Problem managing keys/certificates with SunPKCS11

Similar Messages

• Manage user certificates with UE-V?

  Is it possible to manage user certificates with UE-V?  I wish to store/manage Personal Certificates with UE-V but can't seem to find information about how to achieve this.  Are Roaming Profiles still needed to have user certificates follow users
  or can this be hacked into UE-V.  I tried to create a template which handles the HKCU and User AppData paths which store Certificates but have not been able to get this to work.
  Windows 7/Windows 8 Server 2008R2/Server2012
  Any insight would be appreciated.
  Thanks,
  Mark Ringo

  Hi Mark
  Certificates are currently not supported with UE-V 1.0 / 1.0 SP1. Just saving HKCU keys and the RSA / System Certificate files in APPDATA does not work any more since Windows Vista. You have to use a logon / logoff script which does the trick via Microsoft
  CryptoAPI (Export / Import).
  I have included exampled with Powershell below.
  Cheers
  Michael
  ExportCert.ps1
  # Scriptname: ExportCert.ps1
  # Author: Michael Rüefli
  # Purpose: Export certificates local certificate store (Machine or User) to a PKCS12 file format
  # Version: 1.0.1
  # Fixed Issues / Changes:
  # V 1.0.1 / Fixed Export where no filter has been specified. Changed the autogenerated password strenght
  function ConvertToSid([STRING]$NtAccount)
  $result = (New-Object system.security.principal.NtAccount($NTaccount)).translate([system.security.principal.securityidentifier])
  return $result.value
  #Get the Arguments
  $exportpath = $args[0]
  $certstore = $args[1]
  $issuer_filter = $args[2]
  #Check the Args
  If ($args.count -lt 2)
  Write-host "Too less arguments! Usage: ExportCert.ps1 <exportpath> <certstore> [<filter> optional>" -ForegroundColor red
  write-host "Example: Powershell.exe ExportCert.ps1 H:\Certs CurrentUser DC=LOC" -ForegroundColor blue
  exit
  #Error Handler
  Trap [Exception]{continue}
  #Check Exportpath, if not there create it
  If ((Test-Path -Path $exportpath) -ne $True)
  New-Item -Path $exportpath -ItemType Directory
  #Get certificates in store
  If ($issuer_filter)
  $HKCUCerts = (dir cert:\$certstore\My | ? { $_.Issuer -notmatch $issuer_filter})
  Else
  $HKCUCerts = (dir cert:\$certstore\My)
  #process each certificate
  Foreach ($cert in $HKCUCerts)
  $friendlyname = $cert.FriendlyName
  $type = [System.Security.Cryptography.X509Certificates.X509ContentType]::pfx
  $username = $env:USERNAME
  $sid = ConvertToSid $username
  $pass = 'Letmein$$Cert2012'
  $pass_secure = ConvertTo-SecureString -AsPlainText $pass -Force
  $bytes = $cert.export($type, $pass)
  [System.IO.File]::WriteAllBytes("$exportpath\$friendlyname.pfx", $bytes)
  ImportCert.ps1
  # Scriptname: ImportCert.ps1
  # Author: Michael Rüefli
  # Purpose: Import PKCS12 certificates from a file share into local certificate store (Machine or User)
  # Version: 1.0
  # Fixed Issues / Changes:
  # V 1.0.1 / Changed the autogenerated password strenght
  function ConvertToSid([STRING]$NtAccount)
  $result = (New-Object system.security.principal.NtAccount($NTaccount)).translate([system.security.principal.securityidentifier])
  return $result.value
  #Get the Arguments
  $importpath = $args[0]
  $certstore = $args[1]
  #Check the Args
  If ($args.count -lt 2)
  write-host "Too less arguments! Usage: ImportCert.ps1 <importpath> <certstore>" -ForegroundColor red
  write-host "Example: Powershell.exe ImportCert.ps1 H:\Certs CurrentUser" -ForegroundColor blue
  exit
  #Error Handler
  Trap [Exception]{continue}
  function Import-PfxCertificate
  param([String]$certPath,[String]$certRootStore,[String]$certStore,$pfxPass = $null,[String]$KeySet)
  #Error Handler
  Trap [Exception]{continue}
  if ($args[0] -eq "-h")
  Write-Host "usage: Import-509Certificate <Filename>,<certstore>,<cert root>,<keyset> `n `
  Valid certstores: LocalMachine,CurrentUser `n `
  Valid cert root: My,AuthRoot,TrustedPublisher `n `
  Valid Keysets: MachineKeySet,UserKeySet"
  break
  write-host "Importing Certificate: $certPath"
  $pfx = new-object System.Security.Cryptography.X509Certificates.X509Certificate2
  if ($pfxPass -eq $null) {$pfxPass = read-host "Enter the pfx password" -assecurestring}
  $pfx.import($certPath,$pfxPass,"MachineKeySet,Exportable,PersistKeySet")
  $store = new-object System.Security.Cryptography.X509Certificates.X509Store($certStore,$certRootStore)
  $store.open("MaxAllowed")
  $store.add($pfx)
  $store.close()
  $username = $env:USERNAME
  $certs = Get-ChildItem $importpath -Filter "*.pfx"
  Foreach ($item in $certs)
  $item
  $friendlypath = $item.FullName
  $friendlyname = ($item.Name).replace(".pfx","")
  $sid = ConvertToSid $username
  "$friendlyname-$username"
  $pass = 'Letmein$$Cert2012'
  $pass_secure = ConvertTo-SecureString -AsPlainText $pass -Force
  Import-PfxCertificate "$friendlypath" "$certstore" "My" $pass_secure

