RSA -- signing/verifying data
assuming i have the public and private keys already....
class RSA{
Signature sign;
... //sets up keys and stuff
private void setupRSA(){
sign = Signature.getInstance("RSA");
sign.initSign(privateKey);
sign.initVerify(publicKey);
public void sign(final String plaintext) throws SignatureException{
byte [] plaintextByte = plaintext.getBytes();
sign.update(plaintextByte);
byte [] signedData = sign.sign();
return new sun.misc.BASE64Encoder().encode(signedData);
public boolean verify(final String signed) throws IOException, SignatureException{
byte [] signedByte = new sun.misc.BASE64Decoder().decodeBuffer(signed);
sign.update(signedByte);
return sign.verify(signedByte);
public static void main(String [] args){
String signed = rsa.sign("Signature");
boolean verify = rsa.verify(signed);
}i get the following exception:
java.security.NoSuchAlgorithmException: RSA Signature not available
at java.security.Signature.getInstance(Signature.java:193)
at RSA.setupRSA(RSA.java:62)
at RSA.<init>(RSA.java:18)
at Test.main(Test.java:7)
java.lang.NullPointerException
what should i do to fix this problem?
over CodeProject, i see the example using "SHA1withRSA". when i use that, i get only the NullPointerException.
is there a way to use RSA only... and how do i get rid of the NullPointerException?
1) Normally, a signature is the encryption of the digest of the data to be signed so you need to specify the digest method. "RSA" on it's own does not specify the digest method since there is no default digest method.
2) A Signature cannot be initialised for for both 'signing' and 'verification' at the same time. You can re-initialize whenever you like so you just have to initSign() just before signing and initVerify() just before verifying.
Similar Messages
-
IPsec Site-to-Site with RSA sign stuck on MM_KEY_EXCH
I am currently studying for CCNA Security, and i would like to be able to configure a Site-to-Site VPN with RSA sig with a windows server 2012 acting as AD and CA. I already have enable scep on windows server 2012 and disable the enrollement challenge password.
Since two days, i am completly stuck on MM_KEY_EXCH error.
Here is my lab:
http://i59.tinypic.com/2502h76.png
I have 3 router 3600 ios 12.4(16) - C3640-JK9S-M.
On the left is my Active Directory/CA with a static nat from 192.168.2.254 to 1.1.1.3, so it can be joined from outside by R2.
On the right, just an outside client.
I am trying to authenticate R1 and R2 with RSA sign from my AD/CA.
I have already tried NAT-T...
The clock on both routers is matching the clock of AD/CA
Some configuration:
R1 (1.1.1.2)
ip domain name cisco.ca
crypto pki trustpoint cisco-WIN-2EV0KQDK78U-CA
enrollment mode ra
enrollment url http://192.168.2.254:80/certsrv/mscep/mscep.dll
fqdn R1.cisco.ca
subject-name cn=R1.cisco.ca
revocation-check none
crypto isakmp policy 1
encr aes 256
hash md5
group 5
lifetime 3600
crypto ipsec transform-set SET esp-aes 256 esp-sha-hmac
crypto map MYMAP 1 ipsec-isakmp
set peer 2.2.2.2
set transform-set SET
set pfs group2
match address VPN
R1#sh crypto pki certificates
Certificate
Status: Available
Certificate Serial Number: 640000001B0C9BE947CCC8FB2B00000000001B
Certificate Usage: General Purpose
Issuer:
cn=cisco-WIN-2EV0KQDK78U-CA-2
dc=cisco
dc=ca
Subject:
Name: R1.cisco.ca
cn=R1.cisco.ca
hostname=R1.cisco.ca
CRL Distribution Points:
ldap:///CN=cisco-WIN-2EV0KQDK78U-CA-2,CN=WIN-2EV0KQDK78U,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN= Configuration,DC=cisco,DC=ca?certificateRevocationList?base?objectClass=cRLDistributionPoint
Validity Date:
start date: 21:15:11 UTC Oct 26 2014
end date: 21:15:11 UTC Oct 25 2016
Associated Trustpoints: cisco-WIN-2EV0KQDK78U-CA
CA Certificate
Status: Available
Certificate Serial Number: 69B4A894E00EC58A47DA9812076DEF2D
Certificate Usage: Signature
Issuer:
cn=cisco-WIN-2EV0KQDK78U-CA-2
dc=cisco
dc=ca
Subject:
cn=cisco-WIN-2EV0KQDK78U-CA-2
dc=cisco
dc=ca
Validity Date:
start date: 00:27:45 UTC Oct 26 2014
end date: 00:37:45 UTC Oct 26 2019
