RSA Signature Forgery Vulnerability ?
Both OpenSSL and BouncyCastle have announced fixes related to a vulnerability recently found in PKCS #1 v1.5 signatures.
http://www.matasano.com/log/469/many-rsa-signatures-may-be-forgeable-in-openssl-and-elsewhere/
http://www.openssl.org/news/secadv_20060905.txt
Do current versions jsse/jce have this issue? And if so what is being done to address it?
G
Both OpenSSL and BouncyCastle have announced fixes
related to a vulnerability recently found in PKCS #1
v1.5 signatures.
http://www.matasano.com/log/469/many-rsa-signatures-ma
y-be-forgeable-in-openssl-and-elsewhere/
http://www.openssl.org/news/secadv_20060905.txt
Do current versions jsse/jce have this issue? And if
so what is being done to address it?
GYes, Suns JCE is vulnerable to this attack. You can for example verify this yourself:
Generate a 3072 bit RSA public key with public exponent e=3.
Use the message:
Welcome to Crypto 06
The SHA-1 hash of this message is
132930072fd147c44e4df2289206ba472f53d855You can verify that Suns JCE accepts the signature
07ffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffff
ffffffffffffffffffffffffffffffff
fffffffffffffffeaaead6eab6b2b18e
bd595822b1555ac56ee1955eea6c5fb0
6867ed8b6d5e4db43f1a75c7fffffffffor this message.
I'm currently using JDK 1.5 for my tests.
I'm not aware of patches.
Daniel Bleichenbacher
Similar Messages
-
Digital Contract Signing Protocol based on the RSA Signature
Hi,
I need to develop a Java implementation for the Digital Contract Signing Protocol based on the RSA Signature which includes 2 clients and 1 server.
Could anyone please tell me how to approach this and how to sole this.A paper with the algorithm appears to be available here: http://www2005.org/cdrom/docs/p412.pdf. Have you tried contacting the author to see if he/she has a reference implementation?
Arshad Noor
StrongAuth, Inc. -
What does the Certificate Manager do?
There are tons of Certificates (some government affiliated). Can I remove these or at least find out their association is? (ie. they are for xxxx website that you visited on xx/xxxx). Is there something that tells me if a certificate is permanent or part of the computer. This is all very scary.
See:
*https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/
*https://www.mozilla.org/en-US/about/governance/policies/security-group/certs/policy/maintenance/
You can only disable built-in root certificates by removing their trust bits (click the Edit button) to make it impossible to use them as root certificate.
You may want to disable SSL3 for now until this vulnerability is addressed if you are concerned.
RSA Signature Forgery in NSS:
*https://blog.mozilla.org/security/2014/09/24/rsa-signature-forgery-in-nss/
*https://www.mozilla.org/security/announce/2014/mfsa2014-73.html
You can set the security.tls.version.min to 1 on the <b>about:config</b> page to disable SSL3 and only have TLS 1.0 and later enabled.
You may need to close and restart Firefox after changing these prefs.
* security.tls.version.min = 1
* http://kb.mozillazine.org/security.tls.version.*
0 means SSL 3.0, 1 means TLS 1.0, 2 means TLS 1.1, 3 means TLS 1.2 etc.
Note that you may have to reset the pref and re-enable SSL3 in case you experience issues with accessing websites via a secure connection. -
Problem with using DSA signatures ON CARD
Hi ppl,
I've encountered a rather really wierd problem using DSA signatures on a java card applet.
I just create the key using these two lines and i get a response which is not supposed to happen...
KeyPair dsakey = new KeyPair (KeyPair.ALG_DSA, KeyBuilder.LENGTH_DSA_1024 );
dsakey.genKeyPair();
when i jus execute this portion(there shudn be a response coz i've written 4 one) but this is the unexpected trace on the shell
cm> /send 00150000
=> 00 15 00 00 ....
(259128 usec)
<= 7C 16 C8 12 D0 7A EF EE A1 52 6D 00
nevermind the 6D 00 response it jus means that the INS value is not recommended
The wierd part is i haven written any code for handling response here which jus means that somethin is happenin when the key is initialized... n secondly i don know what this 10 byte value represents also and it keeps changing each time i execute...
Please throw some light if anyone knows anythin or solved some issue like this before...
card specs... jcop 21 36k version 2.3.1 however this issue persists on simulator as well...
Thx in advance
cheers
BharatYeh lex
Figured it out ... Thx anyways ... Using RSA signatures... ^_^
Cheers
Bharat -
I have received error "[javax.net.ssl.SSLKeyException: RSA premaster secret error]
caused by [java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/PKCS1Padding]"
when running the following code snippet from command line[b]:
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
URL url = new URL("https://svn.apache.org/repos/asf/");
BufferedReader in = new BufferedReader(
new InputStreamReader(
url.openStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();Specially, the error only occurs when using JDK 1.5.0_07-b03 on Solaris platform.
I have tried using other JDK versions (e.g: 1.4.2_09-b05, etc...) and NOT see the error.
This is very strangle! It may be a bug of this JDK version?!!!
The below is all providers available on this JDK; search among these providers
I've found out a unusual point that we see no any provider implementing RSA.
So I doubt that this missing can lead to error
[java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/PKCS1Padding]
------------------- All providers avaible on JDK 1.5.0_07-b03, Solaris platform ------------
SUN = SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
SunRsaSign = Sun RSA signature provider
SunJSSE = Sun JSSE provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
SunJCE = SunJCE Provider (implements DES, Triple DES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
SunJGSS = Sun (Kerberos v5)
SunSASL = Sun SASL provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL, PLAIN, CRAM-MD5; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5)
For the other JDK versions, we can see "implements RSA" and then everything works fine!
------------------- All providers avaible on other JDK versions, Windows/Solaris platform ------------
SUN = SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
SunJSSE = Sun JSSE provider([b]implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
SunRsaSign = SUN's provider for RSA signatures
SunJCE = SunJCE Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
SunJGSS = Sun (Kerberos v5)
I have downloaded and installed the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files version 5.0
but the error still occurs!
Does anybody know how to fix this error? Please!!!
All debug logs:
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1156020880 bytes = { 193, 133, 1, 170, 144, 169, 140, 138, 68, 202, 209, 91, 45, 104, 239, 18, 165, 7, 109, 248, 198, 11, 33, 107, 142, 135, 120, 149 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 73
0000: 01 00 00 45 03 01 45 E7 7B 90 C1 85 01 AA 90 A9 ...E..E.........
0010: 8C 8A 44 CA D1 5B 2D 68 EF 12 A5 07 6D F8 C6 0B ..D..[-h....m...
0020: 21 6B 8E 87 78 95 00 00 1E 00 04 00 05 00 2F 00 !k..x........./.
0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2.............
0040: 03 00 08 00 14 00 11 01 00 .........
main, WRITE: TLSv1 Handshake, length = 73
[write] MD5 and SHA1 hashes: len = 98
0000: 01 03 01 00 39 00 00 00 20 00 00 04 01 00 80 00 ....9... .......
0010: 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A 07 00 ..../..3..2.....
0020: C0 00 00 16 00 00 13 00 00 09 06 00 40 00 00 15 ............@...
0030: 00 00 12 00 00 03 02 00 80 00 00 08 00 00 14 00 ................
0040: 00 11 45 E7 7B 90 C1 85 01 AA 90 A9 8C 8A 44 CA ..E...........D.
0050: D1 5B 2D 68 EF 12 A5 07 6D F8 C6 0B 21 6B 8E 87 .[-h....m...!k..
0060: 78 95 x.
main, WRITE: SSLv2 client hello message, length = 98
[Raw write]: length = 100
0000: 80 62 01 03 01 00 39 00 00 00 20 00 00 04 01 00 .b....9... .....
0010: 80 00 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A ....../..3..2...
0020: 07 00 C0 00 00 16 00 00 13 00 00 09 06 00 40 00 ..............@.
0030: 00 15 00 00 12 00 00 03 02 00 80 00 00 08 00 00 ................
0040: 14 00 00 11 45 E7 7B 90 C1 85 01 AA 90 A9 8C 8A ....E...........
0050: 44 CA D1 5B 2D 68 EF 12 A5 07 6D F8 C6 0B 21 6B D..[-h....m...!k
0060: 8E 87 78 95 ..x.
[Raw read]: length = 5
0000: 16 03 01 00 4A ....J
[Raw read]: length = 74
0000: 02 00 00 46 03 01 45 E6 B7 07 AC 7B 34 BC 5A 65 ...F..E.....4.Ze
0010: 97 CE 8B B3 9C 11 39 7B CC D2 94 A5 8C A0 B5 B5 ......9.........
0020: FB CD 4E A2 A5 70 20 40 C1 0B 11 F0 83 F7 E4 80 ..N..p @........
0030: F0 77 83 34 24 D5 1A 70 B4 B2 C6 16 DF 36 AD 95 .w.4$..p.....6..
0040: EA 45 09 93 F0 7A 5E 00 04 00 .E...z^...
main, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1155905287 bytes = { 172, 123, 52, 188, 90, 101, 151, 206, 139, 179, 156, 17, 57, 123, 204, 210, 148, 165, 140, 160, 181, 181, 251, 205, 78, 162, 165, 112 }
Session ID: {64, 193, 11, 17, 240, 131, 247, 228, 128, 240, 119, 131, 52, 36, 213, 26, 112, 180, 178, 198, 22, 223, 54, 173, 149, 234, 69, 9, 147, 240, 122, 94}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 45 E6 B7 07 AC 7B 34 BC 5A 65 ...F..E.....4.Ze
0010: 97 CE 8B B3 9C 11 39 7B CC D2 94 A5 8C A0 B5 B5 ......9.........
0020: FB CD 4E A2 A5 70 20 40 C1 0B 11 F0 83 F7 E4 80 ..N..p @........
0030: F0 77 83 34 24 D5 1A 70 B4 B2 C6 16 DF 36 AD 95 .w.4$..p.....6..
0040: EA 45 09 93 F0 7A 5E 00 04 00 .E...z^...
[Raw read]: length = 5
0000: 16 03 01 08 EB .....
[Raw read]: length = 2283
0000: 0B 00 08 E7 00 08 E4 00 04 99 30 82 04 95 30 82 ..........0...0.
0010: 03 FE A0 03 02 01 02 02 03 3F 3E DD 30 0D 06 09 .........?>.0...
0020: 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 EC 31 0B *.H........0..1.
0030: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0E 06 0...U....US1.0..
0040: 03 55 04 08 13 07 41 72 69 7A 6F 6E 61 31 13 30 .U....Arizona1.0
0050: 11 06 03 55 04 07 13 0A 53 63 6F 74 74 73 64 61 ...U....Scottsda
0060: 6C 65 31 25 30 23 06 03 55 04 0A 13 1C 53 74 61 le1%0#..U....Sta
0070: 72 66 69 65 6C 64 20 54 65 63 68 6E 6F 6C 6F 67 rfield Technolog
0080: 69 65 73 2C 20 49 6E 63 2E 31 30 30 2E 06 03 55 ies, Inc.100...U
0090: 04 0B 13 27 68 74 74 70 3A 2F 2F 77 77 77 2E 73 ...'http://www.s
00A0: 74 61 72 66 69 65 6C 64 74 65 63 68 2E 63 6F 6D tarfieldtech.com
00B0: 2F 72 65 70 6F 73 69 74 6F 72 79 31 31 30 2F 06 /repository110/.
00C0: 03 55 04 03 13 28 53 74 61 72 66 69 65 6C 64 20 .U...(Starfield
00D0: 53 65 63 75 72 65 20 43 65 72 74 69 66 69 63 61 Secure Certifica
00E0: 74 69 6F 6E 20 41 75 74 68 6F 72 69 74 79 31 2A tion Authority1*
00F0: 30 28 06 09 2A 86 48 86 F7 0D 01 09 01 16 1B 70 0(..*.H........p
0100: 72 61 63 74 69 63 65 73 40 73 74 61 72 66 69 65 ractices@starfie
0110: 6C 64 74 65 63 68 2E 63 6F 6D 30 1E 17 0D 30 37 ldtech.com0...07
0120: 30 31 32 36 31 34 31 38 35 35 5A 17 0D 30 39 30 0126141855Z..090
0130: 31 32 36 31 34 31 38 35 35 5A 30 55 31 17 30 15 126141855Z0U1.0.
0140: 06 03 55 04 0A 13 0E 73 76 6E 2E 61 70 61 63 68 ..U....svn.apach
0150: 65 2E 6F 72 67 31 21 30 1F 06 03 55 04 0B 13 18 e.org1!0...U....