• Workflow Manager Configuration - Certificate with Thumbprint does not have a private key

  After following the video series on how to install and Configure Workflow Manager into SharePoint 2013 http://technet.microsoft.com/en-us/library/dn201724(v=office.15).aspx,
  I get to the 'Configure Certificates' section in the Workflow Manager Configuration:  I browse to our wildcard certificate and select it.
  When I try to move to the next page of the configuration wizard, I get the following red error under the certificate:
  Certificate with thumbprint LONG STRING does not have a private key.
  I checked the properties of the certificate, and it says: You have a private key that corresponds to this certificate.
  What am I missing??
  Thank you.
  macrel

  Hi,
  According to your post, my understanding is that you got error under the certificate.
  Please make sure you configure the workflow manager correctly.
  More information:
  Install and configure workflow for SharePoint Server 2013
  Installing and Configuring Workflow Manager 1.0
  Best Regards,
  Linda Li
  Linda Li
  TechNet Community Support

• Problem import trusted certificate with oracle wallet manager

  hi people
  db version 10.2.0.4
  owm version 10.2.0.4
  os version windows server 2003
  the first thing i've tried
  is to import a certificate which was created with selfssl (contained in the mircosoft iss resource kit)
  but its not working
  i get the following failure "Some trusted certificates could not be installed"
  i've checked the metalink and found this
  [WALLET MANAGER FAILS TO IMPORT MS IIS GENERATED CERT|https://metalink2.oracle.com/metalink/plsql/f?p=130:15:3132180381448029652::::p15_database_id,p15_docid,p15_show_header,p15_show_help,p15_black_frame,p15_font:BUG,6815320,1,1,1,helvetica]
  i've tried it with an openssl generated certificate
  no problems with importing this as trusted certificate
  so my question
  exists a general problem with certificates which were created with iis services?

  Hi, I am having the same issue with the certificate. Can anyone tell me how to fix this?
  Thank You!
  Kathie

• Creating token key entry with SunPKCS11

  Hi:
  I have a problem creating a key entry in a smart card using PKCS11. I use a PKCS12 file as my input which is correctly loaded, I can parse the certificate chain. Then I try to load the key onto the card, but this fails in the C_CreateObject native method:
  java.security.KeyStoreException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DEVICE_MEMORY
          at sun.security.pkcs11.P11KeyStore.engineSetEntry(P11KeyStore.java:1104)
          at java.security.KeyStore.setEntry(Unknown Source)
          at com.safelayer.certmgr.Pkcs12Import.main(Pkcs12Import.java:88)
  Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DEVICE_MEMORY
          at sun.security.pkcs11.wrapper.PKCS11.C_CreateObject(Native Method)
          at sun.security.pkcs11.P11KeyStore.storePkey(P11KeyStore.java:1873)
          at sun.security.pkcs11.P11KeyStore.engineSetEntry(P11KeyStore.java:1100)
          ... 2 moreIt appears that I have correctly registered the provider and got the key store, but some permission is missing to create the object. I tried to add
  attributes(*,*,*) = { CKA_TRUSTED = true }to the configuration, but no luck. How do I configure the provider such that I can manage certificates on the card?
  Thanks, Erik

  i came up with the same problem. Can you tell me your way to deal with it ?
  thanks!
  [email protected]

