Private key from RSAKeyValue

Similar Messages

• Private key from a file

  dear all
  I want to create rsa private key from .key file. I searched a lot but could not find a way to do so. how can i do that ???

  'pem' stands for Privacy Enhanced Mail and defines an encoding to ASCII of binary data and not the format of the content of the file. Having said that, it looks to me that your file is a PEM encoded SSLeay format RSA key generated using OpenSSL and encrypted using the '-des3' option. Before loading into Java I normally convert, using OpenSSL, SSLeay files to a PKCS8 format private key and an X509 format public key certificate file. These are then easily loaded into Java.
  The OpenSSL documentation will tell you how to generate the PKCS8 and X509 files but there are numerous sites that will hand-hold you through the commands. Google is your friend. Once you have generated these files then Google will also provide source code for loading them into Java.

• Private key from 5.1 to 7.0

  Hi, we're currently upgrading from WebLogic server 5.1 to 7.0. The private
  key generated by WLS 5.1 does not use any password, and can therefore not be
  used with 7.0
  Do I have to generate a new private key and order a new SSL certificate, or
  is there a way I can assign a password to my existing private key so I can
  continue using this ??
  Thanx in advance !!!
  Jan Espen Hansen

  Thanks a lot Tony !!!!! This solved my problem.
  JEH
  "Tony" <TonyV> wrote in message news:[email protected]..
  Incorrect PEM headers/footers can confuse the tool.
  Double check that the header and footer for your PEM file match thecontents
  of the
  data in the file.
  If it was an unprotected RSA private key, the header and footer shouldlook
  like
  this:
  -----BEGIN RSA PRIVATE KEY-----
  -----END RSA PRIVATE KEY-----
  It should not say it is a certificate (which is the default for theder2pem
  utility), and it
  should not say it is an encrypted private key.
  Tony
  "a" <[email protected]> wrote in message news:3f9f7705$[email protected]..
  Hi, and thank you for your answer. I've tried the tool you mention, but
  I
  get the following error message:
  "Error parsing BER private key data 3000"
  Since my private key is in .der format I have first run the weblogicutil
  utils.der2pem on it, but I still get this error message.
  Any ideas ??
  JEH
  "Tony" <TonyV> wrote in message news:[email protected]..
  You should not have to generate a new key.
  There is a native tool that is supplied on the WLS kit that can
  protect
  an
  unprotected private key for you:
  wlkeytool inputkey.pem outputkey.pem
  It will prompt for passwords, I believe that will do what you want.
  Tools such as OpenSSL should also be able to protect the private key.
  Tony
  "Janne K" <[email protected]> wrote in message
  news:[email protected]..
  Hi, we're currently upgrading from WebLogic server 5.1 to 7.0. Theprivate
  key generated by WLS 5.1 does not use any password, and can
  therefore
  not
  be
  used with 7.0
  Do I have to generate a new private key and order a new SSL
  certificate,
  or
  is there a way I can assign a password to my existing private key so
  I
  can
  continue using this ??
  Thanx in advance !!!
  Jan Espen Hansen

• How to install PEM-format SSL private key from weblogic to NES

  I have unexpired PEM-format certificates in my weblogic 8.1sp4 domain. Since the architecture requires us to use Iplanet 6.0sp2 as the http/https server, we have to move the certificates to iplanet side. Is that possible ? Especially the private key ? Iplanet has key8.db format files. How do I install a PEM key in iplanet and store it in key3.db file ? Thanks !

  Hi
  I've already found code to answer my second question, but my first question still remains, is there a way that I can change a Encrypted Private Key Info for PEM to DER format??? I tried to delete the header and footer of some key in PEM format and Base64 decode the body, but It launches a Exception when I'm trying to create the EncryptedPrivateKeyInfo object.
  Thank you

• Need help with generating keys from xml

  Hello,
  I am just learning about JCE and am haveing some problems with implementing a basic program.
  I have the following information:
  <RSAKeyValue>
  <Modulus>Base64EncodedString</Modulus>
  <Exponent>Base64EncodedString</Exponent>
  <P>Base64EncodedString</P>
  <Q>Base64EncodedString</Q>
  <DP>Base64EncodedString</DP>
  <DQ>Base64EncodedString</DQ>
  <InverseQ>Base64EncodedString</InverseQ>
  <D>Base64EncodedString</D>
  </RSAKeyValue>
  From which I need to construct a public and private key. I am using RSA algorithm for the encrypting and decrypting. I am using the org.bouncycastle.jce.provider.BouncyCastleProvider provider. Any help would be greatly appreciated.
  My questions are:
  1) Is it possible to create the public and private key from this data?
  2) How can I construct a public and private key from this data.
  Thank you in advance.
  Sunit.