0160: 44 6F 6D 61 69 6E 20 43 6F 6E 74 72 6F 6C 20 56 Domain Control V
0170: 61 6C 69 64 61 74 65 64 31 17 30 15 06 03 55 04 alidated1.0...U.
0180: 03 13 0E 73 76 6E 2E 61 70 61 63 68 65 2E 6F 72 ...svn.apache.or
0190: 67 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 g0..0...*.H.....
01A0: 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 FC 1F .......0........
01B0: 45 06 36 E7 1B D4 41 AD A5 FC 08 44 D2 9D C6 42 E.6...A....D...B
01C0: 2D CB 52 94 74 70 6C 56 5D 84 4D 48 F2 2E 25 BA -.R.tplV].MH..%.
01D0: 9A CC 79 39 60 61 82 11 DE E5 2B 2A 61 D8 23 BC ..y9`a....+*a.#.
01E0: 2C 5D BC AD 61 2B 7B 36 6B CA 08 45 D5 D0 D0 03 ,]..a+.6k..E....
01F0: A4 71 EB 06 93 9F 37 C9 D3 E8 71 25 C1 7A FF 82 .q....7...q%.z..
0200: 88 E2 79 24 64 51 E6 FF 58 E7 D3 2E 0A AE 9F 1C ..y$dQ..X.......
0210: 11 7E 9C 21 6F 4D D4 10 96 77 B5 FF 30 25 47 28 ...!oM...w..0%G(
0220: 5D 34 B1 CE 50 78 55 C4 E3 F7 39 82 72 15 02 03 ]4..PxU...9.r...
0230: 01 00 01 A3 82 01 D9 30 82 01 D5 30 09 06 03 55 .......0...0...U
0240: 1D 13 04 02 30 00 30 0B 06 03 55 1D 0F 04 04 03 ....0.0...U.....
0250: 02 05 A0 30 1D 06 03 55 1D 25 04 16 30 14 06 08 ...0...U.%..0...
0260: 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 +.........+.....
0270: 03 02 30 56 06 03 55 1D 1F 04 4F 30 4D 30 4B A0 ..0V..U...O0M0K.
0280: 49 A0 47 86 45 68 74 74 70 3A 2F 2F 63 65 72 74 I.G.Ehttp://cert
0290: 69 66 69 63 61 74 65 73 2E 73 74 61 72 66 69 65 ificates.starfie
02A0: 6C 64 74 65 63 68 2E 63 6F 6D 2F 72 65 70 6F 73 ldtech.com/repos
02B0: 69 74 6F 72 79 2F 73 74 61 72 66 69 65 6C 64 69 itory/starfieldi
02C0: 73 73 75 69 6E 67 2E 63 72 6C 30 52 06 03 55 1D ssuing.crl0R..U.
02D0: 20 04 4B 30 49 30 47 06 0B 60 86 48 01 86 FD 6D .K0I0G..`.H...m
02E0: 01 07 17 01 30 38 30 36 06 08 2B 06 01 05 05 07 ....0806..+.....
02F0: 02 01 16 2A 68 74 74 70 3A 2F 2F 63 65 72 74 69 ...*http://certi
0300: 66 69 63 61 74 65 73 2E 67 6F 64 61 64 64 79 2E ficates.godaddy.
0310: 63 6F 6D 2F 72 65 70 6F 73 69 74 6F 72 79 30 81 com/repository0.
0320: 80 06 08 2B 06 01 05 05 07 01 01 04 74 30 72 30 ...+........t0r0
0330: 29 06 08 2B 06 01 05 05 07 30 01 86 1D 68 74 74 )..+.....0...htt
0340: 70 3A 2F 2F 6F 63 73 70 2E 73 74 61 72 66 69 65 p://ocsp.starfie
0350: 6C 64 74 65 63 68 2E 63 6F 6D 30 45 06 08 2B 06 ldtech.com0E..+.
0360: 01 05 05 07 30 02 86 39 68 74 74 70 3A 2F 2F 63 ....0..9http://c
0370: 65 72 74 69 66 69 63 61 74 65 73 2E 67 6F 64 61 ertificates.goda
0380: 64 64 79 2E 63 6F 6D 2F 72 65 70 6F 73 69 74 6F ddy.com/reposito
0390: 72 79 2F 73 66 5F 69 73 73 75 69 6E 67 2E 63 72 ry/sf_issuing.cr
03A0: 74 30 1D 06 03 55 1D 0E 04 16 04 14 FF 43 49 DF t0...U.......CI.
03B0: 9A BF B2 B3 31 00 A9 59 4B D6 C7 60 69 5B C4 7C ....1..YK..`i[..
03C0: 30 1F 06 03 55 1D 23 04 18 30 16 80 14 AC 55 DE 0...U.#..0....U.
03D0: B7 EA 13 EB FC 98 68 E2 53 60 1E F1 25 3E 8C EE ......h.S`..%>..
03E0: E7 30 2D 06 03 55 1D 11 04 26 30 24 82 0E 73 76 .0-..U...&0$..sv
03F0: 6E 2E 61 70 61 63 68 65 2E 6F 72 67 82 12 77 77 n.apache.org..ww
0400: 77 2E 73 76 6E 2E 61 70 61 63 68 65 2E 6F 72 67 w.svn.apache.org
0410: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 0...*.H.........
0420: 81 81 00 07 B3 BE 51 D0 EB 61 07 91 9B D7 3B 8B ......Q..a....;.
0430: 4F B1 CC 5E E0 E1 92 1B 70 69 9C 22 08 FB 9C 46 O..^....pi."...F
0440: 0D 98 31 8E F2 3E E4 15 74 85 54 EF 01 FB 9C 90 ..1..>..t.T.....
0450: 9F 35 66 37 E4 DC AE EA E8 5B E0 DF 72 4B E9 90 .5f7.....[..rK..
0460: 52 77 CB 43 CF A1 CD 1D CE 14 FD 22 48 DD 52 CF Rw.C......."H.R.
0470: B5 35 74 42 E6 68 6A B3 FD 36 88 5C 5B E8 D7 1B .5tB.hj..6.\[...
0480: 60 D6 4F 78 9B BF 96 81 DD 44 43 A4 21 38 69 39 `.Ox.....DC.!8i9
0490: C2 3C BC 59 07 FB 84 9A CE 6F 38 6C E1 14 8C 88 .<.Y.....o8l....
04A0: F6 92 B9 00 04 45 30 82 04 41 30 82 03 AA A0 03 .....E0..A0.....
04B0: 02 01 02 02 02 01 04 30 0D 06 09 2A 86 48 86 F7 .......0...*.H..
04C0: 0D 01 01 05 05 00 30 81 BB 31 24 30 22 06 03 55 ......0..1$0"..U
04D0: 04 07 13 1B 56 61 6C 69 43 65 72 74 20 56 61 6C ....ValiCert Val
04E0: 69 64 61 74 69 6F 6E 20 4E 65 74 77 6F 72 6B 31 idation Network1
04F0: 17 30 15 06 03 55 04 0A 13 0E 56 61 6C 69 43 65 .0...U....ValiCe
0500: 72 74 2C 20 49 6E 63 2E 31 35 30 33 06 03 55 04 rt, Inc.1503..U.
0510: 0B 13 2C 56 61 6C 69 43 65 72 74 20 43 6C 61 73 ..,ValiCert Clas
0520: 73 20 32 20 50 6F 6C 69 63 79 20 56 61 6C 69 64 s 2 Policy Valid
0530: 61 74 69 6F 6E 20 41 75 74 68 6F 72 69 74 79 31 ation Authority1
0540: 21 30 1F 06 03 55 04 03 13 18 68 74 74 70 3A 2F !0...U....http:/
0550: 2F 77 77 77 2E 76 61 6C 69 63 65 72 74 2E 63 6F /www.valicert.co
0560: 6D 2F 31 20 30 1E 06 09 2A 86 48 86 F7 0D 01 09 m/1 0...*.H.....
0570: 01 16 11 69 6E 66 6F 40 76 61 6C 69 63 65 72 74 ...info@valicert
0580: 2E 63 6F 6D 30 1E 17 0D 30 34 30 31 31 34 32 31 .com0...04011421
0590: 30 35 32 31 5A 17 0D 32 34 30 31 30 39 32 31 30 0521Z..240109210
05A0: 35 32 31 5A 30 81 EC 31 0B 30 09 06 03 55 04 06 521Z0..1.0...U..
05B0: 13 02 55 53 31 10 30 0E 06 03 55 04 08 13 07 41 ..US1.0...U....A
05C0: 72 69 7A 6F 6E 61 31 13 30 11 06 03 55 04 07 13 rizona1.0...U...
05D0: 0A 53 63 6F 74 74 73 64 61 6C 65 31 25 30 23 06 .Scottsdale1%0#.
05E0: 03 55 04 0A 13 1C 53 74 61 72 66 69 65 6C 64 20 .U....Starfield
05F0: 54 65 63 68 6E 6F 6C 6F 67 69 65 73 2C 20 49 6E Technologies, In
0600: 63 2E 31 30 30 2E 06 03 55 04 0B 13 27 68 74 74 c.100...U...'htt
0610: 70 3A 2F 2F 77 77 77 2E 73 74 61 72 66 69 65 6C p://www.starfiel
0620: 64 74 65 63 68 2E 63 6F 6D 2F 72 65 70 6F 73 69 dtech.com/reposi
0630: 74 6F 72 79 31 31 30 2F 06 03 55 04 03 13 28 53 tory110/..U...(S
0640: 74 61 72 66 69 65 6C 64 20 53 65 63 75 72 65 20 tarfield Secure
0650: 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 41 75 Certification Au
0660: 74 68 6F 72 69 74 79 31 2A 30 28 06 09 2A 86 48 thority1*0(..*.H
0670: 86 F7 0D 01 09 01 16 1B 70 72 61 63 74 69 63 65 ........practice
0680: 73 40 73 74 61 72 66 69 65 6C 64 74 65 63 68 2E s@starfieldtech.
0690: 63 6F 6D 30 81 9D 30 0D 06 09 2A 86 48 86 F7 0D com0..0...*.H...
06A0: 01 01 01 05 00 03 81 8B 00 30 81 87 02 81 81 00 .........0......
06B0: DB 11 43 6B DC D1 69 78 59 49 E8 6E 74 14 08 74 ..Ck..ixYI.nt..t
06C0: 11 6C 7E B7 2A A8 22 D8 42 3C 7A CF 9F 50 B2 46 .l..*.".B<z..P.F
06D0: AE A6 67 1A 23 22 BE 0F B3 34 FB AC AC 90 AA 5B ..g.#"...4.....[
06E0: 28 C2 70 F6 B6 8A 80 2A E0 9B 9C 52 E0 91 A8 72 (.p....*...R...r
06F0: A0 16 E1 C4 4E 7D 11 09 B3 9E B9 D4 F3 B2 50 C4 ....N.........P.
0700: 6D 48 08 BD BC 2A 97 0C 6D A3 8A 6A 3C 9A CF 4A mH...*..m..j<..J
0710: 34 DC 1E DE EA 5A 26 C0 A1 A2 82 A9 4A FB 86 22 4....Z&.....J.."
0720: 12 90 3A B2 82 D4 92 91 9F A9 45 9F C3 A4 DB FB ..:.......E.....
0730: 02 01 03 A3 82 01 21 30 82 01 1D 30 0C 06 03 55 ......!0...0...U
0740: 1D 13 04 05 30 03 01 01 FF 30 0B 06 03 55 1D 0F ....0....0...U..
0750: 04 04 03 02 01 06 30 4A 06 03 55 1D 1F 04 43 30 ......0J..U...C0
0760: 41 30 3F A0 3D A0 3B 86 39 68 74 74 70 3A 2F 2F A0?.=.;.9http://
0770: 63 65 72 74 69 66 69 63 61 74 65 73 2E 73 74 61 certificates.sta
0780: 72 66 69 65 6C 64 74 65 63 68 2E 63 6F 6D 2F 72 rfieldtech.com/r
0790: 65 70 6F 73 69 74 6F 72 79 2F 72 6F 6F 74 2E 63 epository/root.c
07A0: 72 6C 30 4F 06 03 55 1D 20 04 48 30 46 30 44 06 rl0O..U. .H0F0D.