• Workflow manager .. certificate generation key or cert

  Hello. Thanks for the time.  I was wondering if I can get some enlightment on the SP 2013 workflow manager  configuration.  In the technet video series one of the steps is to create a certificate and use that... but in most install docs
  I've found the step is skipped and set to choose an auto generate a cert with a key... like the farm passphrase.  My question is really in regards to what is the difference and can we have that set for in production? or is the auto-generate only for dev
  and testing?

  Hi,
  Quote:
  Under some circumstances, you must obtain and install Workflow Manager "issuer" certificates on SharePoint Server 2013. Here are the circumstances where you must install Workflow Manager certificates:
  If SSL is enabled either on SharePoint Server 2013 (which is not the default) or on Workflow Manager (which is the default), AND
  If SharePoint Server 2013 and Workflow Manager do not share a Certificate Authority, AND
  If Workflow Manager is configured to generate self-signed certificates (which is the default).
  For more information: http://technet.microsoft.com/en-us/library/jj658589(v=office.15).aspx
  Here is an article about certificates in workflow manager for reference:
  http://www.harbar.net/articles/wfm3.aspx
  Regards,
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact
  [email protected] .
  Rebecca Tu
  TechNet Community Support

• Using a SHA2 certificate with 12.1.1 (Oracle Wallet Manager 10.1.0.5)

  Hi folks,
  I'm trying to enable SSL on my 12.1.1 system, but I've got a bit of a problem.
  I've already logged a SR on this, so I already know that you cannot use SHA2 SSL certificates with Oracle Wallet Manager 10.1.0.5, which is part of the 10.1.3 tech stack. I started the SR on the EBS side, but it was passed on to the security group, and closed there. My question is, is there something that I don't know? Is there an upgrade path in 12.1.x that would include an upgrade to the OWM, or is there some sort of workaround? I'll be opening another SR tomorrow, but wanted to see if I was missing something simple.
  We have an internal certificate server (Microsoft AD), and the root certificate, which I need to import, is SHA2. I'm being told that they cannot generate a SHA1 root certificate, and would have to stand up another certificate authority. OWM 10.1.0.5 can't handle SHA2, so I'm stuck.
  Anybody been there done that?
  Thanks very much,
  -Adam vonNieda

  I'm trying to enable SSL on my 12.1.1 system, but I've got a bit of a problem. What kind of problems?
  I've already logged a SR on this, so I already know that you cannot use SHA2 SSL certificates with Oracle Wallet Manager 10.1.0.5, which is part of the 10.1.3 tech stack. I started the SR on the EBS side, but it was passed on to the security group, and closed there. My question is, is there something that I don't know? Is there an upgrade path in 12.1.x that would include an upgrade to the OWM, or is there some sort of workaround? I'll be opening another SR tomorrow, but wanted to see if I was missing something simple.
  We have an internal certificate server (Microsoft AD), and the root certificate, which I need to import, is SHA2. I'm being told that they cannot generate a SHA1 root certificate, and would have to stand up another certificate authority. OWM 10.1.0.5 can't handle SHA2, so I'm stuck. I am not sure if SHA2 is certified with EBS R12 so you might need to ask this question to Oracle Support. According to the following docs, SHA1 can be used with no issues.
  Enabling SSL in Oracle E-Business Suite Release 12 [ID 376700.1]     To BottomTo Bottom     
  SSL Primer: Enabling SSL in Oracle E-Business Suite Release 12 (Trial Certificate Example) [ID 1425103.1]
  Thanks,
  Hussein

