we have seen problems with the particular certificate we get from the
  CA, I wanted to use "utils.ValidateCertChain", alas this documented utility is
  conveniently missing from weblogic.jar. Oh big blue, why didn't we go with you
  Seriously, please help
  Tarang

  Darkit,
  I have the same problem. Let me know if you find a solution to this problem.
  Thanks,
  Bharathi

• Import an SSL Private Key

  Hello.  Is it possible to export the Private Key from, say, my J2EE engine (I'm running a dual stack) and import it into my ABAP instance so that both systems use the same Private Key?  They both have the same host name.

  I guess its possible. Please correct me if i am wrong.
  Please keep in mind, that simply importing a certificate as a certificate response won't work in this situation, since the public key from your CA and the public key in the individual PSEs already existing on the respective servers won't match.
  following steps all the key pairs and certificates that are currently stored in the SSL Server PSEs on the target systems will be removed. If you want to keep them, you'll need to export them to a safe place.
  Step 1: import the key pair into a PSE
  Since pl.16 of SAPCRYPTOLIB, key pairs given in the format PKCS#12 can be imported into a PSE (note 745063). Since pl.24 of SAPCRYPTOLIB, also the import of key pairs given as PKCS#5, PKCS#8 or OpenSSL-PEM is supported (note 1159829).
  Step 2: import the PSE resulting from Step 1) into the system's database All PSEs that are known to transaction STRUST will be exported from the database and distributed to the application servers at system startup. The related PSE files will be overwritten. So, the PSE resulting from the key pair import in step 1) needs to be imported into the database.
  You'll need to go through a procedure similar to the one described in note 1178155, step 3.
  - Copy the PSE from step 1) to your workstation/PC
  - Start transaction STRUST
  - Doubleclick the "FILE" icon in the navigation area (left hand side)
  - Select the PSE on your workstation/PC
  - Execute the menu item "PSE --> save as..." and choose the SSL Server
  PSE as target. This will save the PSE from step 1 as SSL Server
  standard PSE.
  - The following step is a modification from note 1178155 which is
  only applicable in your special situation: right mouse button click
  on the SSL Server PSE entry in the navigation area. From the context
  menu appearing, select "Change".
  - Remove the distinguished names from all application server specific
  PSEs in the list. Pressing the green tick mark ('save') will remove
  all application server specific SSL Server PSEs, so the system is
  forced to use the SS Server standard PSE instead.
  Don't forget to restart the ICM in order to make your changes become effective.
  Regards,
  Jazz

• Please guide me on the issue of private key

  Hi All
  I am working on application that requires to do encryption and decryption using public and public key. I need some guidance on how to implement this functionality. The only requirement is to have public key and private key in two different files. For public key i can get it from .cer certificate file but i do not have much idea of what feature in java is provided to read private key from file. The file is definately not the keystore file. Please guide me as to in what format the private key should be so that my java program could read it and do decryption.
  Another thing is that the private and public key file will be provided by the client. I do not have any control on creating them. I will be given a location where i could find public and private key and passphrase for private key.
  Basically i do not have any clue on what class or technique to use to read those
  Thanks and Regards
  Pankaj Tiwari

  This is how i create the private and the public key files (Not the certificate file) :
  KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
  kpg.initialize(2048); // 2048 is the keysize.
  KeyPair kp = kpg.generateKeyPair();
  PublicKey publicKey = kp.getPublic();
  PrivateKey privateKey = kp.getPrivate();
  // Serialize to a file
  ObjectOutput outPK = new ObjectOutputStream(new FileOutputStream("C:/Temp/PrivateKey.ser"));
  outPK.writeObject(privateKey);
  outPK.close();
  This is how i verify the signature of a file :
  File fileKey = new File("C:/Temp/KeyPair/publicKey.ser");
  ObjectInputStream inPK = new ObjectInputStream(new FileInputStream(fileKey));
  PublicKey publicKey = (PublicKey) inPK.readObject();
  inPK.close();
  // C:/Temp/myfile.zip.sign is the file that was generated when i signed my file C:/Temp/myfile.zip
  String algorithm = "SHA1withRSA";
  String myFile = "C:/Temp/myfile.zip";
  File fileSign = new File("C:/Temp/myfile.zip.sign");
  ObjectInputStream inSign = new ObjectInputStream(new FileInputStream(fileSign));
  byte[] signature = (byte[]) inSign.readObject();
  inSign.close();
  Signature verif = Signature.getInstance(algorithm);
  verif.initVerify(pubKey);
  FileInputStream in = new FileInputStream(myFile);
  int chVerif = 0;
  while ((chVerif = in.read()) != -1) {
  verif.update((byte)chVerif);
  if (verif.verify(signature))
  System.out.println("OK");
  else
  System.out.println("Error");