07B0: 0B 60 86 48 01 86 F8 45 01 07 17 03 30 35 30 33 .`.H...E....0503
07C0: 06 08 2B 06 01 05 05 07 02 01 16 27 68 74 74 70 ..+........'http
07D0: 3A 2F 2F 77 77 77 2E 73 74 61 72 66 69 65 6C 64 ://www.starfield
07E0: 74 65 63 68 2E 63 6F 6D 2F 72 65 70 6F 73 69 74 tech.com/reposit
07F0: 6F 72 79 30 39 06 08 2B 06 01 05 05 07 01 01 04 ory09..+........
0800: 2D 30 2B 30 29 06 08 2B 06 01 05 05 07 30 01 86 -0+0)..+.....0..
0810: 1D 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 73 74 61 .http://ocsp.sta
0820: 72 66 69 65 6C 64 74 65 63 68 2E 63 6F 6D 30 1D rfieldtech.com0.
0830: 06 03 55 1D 0E 04 16 04 14 AC 55 DE B7 EA 13 EB ..U.......U.....
0840: FC 98 68 E2 53 60 1E F1 25 3E 8C EE E7 30 09 06 ..h.S`..%>...0..
0850: 03 55 1D 23 04 02 30 00 30 0D 06 09 2A 86 48 86 .U.#..0.0...*.H.
0860: F7 0D 01 01 05 05 00 03 81 81 00 7E 1C 98 BE AD ................
0870: 03 8D 25 85 EE 7C 90 88 22 2B FE 27 F4 42 B2 EC ..%....."+.'.B..
0880: 7F B5 FC 72 68 05 A4 7D 91 EF 28 D1 7D 20 39 3B ...rh.....(.. 9;
0890: 79 08 37 68 18 52 D5 8F 03 D2 89 4F 1E 11 D1 E9 y.7h.R.....O....
08A0: A5 74 4B FC 5F 67 65 84 71 84 78 59 B7 D6 C9 D7 .tK._ge.q.xY....
08B0: D7 93 35 E6 13 AB 94 3C 8E 93 40 89 8C C0 D7 F2 ..5....<..@.....
08C0: E7 07 52 D1 70 8F 98 8C EB A0 6D D1 36 53 90 A0 ..R.p.....m.6S..
08D0: 8F 16 30 1E DE C3 BF 7F 46 A5 95 2A F9 C8 DE 3B ..0.....F..*...;
08E0: DB 77 F4 F2 32 B1 33 61 A2 30 35 .w..2.3a.05
main, READ: TLSv1 Handshake, length = 2283
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=svn.apache.org, OU=Domain Control Validated, O=svn.apache.org
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 177046192487125873479707395472231760712994023170823729107519357415283325331982921967730914213256528653757249574574965555061897079727590228489004259023952254673707171152878504377042389446926800477336348814644929883742996944532880480307810812469119330106553760163160996800432869396169888003096567731172086542869
public exponent: 65537
Validity: [From: Fri Jan 26 21:18:55 GMT+07:00 2007,
To: Mon Jan 26 21:18:55 GMT+07:00 2009]
Issuer: [email protected], CN=Starfield Secure Certification Authority, OU=http://www.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
SerialNumber: [ 3f3edd]
Certificate Extensions: 9
[1]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[DNSName: svn.apache.org, DNSName: www.svn.apache.org]]
[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.starfieldtech.com, accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://certificates.godaddy.com/repository/sf_issuing.crt]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: AC 55 DE B7 EA 13 EB FC 98 68 E2 53 60 1E F1 25 .U.......h.S`..%
0010: 3E 8C EE E7 >...
[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FF 43 49 DF 9A BF B2 B3 31 00 A9 59 4B D6 C7 60 .CI.....1..YK..`
0010: 69 5B C4 7C i[..
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.114413.1.7.23.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 2A 68 74 74 70 3A 2F 2F 63 65 72 74 69 66 69 .*http://certifi
0010: 63 61 74 65 73 2E 67 6F 64 61 64 64 79 2E 63 6F cates.godaddy.co
0020: 6D 2F 72 65 70 6F 73 69 74 6F 72 79 m/repository
[6]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
[8]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://certificates.starfieldtech.com/repository/starfieldissuing.crl]
[9]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
Algorithm: [SHA1withRSA]
Signature:
0000: 07 B3 BE 51 D0 EB 61 07 91 9B D7 3B 8B 4F B1 CC ...Q..a....;.O..
0010: 5E E0 E1 92 1B 70 69 9C 22 08 FB 9C 46 0D 98 31 ^....pi."...F..1
0020: 8E F2 3E E4 15 74 85 54 EF 01 FB 9C 90 9F 35 66 ..>..t.T......5f
0030: 37 E4 DC AE EA E8 5B E0 DF 72 4B E9 90 52 77 CB 7.....[..rK..Rw.
0040: 43 CF A1 CD 1D CE 14 FD 22 48 DD 52 CF B5 35 74 C......."H.R..5t
0050: 42 E6 68 6A B3 FD 36 88 5C 5B E8 D7 1B 60 D6 4F B.hj..6.\[...`.O
0060: 78 9B BF 96 81 DD 44 43 A4 21 38 69 39 C2 3C BC x.....DC.!8i9.<.
0070: 59 07 FB 84 9A CE 6F 38 6C E1 14 8C 88 F6 92 B9 Y.....o8l.......
chain [1] = [
Version: V3
Subject: [email protected], CN=Starfield Secure Certification Authority, OU=http://www.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 153834384376450951242132342676627381305301509455009131953436945251656166351716579980793170359435953119090647821771205994017554233524628677596597325652224171754745353602402317658335611344705389502813919100965160981561608463541714784267134488000708910634129917477877983632663540633248439611336221142925273521147
public exponent: 3
Validity: [From: Thu Jan 15 04:05:21 GMT+07:00 2004,
To: Wed Jan 10 04:05:21 GMT+07:00 2024]
Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
SerialNumber: [ 0104]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AC 55 DE B7 EA 13 EB FC 98 68 E2 53 60 1E F1 25 .U.......h.S`..%
0010: 3E 8C EE E7 >...
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://certificates.starfieldtech.com/repository/root.crl]
[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 27 68 74 74 70 3A 2F 2F 77 77 77 2E 73 74 61 .'http://www.sta
0010: 72 66 69 65 6C 64 74 65 63 68 2E 63 6F 6D 2F 72 rfieldtech.com/r
0020: 65 70 6F 73 69 74 6F 72 79 epository
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
[6]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.starfieldtech.com]
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 7E 1C 98 BE AD 03 8D 25 85 EE 7C 90 88 22 2B FE .......%....."+.
0010: 27 F4 42 B2 EC 7F B5 FC 72 68 05 A4 7D 91 EF 28 '.B.....rh.....(
0020: D1 7D 20 39 3B 79 08 37 68 18 52 D5 8F 03 D2 89 .. 9;y.7h.R.....
0030: 4F 1E 11 D1 E9 A5 74 4B FC 5F 67 65 84 71 84 78 O.....tK._ge.q.x
0040: 59 B7 D6 C9 D7 D7 93 35 E6 13 AB 94 3C 8E 93 40 Y......5....<..@
0050: 89 8C C0 D7 F2 E7 07 52 D1 70 8F 98 8C EB A0 6D .......R.p.....m
0060: D1 36 53 90 A0 8F 16 30 1E DE C3 BF 7F 46 A5 95 .6S....0.....F..
0070: 2A F9 C8 DE 3B DB 77 F4 F2 32 B1 33 61 A2 30 35 *...;.w..2.3a.05
[read] MD5 and SHA1 hashes: len = 2283
0000: 0B 00 08 E7 00 08 E4 00 04 99 30 82 04 95 30 82 ..........0...0.
0010: 03 FE A0 03 02 01 02 02 03 3F 3E DD 30 0D 06 09 .........?>.0...
0020: 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 EC 31 0B *.H........0..1.
0030: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0E 06 0...U....US1.0..
0040: 03 55 04 08 13 07 41 72 69 7A 6F 6E 61 31 13 30 .U....Arizona1.0
0050: 11 06 03 55 04 07 13 0A 53 63 6F 74 74 73 64 61 ...U....Scottsda
0060: 6C 65 31 25 30 23 06 03 55 04 0A 13 1C 53 74 61 le1%0#..U....Sta
0070: 72 66 69 65 6C 64 20 54 65 63 68 6E 6F 6C 6F 67 rfield Technolog
0080: 69 65 73 2C 20 49 6E 63 2E 31 30 30 2E 06 03 55 ies, Inc.100...U
0090: 04 0B 13 27 68 74 74 70 3A 2F 2F 77 77 77 2E 73 ...'http://www.s
00A0: 74 61 72 66 69 65 6C 64 74 65 63 68 2E 63 6F 6D tarfieldtech.com
00B0: 2F 72 65 70 6F 73 69 74 6F 72 79 31 31 30 2F 06 /repository110/.
00C0: 03 55 04 03 13 28 53 74 61 72 66 69 65 6C 64 20 .U...(Starfield
00D0: 53 65 63 75 72 65 20 43 65 72 74 69 66 69 63 61 Secure Certifica
00E0: 74 69 6F 6E 20 41 75 74 68 6F 72 69 74 79 31 2A tion Authority1*
00F0: 30 28 06 09 2A 86 48 86 F7 0D 01 09 01 16 1B 70 0(..*.H........p
0100: 72 61 63 74 69 63 65 73 40 73 74 61 72 66 69 65 ractices@starfie
0110: 6C 64 74 65 63 68 2E 63 6F 6D 30 1E 17 0D 30 37 ldtech.com0...07
0120: 30 31 32 36 31 34 31 38 35 35 5A 17 0D 30 39 30 0126141855Z..090
0130: 31 32 36 31 34 31 38 35 35 5A 30 55 31 17 30 15 126141855Z0U1.0.
0140: 06 03 55 04 0A 13 0E 73 76 6E 2E 61 70 61 63 68 ..U....svn.apach
0150: 65 2E 6F 72 67 31 21 30 1F 06 03 55 04 0B 13 18 e.org1!0...U....
0160: 44 6F 6D 61 69 6E 20 43 6F 6E 74 72 6F 6C 20 56 Domain Control V
0170: 61 6C 69 64 61 74 65 64 31 17 30 15 06 03 55 04 alidated1.0...U.
0180: 03 13 0E 73 76 6E 2E 61 70 61 63 68 65 2E 6F 72 ...svn.apache.or
0190: 67 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 g0..0...*.H.....
01A0: 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 FC 1F .......0........
01B0: 45 06 36 E7 1B D4 41 AD A5 FC 08 44 D2 9D C6 42 E.6...A....D...B
01C0: 2D CB 52 94 74 70 6C 56 5D 84 4D 48 F2 2E 25 BA -.R.tplV].MH..%.
01D0: 9A CC 79 39 60 61 82 11 DE E5 2B 2A 61 D8 23 BC ..y9`a....+*a.#.
01E0: 2C 5D BC AD 61 2B 7B 36 6B CA 08 45 D5 D0 D0 03 ,]..a+.6k..E....
01F0: A4 71 EB 06 93 9F 37 C9 D3 E8 71 25 C1 7A FF 82 .q....7...q%.z..
0200: 88 E2 79 24 64 51 E6 FF 58 E7 D3 2E 0A AE 9F 1C ..y$dQ..X.......
0210: 11 7E 9C 21 6F 4D D4 10 96 77 B5 FF 30 25 47 28 ...!oM...w..0%G(
0220: 5D 34 B1 CE 50 78 55 C4 E3 F7 39 82 72 15 02 03 ]4..PxU...9.r...
0230: 01 00 01 A3 82 01 D9 30 82 01 D5 30 09 06 03 55 .......0...0...U
0240: 1D 13 04 02 30 00 30 0B 06 03 55 1D 0F 04 04 03 ....0.0...U.....
0250: 02 05 A0 30 1D 06 03 55 1D 25 04 16 30 14 06 08 ...0...U.%..0...
0260: 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 +.........+.....
0270: 03 02 30 56 06 03 55 1D 1F 04 4F 30 4D 30 4B A0 ..0V..U...O0M0K.
0280: 49 A0 47 86 45 68 74 74 70 3A 2F 2F 63 65 72 74 I.G.Ehttp://cert
0290: 69 66 69 63 61 74 65 73 2E 73 74 61 72 66 69 65 ificates.starfie
02A0: 6C 64 74 65 63 68 2E 63 6F 6D 2F 72 65 70 6F 73 ldtech.com/repos
02B0: 69 74 6F 72 79 2F 73 74 61 72 66 69 65 6C 64 69 itory/starfieldi
02C0: 73 73 75 69 6E 67 2E 63 72 6C 30 52 06 03 55 1D ssuing.crl0R..U.