  Thanks for your help...I am still having problems.
  I am now creating the public and private keys. I am generating the public exp, modulus, private exp, and the encrypted text from another source.
  so my questions are:
  1) How do I verfiy that the private and public keys that I generate are valid?
  2) How do I get the decrypted text back in a readable form?
  3) the decrypted text should read "ADAM"
  Here is a test I wrote:
  _________________STARTCODE_____________________
  import java.security.*;
  import java.security.spec.*;
  import javax.crypto.*;
  import javax.crypto.spec.*;
  import java.math.BigInteger;
  import org.bouncycastle.jce.provider.BouncyCastleProvider;
  public class CryptTester
       protected Cipher encryptCipher = null;
       protected Cipher decryptCipher = null;
       private KeyFactory keyFactory = null;
       protected PublicKey publicKey = null;
       protected PrivateKey privateKey = null;
       private RSAPublicKeySpec publicKeySpec = null;
       private RSAPrivateKeySpec privateKeySpec = null;
       public CryptTester()
            /* Create Cipher for asymmetric encryption (
            * e.g., RSA),
            try
                 encryptCipher = Cipher.getInstance("RSA", "BC");
                 System.out.println("Successfully got encrypt Cipher" );
                 decryptCipher = Cipher.getInstance("RSA", "BC");
                 System.out.println("Successfully got decrypt Cipher" );
                 keyFactory = KeyFactory.getInstance("RSA" , "BC");
                 System.out.println("Successfully got keyFactory" );
            }catch ( NoSuchAlgorithmException nsae)
                 System.out.println("Exception1: " + nsae.toString() );
            catch ( NoSuchPaddingException nspe)
                 System.out.println("Exception2: " + nspe.toString() );
            catch ( java.security.NoSuchProviderException nspe)
                 System.out.println("Exceptiont6: " + nspe.toString() );
            /* Get the private and public keys specs
            BigInteger publicMod = new BigInteger ("86e0ff4b9e95bc6dcbfd6673b33971d4f728218496adcad92021923a9be815ddb7ecf17c06f437634c62fa999a293da90d964172a21d8ce74bd33938994fbd93377f7d83ce93d523782639c75221a3c91b53927a081b2b089a61770c6d112d78d5da8a6abc452d39a276787892080d6cf17dd09537c1ec5551d89567345068ef", 16);
            BigInteger publicExp = new BigInteger ("5");
            BigInteger privateExp = new BigInteger ("50ed65fa2bf3710ead980a456b88dde62de4e0e9", 16);
            publicKeySpec = new java.security.spec.RSAPublicKeySpec( publicMod, publicExp );
            privateKeySpec = new java.security.spec.RSAPrivateKeySpec( publicMod, privateExp);
            try
                 privateKey = keyFactory.generatePrivate(privateKeySpec);
                 publicKey = keyFactory.generatePublic(publicKeySpec);
            }catch ( InvalidKeySpecException ivse)
                 System.out.println("Exception3: " + ivse.toString() );
            try
            * initialize it for encryption with
            * recipient's public key
                 encryptCipher.init(Cipher.ENCRYPT_MODE, publicKey );
                 decryptCipher.init(Cipher.DECRYPT_MODE, privateKey );
       }catch ( InvalidKeyException ivse)
                 System.out.println("Exception4: " + ivse.toString() );
       public String getPublicKey()
            //return new String(publicKey.getEncoded());
            return publicKey.toString();
       public String getPrivateKey()
       //          return new String(privateKey.getEncoded());
            return privateKey.toString();
       public String encryptIt(String toencrypt)
            * Encrypt the message
            try
                 byte [] result = null;
                 try
                      result = encryptCipher.doFinal(toencrypt.getBytes());
                 catch ( IllegalStateException ise )
                      System.out.println("Exception5: " + ise.toString() );
                 return new String(result);
            }catch (Exception e)
                 e.printStackTrace();
            return "did not work";
       public String decryptIt(String todecrypt)
                      * decrypt the message
            try
                 byte [] result = null;
                 try
                      result = decryptCipher.doFinal(todecrypt.getBytes());
                 catch ( IllegalStateException ise )
                      System.out.println("Exception6: " + ise.toString() );
                 return new String(result);
            }catch (Exception e )
                 e.printStackTrace() ;
            return "did not work";
       public static void main(String[] args)
            try
            Security.addProvider(new BouncyCastleProvider());
            CryptTester tester = new CryptTester();
            String encrypted = "307203c3f5827266f5e11af2958271c4";
            System.out.println("Decoding string " + encrypted + "returns : " + tester.decryptIt(encoded) );
            } catch (Exception e)
                 e.printStackTrace();
  _________________ENDPROGRAM_____________________

