Private key
Hello people,
i'm creating a program that needs to generate private keys,
i've found out that java has built in libraries that support this so i've tried:
KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
keyGen.initialize(1024);
KeyPair keypair = keyGen.genKeyPair();
PrivateKey privateKey = keypair.getPrivate();
PublicKey publicKey = keypair.getPublic();but after i set the privateKey i can't find a way to retrieve the actual numbers used in the private key (probably to prevent attacks...)
eventually, all my app really needs, is a table of , lets say, 100 private keys (each one as 2 big primes)
is it possible for me to use the java.security to do that?
thanks for your time.
i still need small ones in the begining. a modolus in
the size of 16 DWORDS is too big for me right now, i
need something like 4.
i guess i have no escape but to generate them myself,
the problem is that i probably won't do it
professionaly :(Well - nobody will generate 32-bit RSA keys "professionally", because it'd take about 2 CPU minutes to break your keys when they're that small. 512 bits was acceptable in the eighties - current best-practice, IIRC, is 2048 bit keys for anything you're serious about protecting, and 4096-bit keys for anything you want to protect for extended periods of time.
Grant
Similar Messages
-
Hello everyone,
I'm trying to upgrade a WLS 6.1 SP2 with WLP 4.0 SP2 instance to WLS 7.0 SP2
with WLP 7.0 SP2. Everythng is fine except for that we cannot use the same
SSL certificate. By defaul the private key is not encrypted with password
(SSL.KeyEncrypted = false by default, according to the documentations) in
both WLS 6.1 and WLS 7.0. But running WLS 7.0 startup script results the
following error:
<Sep 17, 2003 5:06:40 PM HST> <Alert> <WebLogicServer> <000297>
<Inconsistent se
curity configuration, java.lang.Exception: Cannot read private key from file
C:\
bea7\user_projects\agencyPortal\portal_islandinsurance_com-key.der. Make
sure pa
ssword specified in environment property weblogic.management.pkpassword is
valid
.>
java.lang.Exception: Cannot read private key from file
C:\bea7\user_projects\age
ncyPortal\portal_islandinsurance_com-key.der. Make sure password specified
in en
vironment property weblogic.management.pkpassword is valid.
at
weblogic.security.service.SSLManager.getServerPrivateKey(SSLManager.j
ava:434)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:153)
at weblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:122)
at weblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1513)
at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:852)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:295)
at weblogic.Server.main(Server.java:32)
Is this happening because the private key is actually encrypted with the
password? It was working, although the KeyEncrypted is not set to true and
the startup script for WLS 6.1 instance did have a line
with -Dweblogic.management.pkpassword. Or could this error be result of
something else? The physical machine the instances are located is the same
and IP address and the DNS entry hasn't been changed, either.
Any insight will be greatly appreciated. Thanks!
MakotoThanks Tony - it worked!!
"Tony" <TonyV> wrote in message news:[email protected]...
It may be because the private key is both unprotected and in DER format.
There are some things to try:
1) Convert the private key file from a DER file to a PEM file and try
that:
a) Follow the for converting an unprotected private key at:
http://e-docs.bea.com/wls/docs70/adminguide/utils.html#1143743
b) Look at the resulting PEM file, it should look something like
this:
-----BEGIN RSA PRIVATE KEY-----
-----END RSA PRIVATE KEY-----
(Be sure there is no extra lines or whitespace after thefooter)
>
c) Change your configuration to point at the PEM file
If that doesn work, then you can try protecting the key with apassword
using
the wlkeytool utility (It should be in the server/bin directory). The
tool should prompt
for a password to use to protect it:
wlkeytool inputkey.pem outputkey.pem
Then change your configuration to use the protected private key, andset
the passwod to use.
Tony
"Makoto Suzuki" <[email protected]> wrote in message
news:[email protected]...