02D0: 20 04 4B 30 49 30 47 06 0B 60 86 48 01 86 FD 6D .K0I0G..`.H...m
02E0: 01 07 17 01 30 38 30 36 06 08 2B 06 01 05 05 07 ....0806..+.....
02F0: 02 01 16 2A 68 74 74 70 3A 2F 2F 63 65 72 74 69 ...*http://certi
0300: 66 69 63 61 74 65 73 2E 67 6F 64 61 64 64 79 2E ficates.godaddy.
0310: 63 6F 6D 2F 72 65 70 6F 73 69 74 6F 72 79 30 81 com/repository0.
0320: 80 06 08 2B 06 01 05 05 07 01 01 04 74 30 72 30 ...+........t0r0
0330: 29 06 08 2B 06 01 05 05 07 30 01 86 1D 68 74 74 )..+.....0...htt
0340: 70 3A 2F 2F 6F 63 73 70 2E 73 74 61 72 66 69 65 p://ocsp.starfie
0350: 6C 64 74 65 63 68 2E 63 6F 6D 30 45 06 08 2B 06 ldtech.com0E..+.
0360: 01 05 05 07 30 02 86 39 68 74 74 70 3A 2F 2F 63 ....0..9http://c
0370: 65 72 74 69 66 69 63 61 74 65 73 2E 67 6F 64 61 ertificates.goda
0380: 64 64 79 2E 63 6F 6D 2F 72 65 70 6F 73 69 74 6F ddy.com/reposito
0390: 72 79 2F 73 66 5F 69 73 73 75 69 6E 67 2E 63 72 ry/sf_issuing.cr
03A0: 74 30 1D 06 03 55 1D 0E 04 16 04 14 FF 43 49 DF t0...U.......CI.
03B0: 9A BF B2 B3 31 00 A9 59 4B D6 C7 60 69 5B C4 7C ....1..YK..`i[..
03C0: 30 1F 06 03 55 1D 23 04 18 30 16 80 14 AC 55 DE 0...U.#..0....U.
03D0: B7 EA 13 EB FC 98 68 E2 53 60 1E F1 25 3E 8C EE ......h.S`..%>..
03E0: E7 30 2D 06 03 55 1D 11 04 26 30 24 82 0E 73 76 .0-..U...&0$..sv
03F0: 6E 2E 61 70 61 63 68 65 2E 6F 72 67 82 12 77 77 n.apache.org..ww
0400: 77 2E 73 76 6E 2E 61 70 61 63 68 65 2E 6F 72 67 w.svn.apache.org
0410: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 0...*.H.........
0420: 81 81 00 07 B3 BE 51 D0 EB 61 07 91 9B D7 3B 8B ......Q..a....;.
0430: 4F B1 CC 5E E0 E1 92 1B 70 69 9C 22 08 FB 9C 46 O..^....pi."...F
0440: 0D 98 31 8E F2 3E E4 15 74 85 54 EF 01 FB 9C 90 ..1..>..t.T.....
0450: 9F 35 66 37 E4 DC AE EA E8 5B E0 DF 72 4B E9 90 .5f7.....[..rK..
0460: 52 77 CB 43 CF A1 CD 1D CE 14 FD 22 48 DD 52 CF Rw.C......."H.R.
0470: B5 35 74 42 E6 68 6A B3 FD 36 88 5C 5B E8 D7 1B .5tB.hj..6.\[...
0480: 60 D6 4F 78 9B BF 96 81 DD 44 43 A4 21 38 69 39 `.Ox.....DC.!8i9
0490: C2 3C BC 59 07 FB 84 9A CE 6F 38 6I have received error "[javax.net.ssl.SSLKeyException: RSA premaster secret error]
caused by [java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/PKCS1Padding]"
when running the following code snippet from command line[b]:
TrustManager[] trustAllCerts = new TrustManager[]{
new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
public void checkClientTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
public void checkServerTrusted(
java.security.cert.X509Certificate[] certs, String authType) {
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
URL url = new URL("https://svn.apache.org/repos/asf/");
BufferedReader in = new BufferedReader(
new InputStreamReader(
url.openStream()));
String inputLine;
while ((inputLine = in.readLine()) != null)
System.out.println(inputLine);
in.close();Specially, the error only occurs when using JDK 1.5.0_07-b03 on Solaris platform.
I have tried using other JDK versions (e.g: 1.4.2_09-b05, etc...) and NOT see the error.
This is very strangle! It may be a bug of this JDK version?!!!
The below is all providers available on this JDK; search among these providers
I've found out a unusual point that we see no any provider implementing RSA.
So I doubt that this missing can lead to error
[java.security.NoSuchAlgorithmException: Cannot find any provider supporting RSA/ECB/PKCS1Padding]
------------------- All providers avaible on JDK 1.5.0_07-b03, Solaris platform ------------
SUN = SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom;
X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
SunRsaSign = Sun RSA signature provider
SunJSSE = Sun JSSE provider(PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
SunJCE = SunJCE Provider (implements DES, Triple DES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
SunJGSS = Sun (Kerberos v5)
SunSASL = Sun SASL provider(implements client mechanisms for: DIGEST-MD5, GSSAPI, EXTERNAL, PLAIN, CRAM-MD5; server mechanisms for: DIGEST-MD5, GSSAPI, CRAM-MD5)
For the other JDK versions, we can see "implements RSA" and then everything works fine!
------------------- All providers avaible on other JDK versions, Windows/Solaris platform ------------
SUN = SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS keystore; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores)
SunJSSE = Sun JSSE provider([b]implements RSA Signatures, PKCS12, SunX509 key/trust factories, SSLv3, TLSv1)
SunRsaSign = SUN's provider for RSA signatures
SunJCE = SunJCE Provider (implements DES, Triple DES, AES, Blowfish, PBE, Diffie-Hellman, HMAC-MD5, HMAC-SHA1)
SunJGSS = Sun (Kerberos v5)
I have downloaded and installed the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files version 5.0
but the error still occurs!
Does anybody know how to fix this error? Please!!!
All debug logs:
trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1156020880 bytes = { 193, 133, 1, 170, 144, 169, 140, 138, 68, 202, 209, 91, 45, 104, 239, 18, 165, 7, 109, 248, 198, 11, 33, 107, 142, 135, 120, 149 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
[write] MD5 and SHA1 hashes: len = 73
0000: 01 00 00 45 03 01 45 E7 7B 90 C1 85 01 AA 90 A9 ...E..E.........
0010: 8C 8A 44 CA D1 5B 2D 68 EF 12 A5 07 6D F8 C6 0B ..D..[-h....m...
0020: 21 6B 8E 87 78 95 00 00 1E 00 04 00 05 00 2F 00 !k..x........./.
0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2.............
0040: 03 00 08 00 14 00 11 01 00 .........
main, WRITE: TLSv1 Handshake, length = 73
[write] MD5 and SHA1 hashes: len = 98
0000: 01 03 01 00 39 00 00 00 20 00 00 04 01 00 80 00 ....9... .......
0010: 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A 07 00 ..../..3..2.....
0020: C0 00 00 16 00 00 13 00 00 09 06 00 40 00 00 15 ............@...
0030: 00 00 12 00 00 03 02 00 80 00 00 08 00 00 14 00 ................
0040: 00 11 45 E7 7B 90 C1 85 01 AA 90 A9 8C 8A 44 CA ..E...........D.
0050: D1 5B 2D 68 EF 12 A5 07 6D F8 C6 0B 21 6B 8E 87 .[-h....m...!k..
0060: 78 95 x.
main, WRITE: SSLv2 client hello message, length = 98
[Raw write]: length = 100
0000: 80 62 01 03 01 00 39 00 00 00 20 00 00 04 01 00 .b....9... .....
0010: 80 00 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A ....../..3..2...
0020: 07 00 C0 00 00 16 00 00 13 00 00 09 06 00 40 00 ..............@.
0030: 00 15 00 00 12 00 00 03 02 00 80 00 00 08 00 00 ................
0040: 14 00 00 11 45 E7 7B 90 C1 85 01 AA 90 A9 8C 8A ....E...........
0050: 44 CA D1 5B 2D 68 EF 12 A5 07 6D F8 C6 0B 21 6B D..[-h....m...!k
0060: 8E 87 78 95 ..x.
[Raw read]: length = 5
0000: 16 03 01 00 4A ....J
[Raw read]: length = 74
0000: 02 00 00 46 03 01 45 E6 B7 07 AC 7B 34 BC 5A 65 ...F..E.....4.Ze
0010: 97 CE 8B B3 9C 11 39 7B CC D2 94 A5 8C A0 B5 B5 ......9.........
0020: FB CD 4E A2 A5 70 20 40 C1 0B 11 F0 83 F7 E4 80 ..N..p @........
0030: F0 77 83 34 24 D5 1A 70 B4 B2 C6 16 DF 36 AD 95 .w.4$..p.....6..
0040: EA 45 09 93 F0 7A 5E 00 04 00 .E...z^...
main, READ: TLSv1 Handshake, length = 74
*** ServerHello, TLSv1
RandomCookie: GMT: 1155905287 bytes = { 172, 123, 52, 188, 90, 101, 151, 206, 139, 179, 156, 17, 57, 123, 204, 210, 148, 165, 140, 160, 181, 181, 251, 205, 78, 162, 165, 112 }
Session ID: {64, 193, 11, 17, 240, 131, 247, 228, 128, 240, 119, 131, 52, 36, 213, 26, 112, 180, 178, 198, 22, 223, 54, 173, 149, 234, 69, 9, 147, 240, 122, 94}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 45 E6 B7 07 AC 7B 34 BC 5A 65 ...F..E.....4.Ze
0010: 97 CE 8B B3 9C 11 39 7B CC D2 94 A5 8C A0 B5 B5 ......9.........
0020: FB CD 4E A2 A5 70 20 40 C1 0B 11 F0 83 F7 E4 80 ..N..p @........
0030: F0 77 83 34 24 D5 1A 70 B4 B2 C6 16 DF 36 AD 95 .w.4$..p.....6..
0040: EA 45 09 93 F0 7A 5E 00 04 00 .E...z^...
[Raw read]: length = 5
0000: 16 03 01 08 EB .....
[Raw read]: length = 2283
0000: 0B 00 08 E7 00 08 E4 00 04 99 30 82 04 95 30 82 ..........0...0.
0010: 03 FE A0 03 02 01 02 02 03 3F 3E DD 30 0D 06 09 .........?>.0...
0020: 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 EC 31 0B *.H........0..1.
0030: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0E 06 0...U....US1.0..
0040: 03 55 04 08 13 07 41 72 69 7A 6F 6E 61 31 13 30 .U....Arizona1.0
0050: 11 06 03 55 04 07 13 0A 53 63 6F 74 74 73 64 61 ...U....Scottsda
0060: 6C 65 31 25 30 23 06 03 55 04 0A 13 1C 53 74 61 le1%0#..U....Sta
0070: 72 66 69 65 6C 64 20 54 65 63 68 6E 6F 6C 6F 67 rfield Technolog
0080: 69 65 73 2C 20 49 6E 63 2E 31 30 30 2E 06 03 55 ies, Inc.100...U
0090: 04 0B 13 27 68 74 74 70 3A 2F 2F 77 77 77 2E 73 ...'http://www.s
00A0: 74 61 72 66 69 65 6C 64 74 65 63 68 2E 63 6F 6D tarfieldtech.com
00B0: 2F 72 65 70 6F 73 69 74 6F 72 79 31 31 30 2F 06 /repository110/.
00C0: 03 55 04 03 13 28 53 74 61 72 66 69 65 6C 64 20 .U...(Starfield
00D0: 53 65 63 75 72 65 20 43 65 72 74 69 66 69 63 61 Secure Certifica
00E0: 74 69 6F 6E 20 41 75 74 68 6F 72 69 74 79 31 2A tion Authority1*
00F0: 30 28 06 09 2A 86 48 86 F7 0D 01 09 01 16 1B 70 0(..*.H........p
0100: 72 61 63 74 69 63 65 73 40 73 74 61 72 66 69 65 ractices@starfie
0110: 6C 64 74 65 63 68 2E 63 6F 6D 30 1E 17 0D 30 37 ldtech.com0...07
0120: 30 31 32 36 31 34 31 38 35 35 5A 17 0D 30 39 30 0126141855Z..090
0130: 31 32 36 31 34 31 38 35 35 5A 30 55 31 17 30 15 126141855Z0U1.0.