• SSL private key password

  Hello everyone,
  I'm trying to upgrade a WLS 6.1 SP2 with WLP 4.0 SP2 instance to WLS 7.0 SP2
  with WLP 7.0 SP2. Everythng is fine except for that we cannot use the same
  SSL certificate. By defaul the private key is not encrypted with password
  (SSL.KeyEncrypted = false by default, according to the documentations) in
  both WLS 6.1 and WLS 7.0. But running WLS 7.0 startup script results the
  following error:
  <Sep 17, 2003 5:06:40 PM HST> <Alert> <WebLogicServer> <000297>
  <Inconsistent se
  curity configuration, java.lang.Exception: Cannot read private key from file
  C:\
  bea7\user_projects\agencyPortal\portal_islandinsurance_com-key.der. Make
  sure pa
  ssword specified in environment property weblogic.management.pkpassword is
  valid
  .>
  java.lang.Exception: Cannot read private key from file
  C:\bea7\user_projects\age
  ncyPortal\portal_islandinsurance_com-key.der. Make sure password specified
  in en
  vironment property weblogic.management.pkpassword is valid.
  at
  weblogic.security.service.SSLManager.getServerPrivateKey(SSLManager.j
  ava:434)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:153)
  at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:122)
  at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1513)
  at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:852)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:295)
  at weblogic.Server.main(Server.java:32)
  Is this happening because the private key is actually encrypted with the
  password? It was working, although the KeyEncrypted is not set to true and
  the startup script for WLS 6.1 instance did have a line
  with -Dweblogic.management.pkpassword. Or could this error be result of
  something else? The physical machine the instances are located is the same
  and IP address and the DNS entry hasn't been changed, either.
  Any insight will be greatly appreciated. Thanks!
  Makoto

  Thanks Tony - it worked!!
  "Tony" <TonyV> wrote in message news:[email protected]...
  It may be because the private key is both unprotected and in DER format.
  There are some things to try:
  1) Convert the private key file from a DER file to a PEM file and try
  that:
  a) Follow the for converting an unprotected private key at:
  http://e-docs.bea.com/wls/docs70/adminguide/utils.html#1143743
  b) Look at the resulting PEM file, it should look something like
  this:
  -----BEGIN RSA PRIVATE KEY-----
  -----END RSA PRIVATE KEY-----
  (Be sure there is no extra lines or whitespace after thefooter)
  >
  c) Change your configuration to point at the PEM file
  If that doesn work, then you can try protecting the key with apassword
  using
  the wlkeytool utility (It should be in the server/bin directory). The
  tool should prompt
  for a password to use to protect it:
  wlkeytool inputkey.pem outputkey.pem
  Then change your configuration to use the protected private key, andset
  the passwod to use.
  Tony
  "Makoto Suzuki" <[email protected]> wrote in message
  news:[email protected]...
  Hello everyone,
  I'm trying to upgrade a WLS 6.1 SP2 with WLP 4.0 SP2 instance to WLS 7.0SP2
  with WLP 7.0 SP2. Everythng is fine except for that we cannot use the
  same
  SSL certificate. By defaul the private key is not encrypted withpassword
  (SSL.KeyEncrypted = false by default, according to the documentations)in
  both WLS 6.1 and WLS 7.0. But running WLS 7.0 startup script resultsthe
  following error:
  <Sep 17, 2003 5:06:40 PM HST> <Alert> <WebLogicServer> <000297>
  <Inconsistent se
  curity configuration, java.lang.Exception: Cannot read private key fromfile
  C:\
  bea7\user_projects\agencyPortal\portal_islandinsurance_com-key.der. Make
  sure pa
  ssword specified in environment property weblogic.management.pkpassword
  is
  valid
  .>
  java.lang.Exception: Cannot read private key from file
  C:\bea7\user_projects\age
  ncyPortal\portal_islandinsurance_com-key.der. Make sure passwordspecified
  in en
  vironment property weblogic.management.pkpassword is valid.
  at
  weblogic.security.service.SSLManager.getServerPrivateKey(SSLManager.j
  ava:434)
  atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:153)
  atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:122)
  atweblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1513)
  at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:852)
  at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:295)
  at weblogic.Server.main(Server.java:32)
  Is this happening because the private key is actually encrypted with the
  password? It was working, although the KeyEncrypted is not set to true
  and
  the startup script for WLS 6.1 instance did have a line
  with -Dweblogic.management.pkpassword. Or could this error be result of
  something else? The physical machine the instances are located is thesame
  and IP address and the DNS entry hasn't been changed, either.
  Any insight will be greatly appreciated. Thanks!
  Makoto

