Public & Private Keys in Keychain

Similar Messages

• Deleted the public/private keys installed by iPCU & untrusted the certs

  Hi;
  it's early in the morning and i couldn't quite figure what was going on
  when:
  - new public and private keys "appeared" in keychain
  - a certificate was installed almost as soon as a plugged
  an iphone in while running iPhone Config Util (iPCU i now
  realize)
  From the console:
  Tue Jun 30 02:39:45 unknown mcmobiletunnel[363] <Warning>: added object <NSCFType: 0x1073d0> to keychain as iPCUHost-D3FA2B23-E0D0-4C42-A48B-DFXXXXXXXX-HostCert success 1 error 0
  What it looks like is on connecting the iPhone "phoned home" and snagged a certificate and public and private keys to install on my MacBook Pro.
  I deleted these not realizing who iPCUHost was (an earlier cert was marked as untrusted on a pass trhough my certs earlier).
  OK: so *how* do i recreate the public/private keys? the Certificates in Keychain?
  Tried: downloading and re-installing iPCU
  Tried: Time Machine to earlier version if iPCU & using Software update to Update.
  This is where things look unhappy in the iPCU console:
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Warning>: received request 4: (\n RequestType\n), keys {\n RequestType = GetProfileList;\n}
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Warning>: processing request 4: ((\n RequestType\n))
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Warning>: sending reply {\n OrderedIdentifiers = (\n );\n ProfileManifest = {\n };\n ProfileMetadata = {\n };\n Status = Acknowledged;\n}
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Error>: receive_message: Could not receive size of message: 0 Operation not permitted
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Warning>: received request 4: (null), keys (null)
  Tue Jun 30 03:42:36 unknown mcmobiletunnel[432] <Error>: main: Could not receive request from host.
  Tue Jun 30 03:48:21 unknown /usr/libexec/notification_proxy[426] <Error>: Could not receive size of message
  Tue Jun 30 03:48:21 unknown /usr/libexec/notification_proxy[426] <Error>: Could not receive message
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Warning>: received request 4: (\n RequestType\n), keys {\n RequestType = GetProfileList;\n}
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Warning>: processing request 4: ((\n RequestType\n))
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Warning>: sending reply {\n OrderedIdentifiers = (\n );\n ProfileManifest = {\n };\n ProfileMetadata = {\n };\n Status = Acknowledged;\n}
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Error>: receive_message: Could not receive size of message: 0 Operation not permitted
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Warning>: received request 4: (null), keys (null)
  Tue Jun 30 03:51:02 unknown mcmobiletunnel[446] <Error>: main: Could not receive request from host.
  Thx
  Jim

  I'm in the same situation here. While trying out the iPCU, I noticed my test devices were showing up with a certificate of "iPCUHost...". I was hoping to replace this default cert with one from our own CA, and in the process of messing around I tried deleting all of those certs from my Keychain. They deleted just fine, and after a sync the cert also disappeared from the connected iPhone. Unfortunately, there is no obvious way to replace that cert and as of now, I cannot install any profile to the device that has had the cert removed. If I select the device and click "Install" on a profile, nothing happens... no errors, no console messages, it just does nothing.
  I'm not quite sure how to replace the missing cert, and in particular how to replace it with one of our own rather than the default. Surely we don't have to actually develop a web service just to install certs... (see page 21 of the Enterprise Deployment Guide)
  -mike

• Is a Public/Private Key Pair possible in SAP?

  I have a web service that I would like to run as part of a nightly script. I currently use username/password authentication, but it is not acceptable to have them hard coded, due to Sarbanes-Oxley rules. SAP's site claims to support authentication with x.509 certificates, but is unclear on the implementation details. How could I go about setting up and using a public/private key pair in SAP?