0140: 06 03 55 04 0A 13 0E 73 76 6E 2E 61 70 61 63 68 ..U....svn.apach
0150: 65 2E 6F 72 67 31 21 30 1F 06 03 55 04 0B 13 18 e.org1!0...U....
0160: 44 6F 6D 61 69 6E 20 43 6F 6E 74 72 6F 6C 20 56 Domain Control V
0170: 61 6C 69 64 61 74 65 64 31 17 30 15 06 03 55 04 alidated1.0...U.
0180: 03 13 0E 73 76 6E 2E 61 70 61 63 68 65 2E 6F 72 ...svn.apache.or
0190: 67 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 g0..0...*.H.....
01A0: 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 FC 1F .......0........
01B0: 45 06 36 E7 1B D4 41 AD A5 FC 08 44 D2 9D C6 42 E.6...A....D...B
01C0: 2D CB 52 94 74 70 6C 56 5D 84 4D 48 F2 2E 25 BA -.R.tplV].MH..%.
01D0: 9A CC 79 39 60 61 82 11 DE E5 2B 2A 61 D8 23 BC ..y9`a....+*a.#.
01E0: 2C 5D BC AD 61 2B 7B 36 6B CA 08 45 D5 D0 D0 03 ,]..a+.6k..E....
01F0: A4 71 EB 06 93 9F 37 C9 D3 E8 71 25 C1 7A FF 82 .q....7...q%.z..
0200: 88 E2 79 24 64 51 E6 FF 58 E7 D3 2E 0A AE 9F 1C ..y$dQ..X.......
0210: 11 7E 9C 21 6F 4D D4 10 96 77 B5 FF 30 25 47 28 ...!oM...w..0%G(
0220: 5D 34 B1 CE 50 78 55 C4 E3 F7 39 82 72 15 02 03 ]4..PxU...9.r...
0230: 01 00 01 A3 82 01 D9 30 82 01 D5 30 09 06 03 55 .......0...0...U
0240: 1D 13 04 02 30 00 30 0B 06 03 55 1D 0F 04 04 03 ....0.0...U.....
0250: 02 05 A0 30 1D 06 03 55 1D 25 04 16 30 14 06 08 ...0...U.%..0...
0260: 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 +.........+.....
0270: 03 02 30 56 06 03 55 1D 1F 04 4F 30 4D 30 4B A0 ..0V..U...O0M0K.
0280: 49 A0 47 86 45 68 74 74 70 3A 2F 2F 63 65 72 74 I.G.Ehttp://cert
0290: 69 66 69 63 61 74 65 73 2E 73 74 61 72 66 69 65 ificates.starfie
02A0: 6C 64 74 65 63 68 2E 63 6F 6D 2F 72 65 70 6F 73 ldtech.com/repos
02B0: 69 74 6F 72 79 2F 73 74 61 72 66 69 65 6C 64 69 itory/starfieldi
02C0: 73 73 75 69 6E 67 2E 63 72 6C 30 52 06 03 55 1D ssuing.crl0R..U.
02D0: 20 04 4B 30 49 30 47 06 0B 60 86 48 01 86 FD 6D .K0I0G..`.H...m
02E0: 01 07 17 01 30 38 30 36 06 08 2B 06 01 05 05 07 ....0806..+.....
02F0: 02 01 16 2A 68 74 74 70 3A 2F 2F 63 65 72 74 69 ...*http://certi
0300: 66 69 63 61 74 65 73 2E 67 6F 64 61 64 64 79 2E ficates.godaddy.
0310: 63 6F 6D 2F 72 65 70 6F 73 69 74 6F 72 79 30 81 com/repository0.
0320: 80 06 08 2B 06 01 05 05 07 01 01 04 74 30 72 30 ...+........t0r0
0330: 29 06 08 2B 06 01 05 05 07 30 01 86 1D 68 74 74 )..+.....0...htt
0340: 70 3A 2F 2F 6F 63 73 70 2E 73 74 61 72 66 69 65 p://ocsp.starfie
0350: 6C 64 74 65 63 68 2E 63 6F 6D 30 45 06 08 2B 06 ldtech.com0E..+.
0360: 01 05 05 07 30 02 86 39 68 74 74 70 3A 2F 2F 63 ....0..9http://c
0370: 65 72 74 69 66 69 63 61 74 65 73 2E 67 6F 64 61 ertificates.goda
0380: 64 64 79 2E 63 6F 6D 2F 72 65 70 6F 73 69 74 6F ddy.com/reposito
0390: 72 79 2F 73 66 5F 69 73 73 75 69 6E 67 2E 63 72 ry/sf_issuing.cr
03A0: 74 30 1D 06 03 55 1D 0E 04 16 04 14 FF 43 49 DF t0...U.......CI.
03B0: 9A BF B2 B3 31 00 A9 59 4B D6 C7 60 69 5B C4 7C ....1..YK..`i[..
03C0: 30 1F 06 03 55 1D 23 04 18 30 16 80 14 AC 55 DE 0...U.#..0....U.
03D0: B7 EA 13 EB FC 98 68 E2 53 60 1E F1 25 3E 8C EE ......h.S`..%>..
03E0: E7 30 2D 06 03 55 1D 11 04 26 30 24 82 0E 73 76 .0-..U...&0$..sv
03F0: 6E 2E 61 70 61 63 68 65 2E 6F 72 67 82 12 77 77 n.apache.org..ww
0400: 77 2E 73 76 6E 2E 61 70 61 63 68 65 2E 6F 72 67 w.svn.apache.org
0410: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 0...*.H.........
0420: 81 81 00 07 B3 BE 51 D0 EB 61 07 91 9B D7 3B 8B ......Q..a....;.
0430: 4F B1 CC 5E E0 E1 92 1B 70 69 9C 22 08 FB 9C 46 O..^....pi."...F
0440: 0D 98 31 8E F2 3E E4 15 74 85 54 EF 01 FB 9C 90 ..1..>..t.T.....
0450: 9F 35 66 37 E4 DC AE EA E8 5B E0 DF 72 4B E9 90 .5f7.....[..rK..
0460: 52 77 CB 43 CF A1 CD 1D CE 14 FD 22 48 DD 52 CF Rw.C......."H.R.
0470: B5 35 74 42 E6 68 6A B3 FD 36 88 5C 5B E8 D7 1B .5tB.hj..6.\[...
0480: 60 D6 4F 78 9B BF 96 81 DD 44 43 A4 21 38 69 39 `.Ox.....DC.!8i9
0490: C2 3C BC 59 07 FB 84 9A CE 6F 38 6C E1 14 8C 88 .<.Y.....o8l....
04A0: F6 92 B9 00 04 45 30 82 04 41 30 82 03 AA A0 03 .....E0..A0.....
04B0: 02 01 02 02 02 01 04 30 0D 06 09 2A 86 48 86 F7 .......0...*.H..
04C0: 0D 01 01 05 05 00 30 81 BB 31 24 30 22 06 03 55 ......0..1$0"..U
04D0: 04 07 13 1B 56 61 6C 69 43 65 72 74 20 56 61 6C ....ValiCert Val
04E0: 69 64 61 74 69 6F 6E 20 4E 65 74 77 6F 72 6B 31 idation Network1
04F0: 17 30 15 06 03 55 04 0A 13 0E 56 61 6C 69 43 65 .0...U....ValiCe
0500: 72 74 2C 20 49 6E 63 2E 31 35 30 33 06 03 55 04 rt, Inc.1503..U.
0510: 0B 13 2C 56 61 6C 69 43 65 72 74 20 43 6C 61 73 ..,ValiCert Clas
0520: 73 20 32 20 50 6F 6C 69 63 79 20 56 61 6C 69 64 s 2 Policy Valid
0530: 61 74 69 6F 6E 20 41 75 74 68 6F 72 69 74 79 31 ation Authority1
0540: 21 30 1F 06 03 55 04 03 13 18 68 74 74 70 3A 2F !0...U....http:/
0550: 2F 77 77 77 2E 76 61 6C 69 63 65 72 74 2E 63 6F /www.valicert.co
0560: 6D 2F 31 20 30 1E 06 09 2A 86 48 86 F7 0D 01 09 m/1 0...*.H.....
0570: 01 16 11 69 6E 66 6F 40 76 61 6C 69 63 65 72 74 ...info@valicert
0580: 2E 63 6F 6D 30 1E 17 0D 30 34 30 31 31 34 32 31 .com0...04011421
0590: 30 35 32 31 5A 17 0D 32 34 30 31 30 39 32 31 30 0521Z..240109210
05A0: 35 32 31 5A 30 81 EC 31 0B 30 09 06 03 55 04 06 521Z0..1.0...U..
05B0: 13 02 55 53 31 10 30 0E 06 03 55 04 08 13 07 41 ..US1.0...U....A
05C0: 72 69 7A 6F 6E 61 31 13 30 11 06 03 55 04 07 13 rizona1.0...U...
05D0: 0A 53 63 6F 74 74 73 64 61 6C 65 31 25 30 23 06 .Scottsdale1%0#.
05E0: 03 55 04 0A 13 1C 53 74 61 72 66 69 65 6C 64 20 .U....Starfield
05F0: 54 65 63 68 6E 6F 6C 6F 67 69 65 73 2C 20 49 6E Technologies, In
0600: 63 2E 31 30 30 2E 06 03 55 04 0B 13 27 68 74 74 c.100...U...'htt
0610: 70 3A 2F 2F 77 77 77 2E 73 74 61 72 66 69 65 6C p://www.starfiel
0620: 64 74 65 63 68 2E 63 6F 6D 2F 72 65 70 6F 73 69 dtech.com/reposi
0630: 74 6F 72 79 31 31 30 2F 06 03 55 04 03 13 28 53 tory110/..U...(S
0640: 74 61 72 66 69 65 6C 64 20 53 65 63 75 72 65 20 tarfield Secure
0650: 43 65 72 74 69 66 69 63 61 74 69 6F 6E 20 41 75 Certification Au
0660: 74 68 6F 72 69 74 79 31 2A 30 28 06 09 2A 86 48 thority1*0(..*.H
0670: 86 F7 0D 01 09 01 16 1B 70 72 61 63 74 69 63 65 ........practice
0680: 73 40 73 74 61 72 66 69 65 6C 64 74 65 63 68 2E s@starfieldtech.
0690: 63 6F 6D 30 81 9D 30 0D 06 09 2A 86 48 86 F7 0D com0..0...*.H...
06A0: 01 01 01 05 00 03 81 8B 00 30 81 87 02 81 81 00 .........0......
06B0: DB 11 43 6B DC D1 69 78 59 49 E8 6E 74 14 08 74 ..Ck..ixYI.nt..t
06C0: 11 6C 7E B7 2A A8 22 D8 42 3C 7A CF 9F 50 B2 46 .l..*.".B<z..P.F
06D0: AE A6 67 1A 23 22 BE 0F B3 34 FB AC AC 90 AA 5B ..g.#"...4.....[
06E0: 28 C2 70 F6 B6 8A 80 2A E0 9B 9C 52 E0 91 A8 72 (.p....*...R...r
06F0: A0 16 E1 C4 4E 7D 11 09 B3 9E B9 D4 F3 B2 50 C4 ....N.........P.
0700: 6D 48 08 BD BC 2A 97 0C 6D A3 8A 6A 3C 9A CF 4A mH...*..m..j<..J
0710: 34 DC 1E DE EA 5A 26 C0 A1 A2 82 A9 4A FB 86 22 4....Z&.....J.."
0720: 12 90 3A B2 82 D4 92 91 9F A9 45 9F C3 A4 DB FB ..:.......E.....
0730: 02 01 03 A3 82 01 21 30 82 01 1D 30 0C 06 03 55 ......!0...0...U
0740: 1D 13 04 05 30 03 01 01 FF 30 0B 06 03 55 1D 0F ....0....0...U..
0750: 04 04 03 02 01 06 30 4A 06 03 55 1D 1F 04 43 30 ......0J..U...C0
0760: 41 30 3F A0 3D A0 3B 86 39 68 74 74 70 3A 2F 2F A0?.=.;.9http://
0770: 63 65 72 74 69 66 69 63 61 74 65 73 2E 73 74 61 certificates.sta
0780: 72 66 69 65 6C 64 74 65 63 68 2E 63 6F 6D 2F 72 rfieldtech.com/r
0790: 65 70 6F 73 69 74 6F 72 79 2F 72 6F 6F 74 2E 63 epository/root.c
07A0: 72 6C 30 4F 06 03 55 1D 20 04 48 30 46 30 44 06 rl0O..U. .H0F0D.