• Problems in using a certificate with  different versions of JVM

  Hi friends,
  I am facing a typical problem:
  I have to use a certificate which uses the sha1DSA signing algorithm to contact a web service(I am coding a client). I was using J2SDK_1.4.1_02 before. I added the certificate to keystore and it was working fine. But if I upgraded my JRE to 1.4.2_13 the same code doesn't work,. I got the following exception:
  javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: No trusted certificate found
       at com.sun.net.ssl.internal.ssl.BaseSSLSocketImpl.a(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SunJSSE_az.a(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SunJSSE_ax.a(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.a(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.j(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.b(DashoA12275)
       at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(DashoA12275)
       at sun.net.www.protocol.https.HttpsClient.afterConnect(DashoA12275)
       at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(DashoA12275)
       at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:570)
       at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(DashoA12275)
       at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.post(HttpSOAPConnection.java:263)
       at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection$PriviledgedPost.run(HttpSOAPConnection.java:151)
       at java.security.AccessController.doPrivileged(Native Method)
       at com.sun.xml.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:121)
       at TestRequest.getCustomerInfo(TestRequest.java:60)
       at TestRequest.main(TestRequest.java:122)After some investigation I found that this JRE is accepting only certificate with sha1RSA signature algorithm. Please help me if anybody knows why this occurs or is this an issue which is to be addressed in server side.

  Hi Michal,
  Keeping in mind the recommendations of the Production Checklist...
  All other things being equal, homogenous deployments are usually less prone to surprises.
  But JDK 1.6 is noticeably faster than JDK 1.4, and features much better JMX support as well, so it's a probably the better option.
  Jon Purdy
  Oracle

• Acct determination for Materials management small differences with keys

  Dear all,
  While posting a document in MIRO, it throws error as 'Acct determination for Materials management small differences with keys not defined in ch/acts'.
  Please advise a solution to rectify this error.
  Regards,
  Vijay

  Hi,
  It seems due to small differences between debit and credit side you are not able to post the document price differences). Check all the data to create an entry first and  Check the data format. Can you check  in OBYC is there a way  to  have a transaction DIF (Materials management small differences) post to different GL accounts based on valaution class (plant)?

• Can't Export a Certificate with the Private Key

  I have downloaded a
  Symantec Enterprise Mobile Code Signing Certificate from email link. And the certificate was installed with no errors. Now
  when I'm going to export the certificate it will NOT allow me to export with private key. The option "Yes, export with private key" was grayed out. From MMC, add snap in certificate > local computer > certificate > certificatename. In this
  location "I can see the certificate image with a key on it". Is this mean that the import is successful with private key? If so, how to export correctly? Kindly help please!
  http://i1234.photobucket.com/albums/ff405/i_kiennt/Screenshot2_zpsaf770a8b.png
  http://i1234.photobucket.com/albums/ff405/i_kiennt/Screenshot3_zpsde23204d.png

  Hello MrTrungKien,
  Please share us a screenshot about The option "Yes, export with private key" was grayed out.
  Please take a look at the following article about exporting a Certificate with the Private Key.
  http://technet.microsoft.com/en-us/library/cc754329.aspx
  Yes, export the private key. (This option will appear only if the private key is marked as exportable and you have access to the private key.)
  It is marked as not exportable so users cannot export this certificate.
  Please contact Symantec to confirm if the key is exportable.
  Best regards,
  Fangzhou CHEN
  Fangzhou CHEN
  TechNet Community Support

• Problems in Viewer Builder with Production Push Security Certificate

  Help! I've been trying for days now to build my iPad app in Viewer Builder, but I get an error message for my Production APNS Push Certificate and I can't get past the provisioning page. I've been on a dozen calls with Adobe, and we haven't yet been able to solve the problem.
  In the last round of tech support, I emailed my aps_production.cer and my .p12 version to Adobe. They say that it's valid and that it works on their end. I was advised to uninstall my Folio Producer tools and Viewer Builder. I did this, redownloaded and reinstalled everything and got stuck in the exact same spot.
  If anyone has had a similar problem and been able to solve it please let me know. I'm at my wits end with this one!

  I've been running into this same problem for DAYS now with an app I'm trying to build, except for me it's the production PNS p12 certificate.
  I've tried creating a new app several (countless, actually) times. Since I never get to the point where I can save it, I've had to create a totally new app at every attempt—is this what happened to you? And it eventually worked?
  I've also installed and uninstalled Viewer Builder a few times now and the same problem occurs.
  BTW, I send my certificate to Adobe and they said that it was valid.