  Not really a portal question, and maybe you'll get a better result in a security forum...
  However, briefly, yes, the AS Java supports X509 certificates as an authentication mechansm. You need to use Visual Admin to generate a server side certificate, then you need the client side to register its own X509 certificate and then in the Java user admin you need to associate the client certificate with a known user. Now when the client executes the web service call it can pass the certificate and the AS Java will back translate the certificate to a real username.

• Public/private keys

  How to create a private/public keys?
  Fred

  Hi Fred,
  Following are the steps required are to create a Public/Private Keys:
  1. Load the security provider (if not configured in $JAVAHOME/jre/lib/security/java.security)
  2. Obtain a handle to a secure random number generator.
  3. Obtain a handle to KeyPairGenerator for a specific public key algorithm.
  4. Generate the public/private key pair
  5. Extract the public and private keys
  The following example shows how to generate public and private keys using the KeyPairGenerator and KeyPair interfaces using JCSI's security provider.
  import java.security.*;
  // Load JCSI's JCA security provider
  Security.addProvider(new com.dstc.security.provider.DSTC());
  // Seed random number generator using the default seeding
  // "SHA1PRNG" = SHA1 Pseudo-random number generator
  SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
  // Initialise KeyPairGenerator to create 1024-bit RSA keys.
  // PK Algorithm = "RSA", Security Provider = "DSTC" (Wedgetail)
  KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA", "DSTC");
  keyGen.initialize(1024, random);
  // Generate RSA pulic/private key pair
  KeyPair keyPair = keyGen.genKeyPair();
  // Extract public and private keys
  PrivateKey privKey = keyPair.getPrivate();
  PublicKey pubKey = keyPair.getPublic();
  Hope this will help you.
  Regards,
  Anil.
  Techncial Support Engineer.

• Generate public private keys inside smart card

  Dear all,
  I am using this code to generate public and private key inside the smart card.
  KeyPair kp = new KeyPair(KeyPair.ALG_RSA_CRT, KeyBuilder.LENGTH_RSA_512);
  kp.genKeyPair();
  PrivateKey prikey = kp.getPrivate();
  PublicKey pubkey = kp.getPublic();
  This code is executing without errors.
  I need to get out the public key from the smart card. So I need to get public key to a byte array.
  But I can't get those keys to plain text byte array.
  The methods that I can get for pubkey object are
  pubkey.clearKey();
  pubkey.equals(obj);
  pubkey.getSize();
  pubkey.getType();
  pubkey.isInitialized(); only these.
  I am using
  Eclipse Version: 3.4.1 (Compiler complience level = 1.4)
  Jcop plugin (to communicate with the actual card and to test the java code in virtual card provided by JCOP)
  OmniKey5321 card reader (In contactless type)
  What is the reason to get only those above methods to pubkey object? Is it a version problem?
  How can I get the public key to plain byte array? Is it possible?
  If it is not possible Is there a way to get public key as a export certificate or something other solution?
  If my scenario is not a possible strategy, How can I use public private keys to send specific data to applet? Is there a better way to do this?
  Edited by: 863766 on Jun 6, 2011 12:16 AM

  Thank you very much!
  I used this code
  RandomData rand = RandomData.getInstance(RandomData.ALG_SECURE_RANDOM);
            short lenBytes = (short) (KeyBuilder.LENGTH_DES/8);
            byte[] buffer = JCSystem.makeTransientByteArray(lenBytes,JCSystem.CLEAR_ON_DESELECT);
            DESKey key = (DESKey) KeyBuilder.buildKey(KeyBuilder.TYPE_DES , KeyBuilder.LENGTH_DES,false);
            rand.generateData(buffer, (short) 0 ,lenBytes);
            key.setKey(buffer, (short) 0 ) ;
            byte keyData[]= new byte[256];
            key.getKey(keyData, (short) 0);
  Now I know how to initialize the key...
  Thank you again.
  Regards,
  Dushantha
  Edited by: 863766 on Jun 6, 2011 3:52 AM

• Acrobat 9 Pro / Files with public+private key security

  Hi,
  I'm working at a Software Company. We want to create the Help Documents for our Software in PDF.
  We want to take care, that those PDF documents cannot be opened without our Software.
  My idea is to certificate the PDFs with a public key and the private key is hidden in our program.
  I tested a lot and read the manual, but it doesn't work.
  Thanx for some hints.
  Greetings,
  Sven
  Sorry for the lousy English, I'm from Germany.