07B0: 0B 60 86 48 01 86 F8 45 01 07 17 03 30 35 30 33 .`.H...E....0503
07C0: 06 08 2B 06 01 05 05 07 02 01 16 27 68 74 74 70 ..+........'http
07D0: 3A 2F 2F 77 77 77 2E 73 74 61 72 66 69 65 6C 64 ://www.starfield
07E0: 74 65 63 68 2E 63 6F 6D 2F 72 65 70 6F 73 69 74 tech.com/reposit
07F0: 6F 72 79 30 39 06 08 2B 06 01 05 05 07 01 01 04 ory09..+........
0800: 2D 30 2B 30 29 06 08 2B 06 01 05 05 07 30 01 86 -0+0)..+.....0..
0810: 1D 68 74 74 70 3A 2F 2F 6F 63 73 70 2E 73 74 61 .http://ocsp.sta
0820: 72 66 69 65 6C 64 74 65 63 68 2E 63 6F 6D 30 1D rfieldtech.com0.
0830: 06 03 55 1D 0E 04 16 04 14 AC 55 DE B7 EA 13 EB ..U.......U.....
0840: FC 98 68 E2 53 60 1E F1 25 3E 8C EE E7 30 09 06 ..h.S`..%>...0..
0850: 03 55 1D 23 04 02 30 00 30 0D 06 09 2A 86 48 86 .U.#..0.0...*.H.
0860: F7 0D 01 01 05 05 00 03 81 81 00 7E 1C 98 BE AD ................
0870: 03 8D 25 85 EE 7C 90 88 22 2B FE 27 F4 42 B2 EC ..%....."+.'.B..
0880: 7F B5 FC 72 68 05 A4 7D 91 EF 28 D1 7D 20 39 3B ...rh.....(.. 9;
0890: 79 08 37 68 18 52 D5 8F 03 D2 89 4F 1E 11 D1 E9 y.7h.R.....O....
08A0: A5 74 4B FC 5F 67 65 84 71 84 78 59 B7 D6 C9 D7 .tK._ge.q.xY....
08B0: D7 93 35 E6 13 AB 94 3C 8E 93 40 89 8C C0 D7 F2 ..5....<..@.....
08C0: E7 07 52 D1 70 8F 98 8C EB A0 6D D1 36 53 90 A0 ..R.p.....m.6S..
08D0: 8F 16 30 1E DE C3 BF 7F 46 A5 95 2A F9 C8 DE 3B ..0.....F..*...;
08E0: DB 77 F4 F2 32 B1 33 61 A2 30 35 .w..2.3a.05
main, READ: TLSv1 Handshake, length = 2283
*** Certificate chain
chain [0] = [
Version: V3
Subject: CN=svn.apache.org, OU=Domain Control Validated, O=svn.apache.org
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 177046192487125873479707395472231760712994023170823729107519357415283325331982921967730914213256528653757249574574965555061897079727590228489004259023952254673707171152878504377042389446926800477336348814644929883742996944532880480307810812469119330106553760163160996800432869396169888003096567731172086542869
public exponent: 65537
Validity: [From: Fri Jan 26 21:18:55 GMT+07:00 2007,
To: Mon Jan 26 21:18:55 GMT+07:00 2009]
Issuer: [email protected], CN=Starfield Secure Certification Authority, OU=http://www.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
SerialNumber: [ 3f3edd]
Certificate Extensions: 9
[1]: ObjectId: 2.5.29.17 Criticality=false
SubjectAlternativeName [
[DNSName: svn.apache.org, DNSName: www.svn.apache.org]]
[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.starfieldtech.com, accessMethod: 1.3.6.1.5.5.7.48.2
accessLocation: URIName: http://certificates.godaddy.com/repository/sf_issuing.crt]
[3]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: AC 55 DE B7 EA 13 EB FC 98 68 E2 53 60 1E F1 25 .U.......h.S`..%
0010: 3E 8C EE E7 >...
[4]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: FF 43 49 DF 9A BF B2 B3 31 00 A9 59 4B D6 C7 60 .CI.....1..YK..`
0010: 69 5B C4 7C i[..
[5]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.114413.1.7.23.1]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 2A 68 74 74 70 3A 2F 2F 63 65 72 74 69 66 69 .*http://certifi
0010: 63 61 74 65 73 2E 67 6F 64 61 64 64 79 2E 63 6F cates.godaddy.co
0020: 6D 2F 72 65 70 6F 73 69 74 6F 72 79 m/repository
[6]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:false
PathLen: undefined
[7]: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
[1.3.6.1.5.5.7.3.1, 1.3.6.1.5.5.7.3.2]]
[8]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://certificates.starfieldtech.com/repository/starfieldissuing.crl]
[9]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
DigitalSignature
Key_Encipherment
Algorithm: [SHA1withRSA]
Signature:
0000: 07 B3 BE 51 D0 EB 61 07 91 9B D7 3B 8B 4F B1 CC ...Q..a....;.O..
0010: 5E E0 E1 92 1B 70 69 9C 22 08 FB 9C 46 0D 98 31 ^....pi."...F..1
0020: 8E F2 3E E4 15 74 85 54 EF 01 FB 9C 90 9F 35 66 ..>..t.T......5f
0030: 37 E4 DC AE EA E8 5B E0 DF 72 4B E9 90 52 77 CB 7.....[..rK..Rw.
0040: 43 CF A1 CD 1D CE 14 FD 22 48 DD 52 CF B5 35 74 C......."H.R..5t
0050: 42 E6 68 6A B3 FD 36 88 5C 5B E8 D7 1B 60 D6 4F B.hj..6.\[...`.O
0060: 78 9B BF 96 81 DD 44 43 A4 21 38 69 39 C2 3C BC x.....DC.!8i9.<.
0070: 59 07 FB 84 9A CE 6F 38 6C E1 14 8C 88 F6 92 B9 Y.....o8l.......
chain [1] = [
Version: V3
Subject: [email protected], CN=Starfield Secure Certification Authority, OU=http://www.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
Key: Sun RSA public key, 1024 bits
modulus: 153834384376450951242132342676627381305301509455009131953436945251656166351716579980793170359435953119090647821771205994017554233524628677596597325652224171754745353602402317658335611344705389502813919100965160981561608463541714784267134488000708910634129917477877983632663540633248439611336221142925273521147
public exponent: 3
Validity: [From: Thu Jan 15 04:05:21 GMT+07:00 2004,
To: Wed Jan 10 04:05:21 GMT+07:00 2024]
Issuer: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 2 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
SerialNumber: [ 0104]
Certificate Extensions: 7
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AC 55 DE B7 EA 13 EB FC 98 68 E2 53 60 1E F1 25 .U.......h.S`..%
0010: 3E 8C EE E7 >...
[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
[3]: ObjectId: 2.5.29.31 Criticality=false
CRLDistributionPoints [
[DistributionPoint:
[URIName: http://certificates.starfieldtech.com/repository/root.crl]
[4]: ObjectId: 2.5.29.32 Criticality=false
CertificatePolicies [
[CertificatePolicyId: [2.16.840.1.113733.1.7.23.3]
[PolicyQualifierInfo: [
qualifierID: 1.3.6.1.5.5.7.2.1
qualifier: 0000: 16 27 68 74 74 70 3A 2F 2F 77 77 77 2E 73 74 61 .'http://www.sta
0010: 72 66 69 65 6C 64 74 65 63 68 2E 63 6F 6D 2F 72 rfieldtech.com/r
0020: 65 70 6F 73 69 74 6F 72 79 epository
[5]: ObjectId: 2.5.29.15 Criticality=false
KeyUsage [
Key_CertSign
Crl_Sign
[6]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=false
AuthorityInfoAccess [
[accessMethod: 1.3.6.1.5.5.7.48.1
accessLocation: URIName: http://ocsp.starfieldtech.com]
[7]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
Algorithm: [SHA1withRSA]
Signature:
0000: 7E 1C 98 BE AD 03 8D 25 85 EE 7C 90 88 22 2B FE .......%....."+.
0010: 27 F4 42 B2 EC 7F B5 FC 72 68 05 A4 7D 91 EF 28 '.B.....rh.....(
0020: D1 7D 20 39 3B 79 08 37 68 18 52 D5 8F 03 D2 89 .. 9;y.7h.R.....
0030: 4F 1E 11 D1 E9 A5 74 4B FC 5F 67 65 84 71 84 78 O.....tK._ge.q.x
0040: 59 B7 D6 C9 D7 D7 93 35 E6 13 AB 94 3C 8E 93 40 Y......5....<..@
0050: 89 8C C0 D7 F2 E7 07 52 D1 70 8F 98 8C EB A0 6D .......R.p.....m
0060: D1 36 53 90 A0 8F 16 30 1E DE C3 BF 7F 46 A5 95 .6S....0.....F..
0070: 2A F9 C8 DE 3B DB 77 F4 F2 32 B1 33 61 A2 30 35 *...;.w..2.3a.05
[read] MD5 and SHA1 hashes: len = 2283
0000: 0B 00 08 E7 00 08 E4 00 04 99 30 82 04 95 30 82 ..........0...0.
0010: 03 FE A0 03 02 01 02 02 03 3F 3E DD 30 0D 06 09 .........?>.0...
0020: 2A 86 48 86 F7 0D 01 01 05 05 00 30 81 EC 31 0B *.H........0..1.
0030: 30 09 06 03 55 04 06 13 02 55 53 31 10 30 0E 06 0...U....US1.0..
0040: 03 55 04 08 13 07 41 72 69 7A 6F 6E 61 31 13 30 .U....Arizona1.0
0050: 11 06 03 55 04 07 13 0A 53 63 6F 74 74 73 64 61 ...U....Scottsda
0060: 6C 65 31 25 30 23 06 03 55 04 0A 13 1C 53 74 61 le1%0#..U....Sta
0070: 72 66 69 65 6C 64 20 54 65 63 68 6E 6F 6C 6F 67 rfield Technolog
0080: 69 65 73 2C 20 49 6E 63 2E 31 30 30 2E 06 03 55 ies, Inc.100...U
0090: 04 0B 13 27 68 74 74 70 3A 2F 2F 77 77 77 2E 73 ...'http://www.s
00A0: 74 61 72 66 69 65 6C 64 74 65 63 68 2E 63 6F 6D tarfieldtech.com
00B0: 2F 72 65 70 6F 73 69 74 6F 72 79 31 31 30 2F 06 /repository110/.
00C0: 03 55 04 03 13 28 53 74 61 72 66 69 65 6C 64 20 .U...(Starfield
00D0: 53 65 63 75 72 65 20 43 65 72 74 69 66 69 63 61 Secure Certifica
00E0: 74 69 6F 6E 20 41 75 74 68 6F 72 69 74 79 31 2A tion Authority1*
00F0: 30 28 06 09 2A 86 48 86 F7 0D 01 09 01 16 1B 70 0(..*.H........p
0100: 72 61 63 74 69 63 65 73 40 73 74 61 72 66 69 65 ractices@starfie
0110: 6C 64 74 65 63 68 2E 63 6F 6D 30 1E 17 0D 30 37 ldtech.com0...07
0120: 30 31 32 36 31 34 31 38 35 35 5A 17 0D 30 39 30 0126141855Z..090
0130: 31 32 36 31 34 31 38 35 35 5A 30 55 31 17 30 15 126141855Z0U1.0.
0140: 06 03 55 04 0A 13 0E 73 76 6E 2E 61 70 61 63 68 ..U....svn.apach
0150: 65 2E 6F 72 67 31 21 30 1F 06 03 55 04 0B 13 18 e.org1!0...U....
0160: 44 6F 6D 61 69 6E 20 43 6F 6E 74 72 6F 6C 20 56 Domain Control V
0170: 61 6C 69 64 61 74 65 64 31 17 30 15 06 03 55 04 alidated1.0...U.
0180: 03 13 0E 73 76 6E 2E 61 70 61 63 68 65 2E 6F 72 ...svn.apache.or
0190: 67 30 81 9F 30 0D 06 09 2A 86 48 86 F7 0D 01 01 g0..0...*.H.....
01A0: 01 05 00 03 81 8D 00 30 81 89 02 81 81 00 FC 1F .......0........
01B0: 45 06 36 E7 1B D4 41 AD A5 FC 08 44 D2 9D C6 42 E.6...A....D...B
01C0: 2D CB 52 94 74 70 6C 56 5D 84 4D 48 F2 2E 25 BA -.R.tplV].MH..%.
01D0: 9A CC 79 39 60 61 82 11 DE E5 2B 2A 61 D8 23 BC ..y9`a....+*a.#.