• Reading private key: works in jdk 1.5, but throws exception in 1.4

  Hello,
  I am trying to read an RSA private key from a file. I am using the following code snippet:
  KeySpec spec = new RSAPrivateKeySpec(modulus, pExp);
  KeyFactory factory = KeyFactory.getInstance("RSA");
  PrivateKey key = factory.generatePrivate(spec);
  This runs perfectly fine under jdk 1.5 on keys I generate with OpenSSL. However, if I recompile and run under jdk 1.4, I get the following exception:
  java.security.spec.InvalidKeySpecException: Unknown key spec.
       at com.sun.net.ssl.internal.ssl.JS_KeyFactory.engineGeneratePrivate(DashoA6275)
       at com.sun.net.ssl.internal.ssl.JSA_RSAKeyFactory.engineGeneratePrivate(DashoA6275)
       at java.security.KeyFactory.generatePrivate(KeyFactory.java:237)
  I have also tried using RSAPrivateCrtKeySpec but I get the same error. Can anyone shed some light on what is going on?
  Thank you.

  'Unlimited Strength Jurisdiction Policy Files 1.4' Could be the solution.
  I had a similar problem with java 1.4 and those files do the work.
  ... finally the problem was that the password that protectd the keystore had 7 characters, using one of 5 characters works ok...

• Reconver SSL private key?

  I have a bit of a dilemma since I tried to install an SSL certificate on my server that needs intermediate certs. Here's what I did:
  1) In Server Admin, create a new key for my domain and use that key to create a CSR to send to a certificate authority. (This creates a public key, a private key and a self-signed certificate in the system keychain on the server).
  2) Sent the CSR away and got the signed certificate back.
  3) Used Server Admin to add the signed certificate to the existing domain cert (this replaces the self-signed cert). Restart services etc.
  Here's the problem: the cert that I have needs intermediate certs installed in order to be functional- currently the certificate shows as an untrusted authority. If I delete the current certificate in Server Admin to start again from scratch, it will delete the private key that I need to reinstall. I downloaded the intermediate certificates from the CA's website, but now the certificate installed on the server can't be modified. Besides, there is no place to enter the intermediate certificates. My plan was to try to paste all the certs into the box where it asks for the new certificate, but no joy since it is now locked.
  I would like to create a new certificate (there is a place in there to install intermediate certs), but I'll need to get my private key out of Keychain Access into a pem formatted file but I can't seem to get the thing to export.
  Questions:
  1) Is there a way to export a private key from Keychain Access so that it can be used for server admin?
  2) Is there a way to get at this from the command line?
  3) Is there some other procedure that can magically fix this problem?
  Thanks,
  Miles

  Thanks,
  This is the part that I was looking for:
  Launch Keychain Access as root:
  sudo /Applications/Utilities/Keychain\ Access.app/Contents/MacOS/Keychain\ Access &
  I then went here http://www.gridsite.org/wiki/Convert_p12 and converted the p12 to pem so I could use it in server admin.
  Thanks again,
  Miles

• Recovering Private Key Password

  I have a customer who is trying to load a private key from a file but can not remember the Private Key password. Does anyone have an idea of what the best way to recover this would be if its possible?

  this is not possible since this is the most important part of the security protocol.
  You have to created a new key and get a new certificate.
  Regards,
  Gilles.