Hello everyone,
I'm trying to upgrade a WLS 6.1 SP2 with WLP 4.0 SP2 instance to WLS 7.0SP2
with WLP 7.0 SP2. Everythng is fine except for that we cannot use the
same
SSL certificate. By defaul the private key is not encrypted withpassword
(SSL.KeyEncrypted = false by default, according to the documentations)in
both WLS 6.1 and WLS 7.0. But running WLS 7.0 startup script resultsthe
following error:
<Sep 17, 2003 5:06:40 PM HST> <Alert> <WebLogicServer> <000297>
<Inconsistent se
curity configuration, java.lang.Exception: Cannot read private key fromfile
C:\
bea7\user_projects\agencyPortal\portal_islandinsurance_com-key.der. Make
sure pa
ssword specified in environment property weblogic.management.pkpassword
is
valid
.>
java.lang.Exception: Cannot read private key from file
C:\bea7\user_projects\age
ncyPortal\portal_islandinsurance_com-key.der. Make sure passwordspecified
in en
vironment property weblogic.management.pkpassword is valid.
at
weblogic.security.service.SSLManager.getServerPrivateKey(SSLManager.j
ava:434)
atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:153)
atweblogic.t3.srvr.SSLListenThread.<init>(SSLListenThread.java:122)
atweblogic.t3.srvr.T3Srvr.initializeListenThreads(T3Srvr.java:1513)
at weblogic.t3.srvr.T3Srvr.resume(T3Srvr.java:852)
at weblogic.t3.srvr.T3Srvr.run(T3Srvr.java:295)
at weblogic.Server.main(Server.java:32)
Is this happening because the private key is actually encrypted with the
password? It was working, although the KeyEncrypted is not set to true
and
the startup script for WLS 6.1 instance did have a line
with -Dweblogic.management.pkpassword. Or could this error be result of
something else? The physical machine the instances are located is thesame
and IP address and the DNS entry hasn't been changed, either.
Any insight will be greatly appreciated. Thanks!
Makoto -
'Error while signing data-Private key or certificate of signer not availabl
Hello All,
In my message mapping I need to call a web service to which I need to send a field value consist of SIGNED DATA.
I am using SAP SSF API to read the certificate stored in NWA and Signing the Data as explained in
http://help.sap.com/saphelp_nw04/helpdata/en/a4/d0201854fb6a4cb9545892b49d4851/frameset.htm,
when I have tested using Test tab of message mapping it is working fine and I am able to access the certificate Keystore of NWA(we have created a keystore view and keystore entry to store the certificate) and generate the signed data ,but when I test end to end scenario from ECC system,it is getting failed in mapping with the error
' Error while signing data - Private key or certificate of signer not availableu2019.
Appreciate your expert help to resolve this issue urgently please.
Regards,
ShivkumarHi Shivkuar,
Could you please let me know how you were trying to achieve the XML signature.
We have a requirement where we have to sign the XML document and need to generate the target document as following structure.
<Signature>
<SignedInfo>
<CanonicalizationMethod />
<SignatureMethod />
<Reference>
<Transforms>
<DigestMethod>
<DigestValue>
</Reference>
<Reference /> etc.
</SignedInfo>
<SignatureValue />
<KeyInfo />
<Object>ACTUAL PAYLOAD</Object>
</Signature>
I am analyzing the possibility of using the approach that is given in the help sap link that you have posted above. Any inputs will be apprecited.
Thanks and Regards,
Sami. -
Reading private key: works in jdk 1.5, but throws exception in 1.4
Hello,
I am trying to read an RSA private key from a file. I am using the following code snippet:
KeySpec spec = new RSAPrivateKeySpec(modulus, pExp);
KeyFactory factory = KeyFactory.getInstance("RSA");
PrivateKey key = factory.generatePrivate(spec);
This runs perfectly fine under jdk 1.5 on keys I generate with OpenSSL. However, if I recompile and run under jdk 1.4, I get the following exception:
java.security.spec.InvalidKeySpecException: Unknown key spec.
at com.sun.net.ssl.internal.ssl.JS_KeyFactory.engineGeneratePrivate(DashoA6275)
at com.sun.net.ssl.internal.ssl.JSA_RSAKeyFactory.engineGeneratePrivate(DashoA6275)
at java.security.KeyFactory.generatePrivate(KeyFactory.java:237)
I have also tried using RSAPrivateCrtKeySpec but I get the same error. Can anyone shed some light on what is going on?
Thank you.'Unlimited Strength Jurisdiction Policy Files 1.4' Could be the solution.
I had a similar problem with java 1.4 and those files do the work.
... finally the problem was that the password that protectd the keystore had 7 characters, using one of 5 characters works ok... -
In the midst of an apocalyptic SSL install in 10.4 server. Currently, I am trying to install a wildcard cert via Server Admin, which may have been a mistake. After smashing my head for a week, I tried a new tack and rebuilt the system keychain and attempted to install the certificate; this failed at the level of Server Admin. However, in Keychain Access I am showing the SSL cert, public and private keys, and the CA's cert, all valid.