01E0: 2C 5D BC AD 61 2B 7B 36 6B CA 08 45 D5 D0 D0 03 ,]..a+.6k..E....
01F0: A4 71 EB 06 93 9F 37 C9 D3 E8 71 25 C1 7A FF 82 .q....7...q%.z..
0200: 88 E2 79 24 64 51 E6 FF 58 E7 D3 2E 0A AE 9F 1C ..y$dQ..X.......
0210: 11 7E 9C 21 6F 4D D4 10 96 77 B5 FF 30 25 47 28 ...!oM...w..0%G(
0220: 5D 34 B1 CE 50 78 55 C4 E3 F7 39 82 72 15 02 03 ]4..PxU...9.r...
0230: 01 00 01 A3 82 01 D9 30 82 01 D5 30 09 06 03 55 .......0...0...U
0240: 1D 13 04 02 30 00 30 0B 06 03 55 1D 0F 04 04 03 ....0.0...U.....
0250: 02 05 A0 30 1D 06 03 55 1D 25 04 16 30 14 06 08 ...0...U.%..0...
0260: 2B 06 01 05 05 07 03 01 06 08 2B 06 01 05 05 07 +.........+.....
0270: 03 02 30 56 06 03 55 1D 1F 04 4F 30 4D 30 4B A0 ..0V..U...O0M0K.
0280: 49 A0 47 86 45 68 74 74 70 3A 2F 2F 63 65 72 74 I.G.Ehttp://cert
0290: 69 66 69 63 61 74 65 73 2E 73 74 61 72 66 69 65 ificates.starfie
02A0: 6C 64 74 65 63 68 2E 63 6F 6D 2F 72 65 70 6F 73 ldtech.com/repos
02B0: 69 74 6F 72 79 2F 73 74 61 72 66 69 65 6C 64 69 itory/starfieldi
02C0: 73 73 75 69 6E 67 2E 63 72 6C 30 52 06 03 55 1D ssuing.crl0R..U.
02D0: 20 04 4B 30 49 30 47 06 0B 60 86 48 01 86 FD 6D .K0I0G..`.H...m
02E0: 01 07 17 01 30 38 30 36 06 08 2B 06 01 05 05 07 ....0806..+.....
02F0: 02 01 16 2A 68 74 74 70 3A 2F 2F 63 65 72 74 69 ...*http://certi
0300: 66 69 63 61 74 65 73 2E 67 6F 64 61 64 64 79 2E ficates.godaddy.
0310: 63 6F 6D 2F 72 65 70 6F 73 69 74 6F 72 79 30 81 com/repository0.
0320: 80 06 08 2B 06 01 05 05 07 01 01 04 74 30 72 30 ...+........t0r0
0330: 29 06 08 2B 06 01 05 05 07 30 01 86 1D 68 74 74 )..+.....0...htt
0340: 70 3A 2F 2F 6F 63 73 70 2E 73 74 61 72 66 69 65 p://ocsp.starfie
0350: 6C 64 74 65 63 68 2E 63 6F 6D 30 45 06 08 2B 06 ldtech.com0E..+.
0360: 01 05 05 07 30 02 86 39 68 74 74 70 3A 2F 2F 63 ....0..9http://c
0370: 65 72 74 69 66 69 63 61 74 65 73 2E 67 6F 64 61 ertificates.goda
0380: 64 64 79 2E 63 6F 6D 2F 72 65 70 6F 73 69 74 6F ddy.com/reposito
0390: 72 79 2F 73 66 5F 69 73 73 75 69 6E 67 2E 63 72 ry/sf_issuing.cr
03A0: 74 30 1D 06 03 55 1D 0E 04 16 04 14 FF 43 49 DF t0...U.......CI.
03B0: 9A BF B2 B3 31 00 A9 59 4B D6 C7 60 69 5B C4 7C ....1..YK..`i[..
03C0: 30 1F 06 03 55 1D 23 04 18 30 16 80 14 AC 55 DE 0...U.#..0....U.
03D0: B7 EA 13 EB FC 98 68 E2 53 60 1E F1 25 3E 8C EE ......h.S`..%>..
03E0: E7 30 2D 06 03 55 1D 11 04 26 30 24 82 0E 73 76 .0-..U...&0$..sv
03F0: 6E 2E 61 70 61 63 68 65 2E 6F 72 67 82 12 77 77 n.apache.org..ww
0400: 77 2E 73 76 6E 2E 61 70 61 63 68 65 2E 6F 72 67 w.svn.apache.org
0410: 30 0D 06 09 2A 86 48 86 F7 0D 01 01 05 05 00 03 0...*.H.........
0420: 81 81 00 07 B3 BE 51 D0 EB 61 07 91 9B D7 3B 8B ......Q..a....;.
0430: 4F B1 CC 5E E0 E1 92 1B 70 69 9C 22 08 FB 9C 46 O..^....pi."...F
0440: 0D 98 31 8E F2 3E E4 15 74 85 54 EF 01 FB 9C 90 ..1..>..t.T.....
0450: 9F 35 66 37 E4 DC AE EA E8 5B E0 DF 72 4B E9 90 .5f7.....[..rK..
0460: 52 77 CB 43 CF A1 CD 1D CE 14 FD 22 48 DD 52 CF Rw.C......."H.R.
0470: B5 35 74 42 E6 68 6A B3 FD 36 88 5C 5B E8 D7 1B .5tB.hj..6.\[...
0480: 60 D6 4F 78 9B BF 96 81 DD 44 43 A4 21 38 69 39 `.Ox.....DC.!8i9
0490: C2 3C BC 59 07 FB 84 9A CE 6F 38 6 -
Converting Signature data into PKCS#7 format
Hi All,
Is there any java api available to convert signature bytes in to PKCS#7 format.
Here is the scenario.
downloaded a trail digital id(abc.pfx) file from verisign site.
then retrieved the private key, certificate and public key information from the pfx file.
with the help of private key and pdf data, digital signature created.
Sample code:
KeyStore keyStore = KeyStore.getInstance("PKCS12");
// aa.pfx is the Digital ID got from VeriSign
keyStore.load(new FileInputStream("aa.pfx"), storepswd);
for(Enumeration e = keyStore.aliases() ; e.hasMoreElements() ;) {
alias = e.nextElement().toString();
PrivateKey privKey = (PrivateKey)keyStore.getKey(alias, storepswd);
java.security.cert.Certificate cert = keyStore.getCertificate(alias);
PublicKey pubKey = cert.getPublicKey();
Signature rsa = Signature.getInstance("MD5withRSA");
rsa.initSign(privKey);
/* Update and sign the data */
FileInputStream fis = new FileInputStream("Testing.pdf");
BufferedInputStream bufin = new BufferedInputStream(fis);
byte[] buffer = new byte[1024];
int len;
while (bufin.available() != 0) {
len = bufin.read(buffer);
rsa.update(buffer, 0, len);
bufin.close();
/* Returns the signature of all the data updated*/
byte[] rsaSign = rsa.sign();
now i want to convert this signature(rsaSign bytes) in to PKCS#7 format and embed in to pdf file. so acrobat reader can verify the signature in pdf file.
I've found the PdfSignature class in the iText lib. But it is poor.
so plz let me know if any body know how to convert signature in to PKCS#7 format. any sample code or any URL.
Thanks in Advance.
Subhani.Use BouncyCastle provider
http://www.bouncycastle.org/docs/mdocs1.4/index.html
The package: org.bouncycastle.cms
Download the package and get the examples in the package org.bouncycastle.cms.test .
(CMS stands for Cryptographic Message Syntax and is defined in RFC 3369, and is an evolution of PKCS#7 v. 1.5, that is defined in RFC 2315. ) -
RSA -- signing/verifying data
assuming i have the public and private keys already....
class RSA{
Signature sign;
... //sets up keys and stuff
private void setupRSA(){
sign = Signature.getInstance("RSA");
sign.initSign(privateKey);
sign.initVerify(publicKey);
public void sign(final String plaintext) throws SignatureException{
byte [] plaintextByte = plaintext.getBytes();
sign.update(plaintextByte);
byte [] signedData = sign.sign();
return new sun.misc.BASE64Encoder().encode(signedData);
public boolean verify(final String signed) throws IOException, SignatureException{
byte [] signedByte = new sun.misc.BASE64Decoder().decodeBuffer(signed);
sign.update(signedByte);
return sign.verify(signedByte);
public static void main(String [] args){
String signed = rsa.sign("Signature");
boolean verify = rsa.verify(signed);
}i get the following exception:
java.security.NoSuchAlgorithmException: RSA Signature not available
at java.security.Signature.getInstance(Signature.java:193)
at RSA.setupRSA(RSA.java:62)
at RSA.<init>(RSA.java:18)
at Test.main(Test.java:7)
java.lang.NullPointerException
what should i do to fix this problem?
over CodeProject, i see the example using "SHA1withRSA". when i use that, i get only the NullPointerException.
is there a way to use RSA only... and how do i get rid of the NullPointerException?1) Normally, a signature is the encryption of the digest of the data to be signed so you need to specify the digest method. "RSA" on it's own does not specify the digest method since there is no default digest method.
2) A Signature cannot be initialised for for both 'signing' and 'verification' at the same time. You can re-initialize whenever you like so you just have to initSign() just before signing and initVerify() just before verifying. -
Help!!input pfx,p12 to jks keystore get error "Signature Algorithm mismach"
The following is the question that I met ~ Who can help me to solve the problem?
use j2sdk1.4.02
I'm tring to use keytool to input my company's pfx file to jks format keystore ,
and I'm getting keytool error "Signature Algorithm mismatch" .
I also tried to import the pfx file to Netscape and export to p12 format ,
and still got error "Signature Algorithm mismatch".
When I using following command ..
keytool -list -keystore xxx.p12 -storetype PKCS12
It still throws keytool error "Signature Algorithm mismatch".
And I checked the pfx(p12) file with IE , the Signature Algorithm Name is RSA.
What problem whith the p12 file?
Is keytool can't support RSA Signature Algorithm, or anything else??
Finally,maybe all the problems are that I have wrong idea, and hope someone can instruct me.
Thanks for help..(I'm looking for this question several days.)
Vincent ...(from Taiwan)I'd just purchase and use KeyStore Explorer. $30 for single-user.
It easily converts between pkcs12 and jks formats. I had no problems generating keys/certs in this tool and exporting them to JKS keystores for use with Java as well as into OpenSSL for use with Apache, etc. -
Hi,
Does any body know how to write a PKCS#7 (Public Key Cryptography Standard) object in java. This object has to be written to PDF file in order to generate signed pdf's.
plz let me now any code samples or URLs to write PKCS#7 format. I dont want to use third party libraries.
Thanks in advance.
Subhani.Here i'm attaching a sample file how to generate signature for PDF document. If i remove the BouncyCastle clasess the rest of the program perfectly compiled and generated valid signature bytes and i used BC clasess to convert this signature bytes in to PKCS#7 Format. one error is "gen.addCertificatesAndCRLs" of BC accept CertStore where as i got CertChain from keystore. (plz see the code)
import java.security.*;
import java.security.cert.*;
import java.security.spec.*;
import java.io.*;
import java.util.*;
import org.bouncycastle.cms.*;
public class TestDigSig {
// Generate a RSA signature
public TestDigSig() {
try {
KeyStore keyStore = KeyStore.getInstance("PKCS12");
// aa.pfx - Trial Digitlal Id got from Verisign site.
keyStore.load(new FileInputStream("aa.pfx"), storepswd);
Provider provider = keyStore.getProvider();
for(Enumeration e = keyStore.aliases() ; e.hasMoreElements() ;) {
alias = e.nextElement().toString();
// Retrieving private key
PrivateKey privKey = (PrivateKey)keyStore.getKey(alias, storepswd);
java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate)keyStore.getCertificate(alias);
java.security.cert.Certificate[] certChain =
keyStore.getCertificateChain(alias);
// Length of certChain is 3
//System.out.println("certificte chain "+certChain.length);
// Retrieving public key
PublicKey pubKey = cert.getPublicKey();
// Have to support RSA - MD5 only
Signature rsa = Signature.getInstance("MD5withRSA");
rsa.initSign(privKey);
/* Update and sign the data */
// dumpPart1.dat and dumpPart2.dat are bytes of PDF document.