  You might be able to write some JavaScript to solve the problem, but even in that case you need to be aware that the security of PDFs are not all that secure, particularly if one uses a 3rd party reader. Apparently several of them ignore the PDF security settings and open the PDF anyway. I do not know if that would occur if the PDF were encrypted in some way.
  So much for giving a spin on the topic. Good luck.

• How does a public/private key encrypt and decrypt each other?

  I understand the logic that when a communication takes place both parties pass their public keys to each other which is used to encrypt all messages. Once the party receives the messages the private key is used to decrypt them however I'm wondering how a private key is generated from a public key. If the private key is based on an algorithm wouldn't each party be able to generate what the other person's private key would be based on the public? Wouldn't a third party?

  How the public and private keys are generated depends on what public key cryptosystem is being used, but in general the private key cannot be derived from the public with a computationally feasable algorithm, while the public key can be derived from the private key very quickly. Two examples:
  RSA: private keys are 2 primes, p and q, and an encryption exponent d. Public key is the product p*q, and an encryption exponent e. How does the attacker get p and q, or d, from n and e? The best attack known against this (for properly chosen p, q, and d) is factoring. Factoring can be made infeasable by choosing the primes to be large enough.
  Diffie-Hellman: a prime modulus p and a base g < p is known by everyone (including the attacker). The private key is an integer x chosen randomly, 2 <= x < p-1 (there are better ways to choose x). The public key is g^x mod p. How does the attacker get x from g^x mod p? Again, the best known attack is one that is computationally roughly equal to factoring a composite number of about the size of p.

• Public/private key length 2048 in visual administrator

  Hello,
  I need to generate an RSA public/private keypair with visual administrator with a length of 2048. From the dropdownbox in the dialog, "Key and Certificate Generation", I can only select op to 1024.
  Who knows if this is at all possible and/or how to get it done?
  this is on a Netweaver 6.40, XI 3.0 system
  thanks very much
  Gr Wout

  Hello Wout
  I think this issue would be best placed in the Netweaver Administrator forum. You will have a better chance of getting a quality answer to your query on that forum. I will forward the thread.
  Regards
  Mark Smyth
  XI/PI Moderator

• Encrypt text without full blown public/private keys or certificates?

  hello,
  i would like to encrypt small texts (up to about 1000 characters) to save them in a file and later load them and decrypt the text. what solutions in Java are available without setting up a full blown key store with public and private keys and/or certificates. i think about a small method/class that en- and decrypts arbitrary text.
  any suggestions?
  thanks in advance!

  okay, i found my solution:
  Blowfish (http://www.counterpane.com/blowfish.html) :
  BlowfishEasy be = new
  e = new BlowfishEasy("somekey");
  String crypted = be.encryptString(plaintext);
  Now, this I call easy and quite secure!
  :-)hey can u please tell me where u got the code from on
  blowfish website above
  I go there and click and the "Free source code" link.
  I then try and download the java implementation (which
  are packed as zip files), When I unzip them though
  the file just has up to the class declaration?????
  eg. public class BlowFish ... {
  and nothing else????
  Can u tell me what u did please

• Reconver SSL private key?