Since I know of no other way to do get KA talking to SA so that I can actually use this certificate, I am trying to export the valid certs and keys to import. My problem is this, the certs and public key export fine, the private key fails returning an error of Unable to Export CLINTERNALERROR. I double checked that root is enabled in netinfo. Any ideas on how to rectify this?I believe you have to run Keychain Access as root to export the private key.
sudo /Applications/Utilities/Keychain Access.app/Contents/MacOS/Keychain Access -
I have a bit of a dilemma since I tried to install an SSL certificate on my server that needs intermediate certs. Here's what I did:
1) In Server Admin, create a new key for my domain and use that key to create a CSR to send to a certificate authority. (This creates a public key, a private key and a self-signed certificate in the system keychain on the server).
2) Sent the CSR away and got the signed certificate back.
3) Used Server Admin to add the signed certificate to the existing domain cert (this replaces the self-signed cert). Restart services etc.
Here's the problem: the cert that I have needs intermediate certs installed in order to be functional- currently the certificate shows as an untrusted authority. If I delete the current certificate in Server Admin to start again from scratch, it will delete the private key that I need to reinstall. I downloaded the intermediate certificates from the CA's website, but now the certificate installed on the server can't be modified. Besides, there is no place to enter the intermediate certificates. My plan was to try to paste all the certs into the box where it asks for the new certificate, but no joy since it is now locked.
I would like to create a new certificate (there is a place in there to install intermediate certs), but I'll need to get my private key out of Keychain Access into a pem formatted file but I can't seem to get the thing to export.
Questions:
1) Is there a way to export a private key from Keychain Access so that it can be used for server admin?
2) Is there a way to get at this from the command line?
3) Is there some other procedure that can magically fix this problem?
Thanks,
MilesThanks,
This is the part that I was looking for:
Launch Keychain Access as root:
sudo /Applications/Utilities/Keychain\ Access.app/Contents/MacOS/Keychain\ Access &
I then went here http://www.gridsite.org/wiki/Convert_p12 and converted the p12 to pem so I could use it in server admin.
Thanks again,
Miles -
Recovering Private Key Password
I have a customer who is trying to load a private key from a file but can not remember the Private Key password. Does anyone have an idea of what the best way to recover this would be if its possible?
this is not possible since this is the most important part of the security protocol.
You have to created a new key and get a new certificate.
Regards,
Gilles. -
Private key password for Default DemoIdentity Keystore?
Hi
I am trying to Configure SSL in ALSB. I have created the PKI Credential mapping for the Default DemoIdentity Keystore
But it is asking for the password to access the Keypair.
The document states that i need to provide the password set during the creation of the keystore
but as i am using the default keystore i dont know where to look for the password.
Error :
[Security:090809|The key pair could not be retrieved from the keystore with the supplied alias demoidentity and its password
I tried using the KeyStorePassphrase but it didnt help me much ..
Can any one help me on this?
Regards
AnushaJay is right
To be more precise you can use something like
keytool -list -keystore ${wl_home}/server/lib/DemoTrust.jks -storepass DemoTrustKeyStorePassPhrasewhich leads to the following output
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 4 entries
certgenca, Mar 22, 2002, trustedCertEntry,
Certificate fingerprint (MD5): 8E:AB:55:50:A4:BC:06:F3:FE:C6:A9:72:1F:4F:D3:89
wlsdemocanew2, Jan 24, 2003, trustedCertEntry,
Certificate fingerprint (MD5): 5B:10:D5:3C:C8:53:ED:75:43:58:BF:D5:E5:96:1A:CF
wlsdemocanew1, Jan 24, 2003, trustedCertEntry,
Certificate fingerprint (MD5): A1:17:A1:73:9B:70:21:B9:72:85:4D:83:01:69:C8:37
wlscertgencab, Jan 24, 2003, trustedCertEntry,
Certificate fingerprint (MD5): A2:18:4C:E0:1C:AB:82:A7:65:86:86:03:D0:B3:D8:FEThe following list provides the location and passwords of the demo certificates:
Trust store location: ${WL_HOME}/server/lib/DemoTrust.jks
Trust store password: DemoTrustKeyStorePassPhrase
Key store location: ${WL_HOME}/server/lib/DemoIdentity.jks
Key store password: DemoIdentityKeyStorePassPhrase
Private key password: DemoIdentityPassPhrase -
Hi,
I would like to export my Portal private key, so that it can be used for network traffic capture (Wire shark).