• Private key problem

  hey folks,
  i would like to store a certificate's private key in a mysql db.
  my problem is that i don't know how to convert it back to a PrivateKey when i extract it from the db.
  i use the function Base64.encode(userPrivKey.getEncoded()); (org.bouncycastle.util.encoders.Base64; to store the private key base64 encoded in the db.
  when i extract the key from the db i can decode it with Base64.decode(). the problem is that the decode function only returns a byte array.
  so does anybody know how i can convert that byte array back to a private key?
  or is there any other (better) solution to store and retrieve private keys from a mysql db?
  many thanks
  toto

  I've been looking to do the same thing, and your code is helpful.
  If you do not want to pull in the BouncyCastle library, you can extract the RSA private key from the PKCS8 key format by parsing the DER directly. Here is some code that does it. All you need to add is the Base64 encode, and RSA begin and end flags.
  import java.util.*;
  import java.io.*;
  public class Pkcs8ToRsa {
      // rsaEncrytion is { pkcs-1 1 }
      // pkcs-1 is { iso(1) member-body(2) usa(840) rsadsi(113549) pkcs(1) 1 }
      private static final byte[] OID_rsaEncryption = {
          (byte)0x2a, (byte)0x86, (byte)0x48, (byte)0x86,
          (byte)0xf7, (byte)0x0d, (byte)0x01, (byte)0x01,
          (byte)0x01 };
      private static final byte[] INTEGER_v1 = { (byte)0x00 };
      private static final int TAG_INTEGER      = 0x02;
      private static final int TAG_OCTET_STRING = 0x04;
      private static final int TAG_OID          = 0x06;
      private static final int TAG_SEQUENCE     = 0x30;
      private byte[] buffer;
      private int offset;
      protected Pkcs8ToRsa(byte[] pkcs8key) {
          this.buffer = pkcs8key;
          this.offset = 0;
      public static byte[] convert(byte[] pkcs8key) {
          return (new Pkcs8ToRsa(pkcs8key)).extractPrivateKey();
      private int extractTag() {
          // Assume single octet tag
          return ((int)buffer[offset++]) & 0xff;
      private void matchTag(int tag) {
          if (extractTag() != tag) {
              throw new IllegalArgumentException("Bad input");
      private int extractLength() {
          int lengthOfLength = ((int)buffer[offset++]) & 0xff;
          if ((lengthOfLength & 0x80) == 0) {
              // Single octet
              return lengthOfLength;
          } else {
              // Multiple-octet
              lengthOfLength = lengthOfLength & 0x7f;
              int length = 0;
              for (int i = 0; i < lengthOfLength; i++) {
                  length = (length << 8) | (((int)buffer[offset++]) & 0xff);
              return length;
      private void matchLength(int length) {
          if (extractLength() != length) {
              throw new IllegalArgumentException("Bad input");
      private byte[] extractValue(int length) {
          byte[] value = new byte[length];
          System.arraycopy(buffer, offset, value, 0, length);
          offset += length;
          return value;
      private void matchValue(byte[] value) {
          for (int i = 0; i < value.length; i++) {
              if (buffer[offset+i] != value) {
  throw new IllegalArgumentException("Bad input");
  offset += value.length;
  public byte[] extractPrivateKey() {
  // Encoding should be
  // SEQUENCE {
  // version INTEGER,
  // privateKeyAlgorithm SEQUENCE {
  // id OBJECT IDENTIFIER,
  // Type OPTIONAL
  // privateKey OCTET STRING
  // attributes [0] Attributes OPTIONAL
  // We are after the contents of privateKey
  // Outer sequence
  matchTag(TAG_SEQUENCE);
  int totalLength = extractLength();
  if ((offset + totalLength) > buffer.length) {
  throw new IllegalArgumentException("Bad input");
  // Check version == v1
  matchTag(TAG_INTEGER);
  matchLength(INTEGER_v1.length);
  matchValue(INTEGER_v1);
  // Check algorithm
  matchTag(TAG_SEQUENCE);
  int algorithmLength = extractLength();
  int keyOffset = offset + algorithmLength;
  matchTag(TAG_OID);
  matchLength(OID_rsaEncryption.length);
  matchValue(OID_rsaEncryption);
  // Skip to privateKey
  offset = keyOffset;
  // Get it.
  matchTag(TAG_OCTET_STRING);
  int keyLength = extractLength();
  if ((offset + keyLength) > buffer.length) {
  throw new IllegalArgumentException("Bad input");
  return extractValue(keyLength);