  I have a bit of a dilemma since I tried to install an SSL certificate on my server that needs intermediate certs. Here's what I did:
  1) In Server Admin, create a new key for my domain and use that key to create a CSR to send to a certificate authority. (This creates a public key, a private key and a self-signed certificate in the system keychain on the server).
  2) Sent the CSR away and got the signed certificate back.
  3) Used Server Admin to add the signed certificate to the existing domain cert (this replaces the self-signed cert). Restart services etc.
  Here's the problem: the cert that I have needs intermediate certs installed in order to be functional- currently the certificate shows as an untrusted authority. If I delete the current certificate in Server Admin to start again from scratch, it will delete the private key that I need to reinstall. I downloaded the intermediate certificates from the CA's website, but now the certificate installed on the server can't be modified. Besides, there is no place to enter the intermediate certificates. My plan was to try to paste all the certs into the box where it asks for the new certificate, but no joy since it is now locked.
  I would like to create a new certificate (there is a place in there to install intermediate certs), but I'll need to get my private key out of Keychain Access into a pem formatted file but I can't seem to get the thing to export.
  Questions:
  1) Is there a way to export a private key from Keychain Access so that it can be used for server admin?
  2) Is there a way to get at this from the command line?
  3) Is there some other procedure that can magically fix this problem?
  Thanks,
  Miles

  Thanks,
  This is the part that I was looking for:
  Launch Keychain Access as root:
  sudo /Applications/Utilities/Keychain\ Access.app/Contents/MacOS/Keychain\ Access &
  I then went here http://www.gridsite.org/wiki/Convert_p12 and converted the p12 to pem so I could use it in server admin.
  Thanks again,
  Miles

• Private key from RSAKeyValue

  How to generate private key from <RSAKeyValue> generated by .net. in java? I got public/private key in following format.
  <RSAKeyValue>
  <Modulus>abcdyDdNySesa8sWsd8XRG9rFf1av
  hch9BSG+sgCSYumLm5gzeTxrrpSqUf2VYfLp8USqK4uFBX312368wOEfK+C/viScPZn/hKcq
  vFpd/gKyXJ0M6Oxybn7qJNjVjGtemQDJJdvUPNyV1bcTq0Ugw9lM2cDBVzqHjxxzzACJnab=
  </Modulus>
  <Exponent>AQAB</Exponent>
  <P>/UTBBgeTREzfbV9ev1tKwGtFovxi9BiK5
  crZ3Qns3rt+lrd6Xas6tJhAvedGakGP7eeaLHdXZjeXGnqvKzRHw==</P>
  <Q>8FBLHPccdNh//dRF7Uf6weB829bz+G+NvVrKJMcOzUr9QuKcyRqfZTslKiC/aG9p1PoFxWpeyoPFwDrqFzTYhw==</Q>
  <DP>MTvTPU3fnscdFbb3MaG4gzuArbgQNFc722pkgoakfOS9RQgf/VjKXoFllz7
  05d+z6SHvSGemnEcYtNcbscPt4Q==</DP>
  <DQ>0NOVUihSbB8uqe8sVZ11BEEFfyw9eafGrc
  NVYbww2qjNh+/QetlNpfRNiVxHuIMInnBdz31tveHgV/laLqyDxQ==</DQ>
  <InverseQ>X0KxLXzW2glIhkk5lP0OnQVWfTutwo9Qg4DSk/5MtbQMMek8SHju7X9Ae2iL4DDRbWG/5mbrPdQ1yQg+GXCWbw==</InverseQ>
  <D>NCBukE3dm5+xRXEY4qWk3Xe8XFvIHT5vENOzTZE4jz0aBPxzTYLIgbkZP+lXgllc4mricqYSsD3K8vCBMQXEhqHkc6pSiYfesZG3wlujJGRyVoT1pVk5M460RwJfwPsO0TxfYCYU80CIfZNzFIEpGEp6pAUF1TQbnTre11aFjU=</D>
  </RSAKeyValue>
  I was able to generate public key as below.
  BigInteger publicExponent = new BigInteger(new sun.misc.BASE64Decoder().decodeBuffer("AQAB"));
  RSAPublicKeySpec rsaPublicKeySpec = new RSAPublicKeySpec(modulus,publicExponent);
  But privateKey need privateExponent
  RSAPrivateKeySpec rsaPrivateKeySpec = new RSAPrivateKeySpec(modulus,privateExponent);
  How to get privateExponent from <RSAKeyValue> ?
  RSAPrivateCrtKeySpec need following parameters. Can not find where it map in <RSAKeyValue>
  RSAPrivateCrtKeySpec(BigInteger modulus,
  BigInteger publicExponent,
  BigInteger privateExponent,
  BigInteger primeP,
  BigInteger primeQ,
  BigInteger primeExponentP,
  BigInteger primeExponentQ,
  BigInteger crtCoefficient)
  Thanks,
  DP