Can anyone point me in the direction as to where this file can be exported.
Thanks
Kai
PS. Points will be awarded.....The Path to export the certificate is:
On the Portal
System administration -> system configuration -> Keystore administration -> download verify.der file
Regards,
Chengappa -
NAC and SSL - fails to import password protected private key
I am attempting to import an SSL certificate on my CCA Manager and Server. I purchased a wild card SSL cert *.domain.com. The private key used to generate the certificate was created on an Cisco ACS 3.2 server and has a password. When attempting to import the private key into the CCA Manager the browser times out and no error is reported.
My guess is that it is waiting for the password to allow access to the private key. Unfortunately there is no place on the form and no pop-up to enter the password.
Is there a command line option for importing a private key that may work for me?
Thanks
ShermThe best Possible way is to generate a CSR from the CCA server and then purchase a certificate using that CSR. Then you dont have problems with private keys.
Regards
sathappan -
WebLogic and SSL: supplying private key password upon startup
Hello,
Does BEA have an API I can use to customize the WebLogic Server startup? I have
a password callback function that I would like the WebLogic Server to call when
it needs the password for decrypting the server certificate private key...
-- POCOnope.. till now..
thanks
kiran
"POC" <[email protected]> wrote in message
news:3e258885$[email protected]..
>
Hello,
Does BEA have an API I can use to customize the WebLogic Server startup? Ihave
a password callback function that I would like the WebLogic Server to callwhen
it needs the password for decrypting the server certificate private key...
-- POCO -
Private key and digital certificate
I have a keystore . in ordeer to know what it contains ,i opened this keystore with this command ...keytool -list -keystore DemoIdentity.jks
and i got,
Keystore type: jks
Keystore provider: SUN
Your keystore contains 1 entry
demoidentity, Jan 4, 2007, keyEntry, // is it called private key ?
Certificate fingerprint (MD5): 60:42:75:33:31:AA:9A:C6:9D:1A:CD:9F:22:8D:4A:6A // is it called certificate ?
Question :
I still dont understand what a keystore contains. does it contains "private key" + "digital certificate" ?
If so , what are private keys and digital certificate in the above contents ?
Message was edited by:
Unknown_Citizen
Message was edited by:
Unknown_CitizenThe content of a 'keystore' is what you, or the person who provided it, put in it. In this case it looks like all it contains it a public key certificate with an alias of 'demoidentity' .
-
Hello,
I used RSA algorithm for encryption and i can send the encrypted text to the server , on the server side
in order to decrypt the message i passed the public key, but how to generate the private key on the server side, i am a beginner in cryptography, can anybody help me , if possible give me the coding for encryption and decryption which will work on the client side for encryption and server side for decryption,i need RSA algorithm for itwell, but i just used receivers public key to encrypt the data at the senders side, at the receivers side both secret and public key is generated, and the receivers secret key is used to decrypt. The ecrypted text can be accessed at the receivers side but it can't be decrypted, my program part is given below
Sender's side
// Create a new instance of Message class, to encrypt / decrypt message
Message M = new Message();
// Create a new instance of Keys, to generate keys
Keys K = new Keys ();
// Set the Plain Text message
M.PlainText = ta.getText(); (ta is the text area i displayed the text file)
// Display the Plain Text message
System.out.println (" Message:" + M.PlainText);
// Set the Number of Rounds
M.NumRounds = 2;
// Display the Number of Rounds
System.out.println (" Rounds:" + M.NumRounds);
// Create RSA Public, Secret key pairs
K.CreateKeys();
// Display Public Key individual number
System.out.println ("Public Key:" + K.PublicKey);
// Display Secret Key individual number
System.out.println ("Secret Key:" + K.SecretKey);
// Display n, the shared number (of Public and Secret Keys)
System.out.println (" n:" + K.n);
// Encrypt the Message
M.Encrypt (publicKey, n);
/* where publickey and n are generated at the receivers side and saved in the database, which is taken
at the senders side to encrypt the data. */
// Display the Encrypted Message
System.out.println (" Encrypted Message:" + M.CipherText);