• WBL 7.0 and SSL private key problem

  Having generated certificate request, and associated private key, I obtained
  the corresponding server level certificate. I am having problems starting the
  server with the cert. I have configured my server appropriately, here is the SSL
  configuration from the domain config.xml
  <SSL Enabled="true" HostnameVerificationIgnored="true"
  ListenPort="8090" Name="SampleServer"
  ServerCertificateChainFileName="nasaca.pem"
  ServerCertificateFileName="mydomain-cert.pem"
  ServerKeyFileName="mydomain-key.pem"/>
  and I am using -Dweblogic.management.pkpassword=mypassword
  in the startup script, however I get :
  java.lang.Exception: Cannot read private key from file /usr/user_projects/Sample/mydomain-key.pem.
  Make sure password specified in environment property weblogic.management.pkpassword
  is valid.
  I have given the right password. So the question is why am I seeing the error
  I am running this server on Sun Solaris. The password contains the usual ascii
  characters, including shell special characters.
  Any way checking the private key file ?
  Also as we have seen problems with the particular certificate we get from the
  CA, I wanted to use "utils.ValidateCertChain", alas this documented utility is
  conveniently missing from weblogic.jar. Oh big blue, why didn't we go with you
  Seriously, please help
  Tarang

  Darkit,
  I have the same problem. Let me know if you find a solution to this problem.
  Thanks,
  Bharathi

• Import an SSL Private Key

  Hello.  Is it possible to export the Private Key from, say, my J2EE engine (I'm running a dual stack) and import it into my ABAP instance so that both systems use the same Private Key?  They both have the same host name.

  I guess its possible. Please correct me if i am wrong.
  Please keep in mind, that simply importing a certificate as a certificate response won't work in this situation, since the public key from your CA and the public key in the individual PSEs already existing on the respective servers won't match.
  following steps all the key pairs and certificates that are currently stored in the SSL Server PSEs on the target systems will be removed. If you want to keep them, you'll need to export them to a safe place.
  Step 1: import the key pair into a PSE
  Since pl.16 of SAPCRYPTOLIB, key pairs given in the format PKCS#12 can be imported into a PSE (note 745063). Since pl.24 of SAPCRYPTOLIB, also the import of key pairs given as PKCS#5, PKCS#8 or OpenSSL-PEM is supported (note 1159829).
  Step 2: import the PSE resulting from Step 1) into the system's database All PSEs that are known to transaction STRUST will be exported from the database and distributed to the application servers at system startup. The related PSE files will be overwritten. So, the PSE resulting from the key pair import in step 1) needs to be imported into the database.
  You'll need to go through a procedure similar to the one described in note 1178155, step 3.
  - Copy the PSE from step 1) to your workstation/PC
  - Start transaction STRUST
  - Doubleclick the "FILE" icon in the navigation area (left hand side)
  - Select the PSE on your workstation/PC
  - Execute the menu item "PSE --> save as..." and choose the SSL Server
  PSE as target. This will save the PSE from step 1 as SSL Server
  standard PSE.
  - The following step is a modification from note 1178155 which is
  only applicable in your special situation: right mouse button click
  on the SSL Server PSE entry in the navigation area. From the context
  menu appearing, select "Change".
  - Remove the distinguished names from all application server specific
  PSEs in the list. Pressing the green tick mark ('save') will remove
  all application server specific SSL Server PSEs, so the system is
  forced to use the SS Server standard PSE instead.
  Don't forget to restart the ICM in order to make your changes become effective.
  Regards,
  Jazz