  PKCS#1 1.5 definition:
     RSAPrivateKey ::= SEQUENCE {
       version Version,
       modulus INTEGER, -- n
       publicExponent INTEGER, -- e
       privateExponent INTEGER, -- d
       prime1 INTEGER, -- p
       prime2 INTEGER, -- q
       exponent1 INTEGER, -- d mod (p-1)
       exponent2 INTEGER, -- d mod (q-1)
       coefficient INTEGER -- (inverse of q) mod p }RSAParameters as documented in .NET Framework Class Library:
  D Represents the D parameter for the RSA algorithm.
  DP Represents the DP parameter for the RSA algorithm.
  DQ Represents the DQ parameter for the RSA algorithm.
  Exponent Represents the Exponent parameter for the RSA algorithm.
  InverseQ Represents the InverseQ parameter for the RSA algorithm.
  Modulus Represents the Modulus parameter for the RSA algorithm.
  P Represents the P parameter for the RSA algorithm.
  Q Represents the Q parameter for the RSA algorithm. The KeySpec (CRT = Chinese Remainder Theorem)
  RSAPrivateCrtKeySpec(BigInteger modulus, 
  BigInteger publicExponent,
  BigInteger privateExponent,
  BigInteger primeP,
  BigInteger primeQ,
  BigInteger primeExponentP,
  BigInteger primeExponentQ,
  BigInteger crtCoefficient)So we could try some guessing:
  modulus <- Modulus
  publicExponent <- Exponent
  privateExponent <- D
  primeP <- P
  primeQ <- Q
  primeExponentP <- DP
  primeExponentQ <- DQ
  crtCoefficient <- InverseQTry it and tell me if it worked. Good luck.

• BizTalk Server 2013 SFTP Adapter with private key - Did not poll any files

  Hello, 
  We have a requirement to connect SFTP secure site with the private key and polling files.   Initially I have
  tested BizTalk Server 2013 SFTP Adapter receiver Port using  Bitvise SSH SFTP Server tool and it was working perfectly in our local network environment( with public private key authentication).
  However when we connected to Client SFTP server with private key authentication, It successfully connected to SFTP Server but
  did not poll any files from SFTP Site.  I added only one file to SFTP Server ( 145 kb file) for testing purpose.
  However BizTalk Server 2013 SFTP Send Adapter is working well with the same configuration.
  I could not find any errors in Event viewer also.  I can download\upload file using WinSCP tool .
  So I downloaded nSoftware SFTP Adapter trial version and deployed on server. nSoftware SFTP adapter  is also working find
  without any issues for Client SFTP Site.
   This is the configuration on SFTP Receive Adapter
  This is how SFTP Server download folder permission configured. I have got this details using WinSCP tool. 
  <o:p></o:p>
  Appreciate your help on this.<o:p></o:p>
  Thanks<o:p></o:p>
  PrabathD<o:p></o:p>

  BizTalk Adapter for SFTP is where the polling logic is implemented. It is not part of the SFTP Client logic. any SFTP Client is for User Interaction and you do what you want/when you want.
  The BizTalk Receive however is for purposes of automation and the adapter polls the receive location using the credentials every polling interval to check for the files matching the filter. When it find a file, it will read and publish to message box or
  submit to pipeline for processing. Your setting the polling interval to 0 (ZERO) might actually be disabling the polling.
  Set your poll interval to a non-zero value and check the behavior.
  Regards.