// Two dat files are compulsory in order to embed signature(PKCS#7 Format) in PDF doc
FileInputStream fis = new FileInputStream("dumpPart1.dat");
BufferedInputStream bufin = new BufferedInputStream(fis);
byte[] buffer = new byte[1024];
int len;
while (bufin.available() != 0) {
len = bufin.read(buffer);
rsa.update(buffer, 0, len);
bufin.close();
FileInputStream fis1 = new FileInputStream("dumpPart2.dat");
BufferedInputStream bufin1 = new BufferedInputStream(fis1);
byte[] buffer1 = new byte[1024];
int len1;
while (bufin1.available() != 0) {
len1 = bufin1.read(buffer1);
rsa.update(buffer1, 0, len1);
bufin1.close();
/* Now that all the data to be signed has been read in,
generate a signature for it */
// The array contains signature bytes.
byte[] rsaSign = rsa.sign();
// using BouncyCastl clasess for PKCS#7 Format
CMSSignedDataGenerator gen = new CMSSignedDataGenerator();
gen.addSigner(privKey, cert, CMSSignedDataGenerator.DIGEST_MD5);
gen.addCertificatesAndCRLs(certChain);
CMSProcessableByteArray process = new CMSProcessableByteArray(rsaSign);
CMSSignedData data = gen.generate(process, "BC");
FileOutputStream contentStream = new FileOutputStream("chkContent");
contentStream.write(data.getEncoded());
contentStream.close();
} catch(Exception e) {
e.printStackTrace();
public static void main(String[] args) {
new TestDigSig();
private char[] storepswd = {'1', '2', '3'};
private String alias;
If you have any piece of code that how to create a PKCS#7 object using BC clasess, please let me know.
Thanks. -
SHA1 Signature not in PKCS#7 Format
Hello,
we got a Problem with a Signet XML request.
We want to Communicate with a service Provider via XML request. The interface of the Service Provider want to have a SHA1 signature of the Data we send. As fare es I now the SSF Library is only supporting Signatures in PKCS#7 Format my question is if there is a solution just to gernerate the SHA1 Signature without having it in PKCS#7 Format.
king regards
FloranHi oliver,
thank you for your Answer. You are right. The Problem is the partner don't want the container format pkcs#7. He just want to have a SHA1/RSA signature value. No Container. Can I somhow extract the encryptet digest part out of the container in ABAP? Or is there a function module where I can generate a sha1/rsa signatur with the Keys from the SSF Keystore?
king regards
Florian -
RSA Support in JDK 1.2.2
I am trying to figure out exactly which versions of java support RSA signature generation and verification. Precisely, I want to know if I can sign and verify using JDK 1.2.2 (without JCE). If not, do I need to get a provider that supports it, or will the JCE do the trick? The documentation seems a little vauge on these points.
I saw a note about RSA support in 1.3. Wa 1.3 the first version to support it? If so, why does the API in 1.2.2 have RSA specific classes (e.g., RSAPrivateKeySpec )?
Thanks,
PatrickYou can either use free JCE provider or free crypto library with your JDK 1.2.2 or even 1.1.8. The name of that JCE provider, cleanroom JCE implementation and that library at the same time is BouncyCastle - http://www.bouncycastle.org/
You can strip not required classes and have about 50..100k jar with RSA-related functionality.
By the way, what is the reason to support that slow and buggy JDK 1.2.2? -
I have to verify the signature of files, the signature is included in an XML file generated throw C# .Net.
The public key is also extracted from the XML file. Every time I want to verify a file it returns false, I'd like to know if my code is correct or not :
Certificate cer = null;
XMLCertificateExtraction extractor = XMLCertificateExtraction.getInstance( luxtrust.Configuration.getInstance(args) );
String str = "d:\\projet_LUX_TRUST\\svn\\luxtrust.trunk
full_middleware_packages.xml";
cer = extractor.extractFromID( str );
else try{
/* input the signature bytes */*
* String __signature = "wIeY0g1MdbFDVsEjqfK2YGsvRfVgtofcvwmzQP6l8ZCMuud0t95GmywqT5BTPVrRWkbwzp7GzJIkaD9u629XQfz4i2q+Hfmmn8+cj+zwvXWCfG9Y+l/dL9lwcFwr6pfpnFsSucrxZTKKDA11vNerMtP7P5wC5XMyhMtI48MDBm09tsaNntr1LeJkH9FRXSbGzqStv7MAnBYQLYYPT83PBs0rnu1Kz0LRUJhxEe5EfmXeUMtkeaChzdgJCkr/eueOH/Gt1pdtOU8kl96cJSE4bmQfO+1r8uXgOpenzrw3yvMTSHqlVEIg9uttZN/QNHPpylQYpEwax2sfZN7Okxe4IA==";*
* /* create a Signature object and initialize it with the public key */
Signature sig = Signature.getInstance("SHA1withRSA");
sig.initVerify(cer.getPublicKey());
FileInputStream datafis = new FileInputStream(args[0]);
BufferedInputStream bufin = new BufferedInputStream(datafis);
byte[] buffer = new byte[1024];
int len;
while (bufin.available() != 0) {
len = bufin.read(buffer);
sig.update(buffer, 0, len);
bufin.close();
boolean verifies = sig.verify(__signature.getBytes());
System.out.println("signature verifies: " + verifies);I still didn't achieve the signature verification.
I had a doubt about the signature validity so I've done the following steps.
I took my pkcs#12 file, I used openssl to retrieve the private key, I than generated a certificate and a public key.
I've signed a binary file using the generated private key , and than went to java and tried to verify the signature without sucess.
While :
$ openssl dgst -sha1 -verify x509lx.crt.pub -signature signature.sig install_sdc.exe
Verified OKI used this code to verify the signature against the openssl generated siganture:
File pubKeyFile = new File(
"D:\\projet_LUX_TRUST\\svn\\luxtrust.trunk\\keys\\openssl\\x509lx.crt");
File sigFile = new File(
"D:\\projet_LUX_TRUST\\svn\\luxtrust.trunk\\keys\\openssl\\signature.sig");
File fileToSign = new File(
"D:\\projet_LUX_TRUST\\svn\\luxtrust.trunk\\install_sdc.exe");
java.security.cert.Certificate certLX = importCertificate(pubKeyFile);
Signature rsa = Signature.getInstance("SHA1withRSA");
/* Initializing signature verification */
rsa.initVerify(certLX.getPublicKey());
FileInputStream datafis = new FileInputStream(fileToSign);
BufferedInputStream bufin = new BufferedInputStream(datafis);
byte[] buffer = new byte[1024];
int len = 0;
while (bufin.read(buffer) != -1) {
rsa.update(buffer, 0, len);
bufin.close();
boolean verifies = rsa.verify(getBytesFromFile(sigFile));
System.out.println("2..signature = " + getBytesFromFile(sigFile));
System.out.println("2..signature verifies: " + verifies);
return true;
public static java.security.cert.Certificate importCertificate(File file) {
try {
FileInputStream is = new FileInputStream(file);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
java.security.cert.Certificate cert = cf.generateCertificate(is);
return cert;
} catch (CertificateException e) {
} catch (IOException e) {
return null;
private static byte[] getBytesFromFile(File file) throws IOException {
InputStream is = new FileInputStream(file);
System.out.println("\nDEBUG: FileInputStream is " + file);
// Get the size of the file
long length = file.length();
System.out.println("DEBUG: Length of " + file + " is " + length + "\n");
* You cannot create an array using a long type. It needs to be an int
* type. Before converting to an int type, check to ensure that file is
* not loarger than Integer.MAX_VALUE;
if (length > Integer.MAX_VALUE) {
System.out.println("File is too large to process");
return null;
// Create the byte array to hold the data
byte[] bytes = new byte[(int)length];
// Read in the bytes
int offset = 0;
int numRead = 0;
while ( (offset < bytes.length)
( (numRead=is.read(bytes, offset, bytes.length-offset)) >= 0) ) {
offset += numRead;
// Ensure all the bytes have been read in
if (offset < bytes.length) {
throw new IOException("Could not completely read file " + file.getName());
is.close();
return bytes;
}What's wrong in my code or in my comprehension of RSA SHA1 usage ? -
Hello,
I'm trying to implement the chaum blind signature using java.security.Signature
Signature sig = Signature.getInstance("MD5WithRSA");
sig.initSign(Main.prvk);
sig.update(mesageCB.getTokenBlinded().toByteArray());
byte[] tokenSig = sig.sign();
but when I tryed to get the signed token, from the blinded signed token my signature won't validate anymore. So I printed
BigInteger d=((RSAPrivateCrtKeyImpl)Main.prvk).getPrivateExponent();
BigInteger e=((RSAPrivateCrtKeyImpl)Main.prvk).getPublicExponent();
BigInteger n=((RSAPrivateCrtKeyImpl)Main.prvk).getModulus();
"mesajCB.gettokenOrbit().modPow(d,n)" and it's difrent from
"new BigInteger(tokenSig)"
Is that normal? How is the rsa signature implemented? How can I get my blind signature to work using java.security.Signature.
Thank you, and I apologise for my bad english!Hi, I'm implementing a blind signature service as well. In your code you use MD5WithRSA algorithm to sign the message, the result is different from
mesajCB.gettokenOrbit().modPow(d,n) because here you're signing the message without hashing it with MD5 algorithm. -
RSA keys and BigInteger Article
[BigInteger and RSA Signature/Encryption|http://www.jensign.com/JavaScience/dotnet/RSAdotnet4/]
Here is a new article describing RSA key components and demonstrating how BigInteger class (in either Java or .NET 4) can be used to manually study RSA signature and encryption calculations.Thanks for comments. The up to 6 public keys wasn't my own idea, it originates from the EMV2000 specs. If I want one point-of-payment unit serving both MC, Visa, Maestro and Cirrus cards, then I have 4 RIDs already. So bad luck for Amex and Diners, unless I add more SAMs.
But those keys are not the ones where I realy struggle, because they (CA public keys) would be reasonably stable year after year. My problem is the unexpected out-of-resource error I now get from KeyBuilder, when dealing with keys that actually come in the form of a certificate from an EMV payment card: the Issuer and ICC public keys. They can be any length, from 512 up to 2048. And a terminal may see hundreds of different cards each day.
Unless anyone comes up with a better suggestion, I think I'll just build ~9 keys upfront, just once after installing the Applet, with all 'common' modulus key lengths, so 512,736,768,896,1024,1280,1536,1984,2048 and let the decrypt step pick any of these 9 depending on what ICC and Issuer lengths I'll be confronted with.
But any better ideas much appreciated! -
I am getting an audit result of my Windows based WCS 6 server, the following error must be corrected, and several others are notificaton only at present, but they may be increased in the future:
(Moderate risk)
IETF X.509 Certificate Signature Collision Vulnerability
(Attention)
Web Server Supports Weak SSL Encryption Certificates
TLS/SSL/X.509 Certificate All Fields Enumeration
SSL/TLS X.509 Certificate Server Name Mismatch
Now, I cannot get a signed certificate. (I had to beg to get the money for a cert on the WLC box) If I create a self signed certificate (OpenSSL) will that eliminate the audit points, or is there some other error in the SSL implementation that cannot be changed? I am not an expert at this, so I don't want to screw around with the certificates unless I know it will work without breaking my system.
Thanks,
GeneCan you please provide your WCS logs with level trace as well as a screnshot of your issue?
Please support CSC Helps Haiti
https://supportforums.cisco.com/docs/DOC-8895
https://supportforums.cisco.com
Maybe you are looking for
-
MM - Pedidos de Compra - Cambio de Cuenta de Imputación
Buenos días consultores MM. Tengo una consulta SOS para Uds. Sucede que tengo un Pedido de Compras de muchas posiciones que fue creado imputándose a una cuenta contable X. Este pedido tuvo algunas recepciones de factura por MIRO en todas sus posicion
-
How to delete the data in the compressed infocube
hi, bi gurus we are facing a problem in inventory management the info cube in BW production normally every time inventory cube gets compressed that means the data will be moving to F fact table to E fact table now the problem is we are having some ba
-
Change the height of a paragraph break while using a 12pt baseline grid
Hey all, I am laying out a newsletter – and I want to tighten up the layout a bit. Currently the body text is 9pt on 12pt leading as the baseline grid is 12pt. I think the gap between the paragraphs is too much, and I want to reduce the height.(This
-
Can't save and export to AVi format
I am trying to send a video to Facebook but it says wrong format as PRE. So I looked at the Create pure AVi project- when I click on the timeline and then go to File, EXport is greyed out so I can't use it. What am I doing wrong? I have files save
-
Thinkpad T420, Integrated Graphics, Dual Monitors
Warning: this isn't really a problem thread. I've looked and looked but can't find a definitive answer for my question. I'm seriously considering a Thinkpad T420 for a new work laptop. I've heard great things from many people, but the most important