String crp=M.CipherText.toString();
AT the receiving side
// Create a new instance of Message class, to encrypt / decrypt message
Message M = new Message();
// Create a new instance of Keys, to generate keys
Keys K = new Keys ();
// Set the Plain Text message
//M.PlainText = ta.getText();
// Display the Plain Text message
//System.out.println (" Message:" + M.PlainText);
// Set the Number of Rounds
M.NumRounds = 2;
// Display the Number of Rounds
System.out.println (" Rounds:" + M.NumRounds);
// Create RSA Public, Secret key pairs
K.CreateKeys();
// Display Public Key individual number
System.out.println ("Public Key:" + K.PublicKey);
pbk=K.PublicKey.toString();
// Display Secret Key individual number
System.out.println ("Secret Key:" + K.SecretKey);
// Display n, the shared number (of Public and Secret Keys)
System.out.println (" n:" + K.n);
bi=new BigInteger (bi.toString().concat(String.valueOf(K.SecretKey)));
bn=new BigInteger (bn.toString().concat(String.valueOf(K.n)));
System.out.println("SECRET:"+bi);
System.out.println("N:"+bn);
M.Decrypt(bi,bskbi); // where bi is secret generated at the recivers side and bn is retrieved
from the database , n = (p-1)*(q-1) where p and q are two large priome numbers */
at the receivers side the encrypted text can be accessed , but the text can be decrypted, what is the problem here, can u help me to change the codings
thanks in advance -
Private key protection in Keychain
Hi!
I have a keypair for email in a MS environment (Entourage) so I know it is there and works.
Q1: When I open Keychain and expand my email certificate I can see that private key ( RSA, 1024-bit) and it looks very much like being the 'real thing' i.e. in clear, not protected by any passphrase. Is that the case? If I export this, then a passphrase seems to required.
Q2: How can I export only my public key part?
BR, PetriThis is what I do:
.- In Keychain Manager, create a new keychain (File->New Keychain). Choose any name you like (Confid in this example).
.- Move your sensistive keys from "login" to "Confid".
.- Change the properties to each private key, allowing their access in Access Control to each program (like Mail) which you want to use the keys with. Make sure you check "Ask for password" every time the programs access the key.
.- Finally, change the properties (Edit->Change Settings) of Confid. I use "Lock after 1 minute of inactivity" and "Lock when sleeping".
This way I am asked for a password every time that I try to sign a mail or read a ciphered message.
Good luck. -
Private Key is incorrect or Hash not Set
SAP B1 2007A latest patch and WebTools just downloaded:-
I am very new to WebTools and am having a problem with sync i.e. I get the following message "Private Key is incorrect or Hash not Set" and nothing synchronsies.
I also have "NO INTERNAL ACCOUNT 630" in the Web Tools section of Server Configuration screen - I do not know if this problem is related to the problem above.
What services need to run in the SAP Business One Service Manager for Web CRM and\or Web Shop to work?
Thanks
IanHi Ian,
as you are new to Webtools, you might not be aware of our Webtools landing page that has links to very useful documentation to help you setup a Webtools installation correctly. Please see:
https://service.sap.com/smb/sbo/webtools
The following guide should help you:
SAP Business One E-Commerce and Web CRM 6 - Administrator's Guide
Kind Regards,
Lilian Lynch
SAP Business One Forums Team
Maybe you are looking for
-
You will see if you try and run it. Thanks for your help!
-
The HELP function suggests building a PDF Portfolio, which would be helpful for me when doing serches on PDF documents. But when I go to the File drop-down menu, no option appears for PDF portfolio, as the HELP instructions says there should occur.
-
How to run a script after resume from disk in pm-utils
When I use pm-hibernate, I have a few scripts that I would like to run upon de-thawing. At the moment, all I want to do is module-related: I want to remove the pcskpr mod (which I have blacklisted in my rc.conf MODULES array, but HAL loads it upon th
-
Hi, I am new to the sap script and i am facing a problem as i have called subroutine to convert digit amount into number but its missing some words as 57,387,916.20- [Rs. FIVE CRORE SEVENTY THREE LAKH EIGHTY SEVEN THOUSAND NINE HUNDRED SIXTEEN AND P
-
How would I save my playlists even after loading a new Itunes library? It seems like everytime I load or add a new library it keeps my songs but deletes my playlists. Now I have about 12k+ songs and I hate reorganizing them. Can anyone PLEASE help me