• Private key protection in Keychain

  Hi!
  I have a keypair for email in a MS environment (Entourage) so I know it is there and works.
  Q1: When I open Keychain and expand my email certificate I can see that private key ( RSA, 1024-bit) and it looks very much like being the 'real thing' i.e. in clear, not protected by any passphrase. Is that the case? If I export this, then a passphrase seems to required.
  Q2: How can I export only my public key part?
  BR, Petri

  This is what I do:
  .- In Keychain Manager, create a new keychain (File->New Keychain). Choose any name you like (Confid in this example).
  .- Move your sensistive keys from "login" to "Confid".
  .- Change the properties to each private key, allowing their access in Access Control to each program (like Mail) which you want to use the keys with. Make sure you check "Ask for password" every time the programs access the key.
  .- Finally, change the properties (Edit->Change Settings) of Confid. I use "Lock after 1 minute of inactivity" and "Lock when sleeping".
  This way I am asked for a password every time that I try to sign a mail or read a ciphered message.
  Good luck.

• How to figure out which developer public and private keys to delete

  Hello everyone,
  In my Keychain Access utility, I have two iOS Developer public keys and two iOS Developer private keys. That was the result of a problem with setting up things for iOS development - I had to try it a second time in the Member Center part of the Apple developer website.
  How do I assess whether a key is actually being used for anything?
  I notice that the second private key has a disclosure triangle which reveals an iPhone Developer certificate underneath. The first private key has nothing like that.
  The two public keys look identical.
  Is it even necessary for me to do anything? I want to delete extra unused keys if they will cause a problem.
  Thanks for any guidance.
  Erik

  AliD wrote:
  System view is user_dependencies.no INDEXES
  SQL> select type, count(*) from user_dependencies group by type;
  TYPE               COUNT(*)
  RULE                   3
  JAVA DATA           3131
  PROCEDURE            551
  OPERATOR             30
  PACKAGE BODY           8175
  PACKAGE            1193
  RULE SET             13
  TYPE BODY            567
  TRIGGER              43
  UNDEFINED             66
  JAVA CLASS          21630
  TYPE               COUNT(*)
  VIEW               13636
  FUNCTION            405
  TABLE                 284
  EVALUATION CONTXT        22
  SYNONYM               8
  TYPE                2267
  17 rows selected.
  SQL> show user
  USER is "SYS"
  SQL>

• BizTalkServer 2010 SFTP Adapter from CodePlex - Configuring send and receive locations with SSH public and private keys

  Hi there,
  I am looking for step by step instrcutions on how to configure SFTP Codeplex adapter for both receive and send ports.
  Out business partner with whom we push/poll the files from wants us to use SSH encryption/decryption etc.
  Just wondering if the following functionality is supported in Codeplex SFTP adatper without having to write any code.
  Appreciate if there is manaul to do this for SFTP. BTW I do have all the our public and private keys and business partners Public key for configuring.
  For Send port: 1. we would need to encrypt the file with our business partners public key
                        2. sign the file with our private key.
                        3. Send the file through to SSH client which eventually transfers to Remote server.
  Receive port:   1. Connect to SSH Server with SSH-2 key and receive the file
                        2. Verify the file's digital signature agaisnt the Business partners PGP public key
                        3. Decrypt the file using our PGP Public key
  Thanks in advance

  Yes it is supported.
  You can find its documentation in this link 
  You can find section X.509 Certificate Identity Keys
  You can set public and private key in property SSH Identity thumbprint  of send and receive port
  I prefer to test it using client tool like
  FileZilla or WinSCP then test it using sftp adapter
  When you see answers and helpful posts, please click Vote As Helpful, Propose As Answer, and/or Mark As Answer