• Weblogic 12.1.1 SSL error --No identity key/certificate entry was found under alias server_name in keystore path\ name .jks on server AdminServer

  Hi guys,
  I installed  webloigic 12.1.1 on windows 2003(32-bit);
  I was requested add SSL Configuration to console;
  I'm using keytool; It is not first time I setup SSL on weblogic console, only version is different;
  before I did susssessfully on weblogic 11g(10.3.2-10.3.5) using the same scenario;
  My steps:
  1.generate key;
  keytool -keyalg RSA -genkey -v -alias <server_name> -keysize 2048 -storepass <pwd> -validity 762 -keystore <name>.jks
  2. create cert
  keytool -certreq -alias <server_name> -file file_name.csr -keystore <name>.jks
  after send and return certificate 3 layers;
  imported back;
  --root--
  keytool -importcert -v -noprompt  -alias rootca.kbr.com -file root0.cer -keystore <name>.jks -trustcacerts
  Enter keystore password:
  Certificate was added to keystore
  [Storing <name>.jks]
  keytool -importcert -v -noprompt  -alias rootca1.kbr.com -file root1.cer -keystore <name>.jks -trustcacerts
  Enter keystore password:
  Certificate was added to keystore
  [Storing <name>.jks]
  keytool -importcert -v -noprompt  -alias <server_name> -file root2.cer -keystore <name>.jks -trustcacerts
  Enter keystore password:
  Certificate reply was installed in keystore
  [Storing <name>.jks]
  confufigured weblogic using conosole;
  it looks like this in config.xml file
  <ssl>
        <enabled>true</enabled>
        <listen-port>7002</listen-port>
        <server-private-key-alias><server_name></server-private-key-alias>
        <server-private-key-pass-phrase-encrypted>{AES}TIRM5RT26K8IZDevCNMexlWp3BuhZaFpi8HEgPaOCrU=</server-private-key-pass-phrase-encrypted>
      </ssl>
      <listen-address>34.64.3.9</listen-address>
      <key-stores>CustomIdentityAndCustomTrust</key-stores>
      <custom-identity-key-store-file-name>path<name>.jks</custom-identity-key-store-file-name>
      <custom-identity-key-store-type>JKS</custom-identity-key-store-type>
      <custom-identity-key-store-pass-phrase-encrypted>{AES}hiemEGOTrjIRvEOnn0+ODuNpWehBbrgb8fydImfyXV4=</custom-identity-key-store-pass-phrase-encrypted>
      <custom-trust-key-store-file-name>path<name>.jks</custom-trust-key-store-file-name>
      <custom-trust-key-store-type>JKS</custom-trust-key-store-type>
      <custom-trust-key-store-pass-phrase-encrypted>{AES}xzP2kU98nkVMNLdzMv7VRoRjoBQUTu5jjtlMLm87PHc=</custom-trust-key-store-pass-phrase-encrypted>
    </server>
  When I restart SSL , I see error in log file
  Er<AdminServer> <[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)'> <weblogic> <> <> <1381506732875>
  <BEA-000297> <Inconsistent security configuration, weblogic.management.configuration.ConfigurationException: No identity key/certificate entry was found under alias <SERVER_NAME> in keystore path<name>.jks on server AdminServer>
  Please help
  I thought before if import certification get status Certificate reply was installed in keystore
  it shouldn't be problem for weblogic use thsi certificate;

  Compare your steps with the following
  http://weblogic-wonders.com/weblogic/2011/05/25/ssl-configuration-for-weblogic-server/

• SSL: how to use Multiple Private key/Certificate pair for authentication.