• Please guide me on the issue of private key

  Hi All
  I am working on application that requires to do encryption and decryption using public and public key. I need some guidance on how to implement this functionality. The only requirement is to have public key and private key in two different files. For public key i can get it from .cer certificate file but i do not have much idea of what feature in java is provided to read private key from file. The file is definately not the keystore file. Please guide me as to in what format the private key should be so that my java program could read it and do decryption.
  Another thing is that the private and public key file will be provided by the client. I do not have any control on creating them. I will be given a location where i could find public and private key and passphrase for private key.
  Basically i do not have any clue on what class or technique to use to read those
  Thanks and Regards
  Pankaj Tiwari

  This is how i create the private and the public key files (Not the certificate file) :
  KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
  kpg.initialize(2048); // 2048 is the keysize.
  KeyPair kp = kpg.generateKeyPair();
  PublicKey publicKey = kp.getPublic();
  PrivateKey privateKey = kp.getPrivate();
  // Serialize to a file
  ObjectOutput outPK = new ObjectOutputStream(new FileOutputStream("C:/Temp/PrivateKey.ser"));
  outPK.writeObject(privateKey);
  outPK.close();
  This is how i verify the signature of a file :
  File fileKey = new File("C:/Temp/KeyPair/publicKey.ser");
  ObjectInputStream inPK = new ObjectInputStream(new FileInputStream(fileKey));
  PublicKey publicKey = (PublicKey) inPK.readObject();
  inPK.close();
  // C:/Temp/myfile.zip.sign is the file that was generated when i signed my file C:/Temp/myfile.zip
  String algorithm = "SHA1withRSA";
  String myFile = "C:/Temp/myfile.zip";
  File fileSign = new File("C:/Temp/myfile.zip.sign");
  ObjectInputStream inSign = new ObjectInputStream(new FileInputStream(fileSign));
  byte[] signature = (byte[]) inSign.readObject();
  inSign.close();
  Signature verif = Signature.getInstance(algorithm);
  verif.initVerify(pubKey);
  FileInputStream in = new FileInputStream(myFile);
  int chVerif = 0;
  while ((chVerif = in.read()) != -1) {
  verif.update((byte)chVerif);
  if (verif.verify(signature))
  System.out.println("OK");
  else
  System.out.println("Error");

• Ssh with two or more private keys using ~/.ssh/config read the wrong private key

  Hi,
  I have created a config file in ~/.ssh/ to be able to connect to remote sites using different private keys per site.
  The problem is when I try to connect to any of them ssh reads the wrong private key dispite of the configuration in ~/.ssh/config file.
  For example:
  Host vps
     Hostname x.x.x.x
    User guesswho
     IdentityFile vps.pk
  Host home
    Hostname y.y.y.y
    User home
    IdentityFile home.pk
  >ssh -v vps ( connects using home.pk)
  >ssh -v -i ~/.ssh/vps.pk ( connects using home.pk)
  I tried it on a Ubuntu 10.04.3 LTS using same config file and keys (openssh-server 1:5.3p1-3ubuntu7) and it worked as expected.
  Any help would be appreciated.
  zcookie

  My question is do I have to create a separate private key from my imac or can I just copy the private key from my macbook?
  Do you have to create separate private keys? No, but there are reasons why you might want to.
  The biggest one is the fact that if any key is compromised, they are all compromised (since they are the same). Say, for example, your MacBook is lost or stolen. You really should consider disabling the MacBook's key from authorized_keys to prevent the finder/thief from getting into your server. If that one key is shared by multiple hosts, though, you're going to lock out all the other hosts as well, even though they haven't been affected.
  Having separate keys per client lets you nix just the key for the MacBook (or whichever machine) without impacting the other machines' ability to connect.
  Other than the trivial amount of work it takes to create a private key there's really no overhead in having unique keys per client machine. If, however, you really want them to be the same, knock yourself out

• Writing and retrieving RSA keys from a file

  Hello all,
  I'm trying to write a generated RSAPublicKey and RSAPrivateKey to a file, and then, later retrieve them.
  I thought I could use ObjectInput/OutputStream to do that, but when I do so I get the exception java.io.NotSerializableException: java.io.ObjectOutputStream
  (I'm surprised, because RSAPublic/PrivateKey are serializable, aren't they ?).
  If this is not the way to do it, I do not know how (no key constructor reading from byte [] ...).
  Can somebody please help me ?
  Thanks,
  Axelle.

  Hi,
  Can we generate public and private keys from fingerprint?
  where can i find a piece of code to view how it is.
  Thanks,
  Ganesh