  Hi all,
  i am implementing SSL in java using X509 Certificate/private key combination.
  i have two set of private key/certificate pair.
  one is factory default and another is generated at run time.
  my problem is to try ssl connection with both pairs on same tcp/ip connection.
  e.g. on server side: first try ssl connection with factory default certificate, if it fails try connecting with generated certificate on same tcp/ip connection.
  on client side: if generated certificate(this certificate was generated at server side) is present first perform server authentication using this certificate otherwise authenticate server with factory default certificate.
  can someone please help and let me know how do i need to configure both ends(client and server) for achieving the same.
  Thanks In Advance
  Saurabh Ahuja

  Client code does not contain any default truststore and needs a certificate for authentication.Of course it does. OpenSSL has a way of doing that: some kind of equivalent for the truststore. None of the stuff you've posted here about generating certificates at runtime has any bearing on that problem.
  It's like this. The idea of PKI with SSL is as follows:
  - the server has a private key and a signed certificate. Preferably it's signed by a CA that the client already trusts, otherwise if it's self-signed it has to be exported from the server's keystore and imported into the truststores of all the clients.
  - the client has a truststore that trusts the server, one way or the other, see above.
  - the server's private key is private to it. Nobody else has it. Nobody else can ever get it. If it ever leaks, the server is compromised, and server authentication via that private key now means absolutely nothing. You have lost security.
  - the server sends its cert to the client along with a digital signature signed by its private key.
  - the client (a) decides whether it trusts the cert, via its truststore, and (b) verifies the digital signature, which establishes that the server owns the certificate.
  At this point the server is authenticated to the client and the SSL connection is open. It can now be used as an ordinary socket connection.
  If you want client authentication too, you need all the above in reverse as well, i.e. reading server for client and client for server throughout. Note particularly that each client must have its own private key. Otherwise the private key isn't private, so signing something with it doesn't establish ownership, so client authentication isn't valid.
  You need to understand all this stuff and relate it to the apparently broken security design of your application. Generating a private key and a certificate at runtime is complete nonsense within the context of PKI and SSL. It proves nothing, establishes nothing, authenticates nothing; it just wastes time.

• Solution manager key for installing ecc 6.0 on window 2003, oracle 10g

  Hi,
  I am installing ecc6.0 on windows 2003 platfrom with 10g oracle database.  I have problem providing solution manager key during installtion in the window.
  my db hostname is : deleted
  sap system id : deleted
  central instance number: deleted
  can any one help me please.
  Thank you
  Edited by: Eric Brunelle on Feb 8, 2010 7:53 AM

  > I am installing ecc6.0 on windows 2003 platfrom with 10g oracle database.  I have problem providing solution manager key during installtion in the window.
  >
  > my db hostname is : deleted
  > sap system id :deleted
  > central instance number: deleted
  It is illegal to provide keys here.
  You have to install a solution manager first before you can install an ERP 6.0 system - or open an OSS call if your Solution Manager is not (yet) available.
  Markus

• Problem in Creating Certificate in java

  Dear all
  I have problem in creating certificate using the java lang
  I created the keystore as shown in my code:
  but i still hasing problem with the code as u can see in the pics...
  Please help me to create my digitale certificate because i have to verifying it later... and i am still having no idea how i am going to verify the certificate.....
  Thanks in advance..
  Mariah
  Message was edited by:
  screen83

  i am sorry the picture can't be displayed
  anywhy, this the the code:
  1KeyStore ks = KeyStore.getInstance("JKS");
  2               char[] password = getPassword();
  3               java.io.FileInputStream fis =
  4               new java.io.FileInputStream("keyStoreName");
  5               ks.load(fis, password);
  6               fis.close();
  7               // get my private key
  8               KeyStore.PrivateKeyEntry pkEntry = (KeyStore.PrivateKeyEntry)
  9               ks.getEntry("privateKeyAlias", password);
  10               PrivateKey myPrivateKey = pkEntry.getPrivateKey();
  11
  12               // save my secret key
  13               javax.crypto.SecretKey mySecretKey;
  14               KeyStore.SecretKeyEntry skEntry =
  15               new KeyStore.SecretKeyEntry(mySecretKey);
  16               ks.setEntry("secretKeyAlias", skEntry, password);
  17
  18               // store away the keystore
  19               java.io.FileOutputStream fos =
  20               new java.io.FileOutputStream("newKeyStoreName");
  21               ks.store(fos, password);
  22               fos.close();
  and I have error at line 2 when I am calling rhe method getPassword();
  and at line 9 when calling the method getEntry()
  and at line 16 when calling the mthod setEntry
  Thanks
  Mariah
  Message was edited by:
  screen83