Associated Trustpoints: cisco-WIN-2EV0KQDK78U-CA
R2 (2.2.2.2)
ip domain name cisco.ca
crypto pki trustpoint cisco-WIN-2EV0KQDK78U-CA
enrollment mode ra
enrollment url http://1.1.1.3:80/certsrv/mscep/mscep.dll
fqdn R2.cisco.ca
subject-name cn=R2.cisco.ca
revocation-check none
crypto isakmp policy 1
encr aes 256
hash md5
group 5
lifetime 3600
crypto ipsec transform-set SET esp-aes 256 esp-sha-hmac
crypto map MYMAP 1 ipsec-isakmp
set peer 1.1.1.2
set transform-set SET
set pfs group2
match address VPN
R2(config)#end
R2#sh c
Oct 26 19:27:28.007: %SYS-5-CONFIG_I: Configured from console by consoler
R2#sh cryp
R2#sh crypto pk
R2#sh crypto pki cer
R2#sh crypto pki certificates
Certificate
Status: Available
Certificate Serial Number: 640000001CDFE423EBA20E45EE00000000001C
Certificate Usage: General Purpose
Issuer:
cn=cisco-WIN-2EV0KQDK78U-CA-2
dc=cisco
dc=ca
Subject:
Name: R2.cisco.ca
cn=R2.cisco.ca
hostname=R2.cisco.ca
CRL Distribution Points:
ldap:///CN=cisco-WIN-2EV0KQDK78U-CA-2,CN=WIN-2EV0KQDK78U,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN= Configuration,DC=cisco,DC=ca?certificateRevocationList?base?objectClass=cRLDistributionPoint
Validity Date:
start date: 21:18:03 UTC Oct 26 2014
end date: 21:18:03 UTC Oct 25 2016
Associated Trustpoints: cisco-WIN-2EV0KQDK78U-CA
CA Certificate
Status: Available
Certificate Serial Number: 69B4A894E00EC58A47DA9812076DEF2D
Certificate Usage: Signature
Issuer:
cn=cisco-WIN-2EV0KQDK78U-CA-2
dc=cisco
dc=ca
Subject:
cn=cisco-WIN-2EV0KQDK78U-CA-2
dc=cisco
dc=ca
Validity Date:
start date: 00:27:45 UTC Oct 26 2014
end date: 00:37:45 UTC Oct 26 2019
Associated Trustpoints: cisco-WIN-2EV0KQDK78U-CA
Here are some error that i get:
Oct 26 18:29:50.219: ISAKMP:(0:2:SW:1): processing CERT payload. message ID = 0
Oct 26 18:29:50.223: ISAKMP:(0:2:SW:1): processing a CT_X509_SIGNATURE cert
Oct 26 18:29:50.223: ISAKMP:(0:2:SW:1): peer's pubkey isn't cached
Oct 26 18:29:50.255: ISAKMP:(0:2:SW:1): Unable to get DN from certificate!
Oct 26 18:29:50.255: ISAKMP:(0:2:SW:1): Cert presented by peer contains no OU field.
Oct 26 18:29:50.271: ISAKMP:(0:2:SW:1): processing SIG payload. message ID = 0
Oct 26 18:29:50.271: ISAKMP (134217730): sa->peer.name = , sa->peer_id.id.id_fqdn.fqdn = R2.cisco.ca
Oct 26 18:29:50.271: %CRYPTO-3-IKMP_QUERY_KEY: Querying key pair failed.
Oct 26 18:29:50.271: ISAKMP (0:134217730): process_rsa_sig: Querying key pair failed.
Oct 26 18:29:50.271: ISAKMP:(0:2:SW:1):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
Oct 26 18:29:50.271: ISAKMP:(0:2:SW:1):Old State = IKE_R_MM5 New State = IKE_R_MM5
Oct 26 18:35:22.175: %PKI-3-CERTIFICATE_INVALID_NOT_YET_VALID: Certificate chain validation has failed. The certificate (SN: 640000001CDFE423EBA20E45EE00000000001C) is not yet valid Validity period starts on 21:18:03 UTC Oct 26 2014
Output of show crypto isakmp sa:
R1#sh crypto isakmp sa
dst src state conn-id slot status
1.1.1.2 2.2.2.2 MM_KEY_EXCH 42 0 ACTIVE
1.1.1.2 2.2.2.2 MM_KEY_EXCH 41 0 ACTIVE
1.1.1.2 2.2.2.2 MM_NO_STATE 40 0 ACTIVE (deleted)
1.1.1.2 2.2.2.2 MM_NO_STATE 39 0 ACTIVE (deleted)
I would appreciate if someone can help me on this.
ThanksSorry, Config attached here.
-
How to sign the data with DHPrivateKey
I am testing DH key exchange protocol. When I run the following code, it works.
import java.io.*;
import java.math.BigInteger;
public class DH2 {
private DH2() {}
public static void main(String argv[]) {
try {
String mode = "USE_SKIP_DH_PARAMS";
DH2 keyAgree = new DH2();
if (argv.length > 1) {
keyAgree.usage();
throw new Exception("Wrong number of command options");
} else if (argv.length == 1) {
if (!(argv[0].equals("-gen"))) {
keyAgree.usage();
throw new Exception("Unrecognized flag: " + argv[0]);
mode = "GENERATE_DH_PARAMS";
keyAgree.run(mode);
} catch (Exception e) {
System.err.println("Error: " + e);
System.exit(1);
private void run(String mode) throws Exception {
DHParameterSpec dhSkipParamSpec;
if (mode.equals("GENERATE_DH_PARAMS")) {
// Some central authority creates new DH parameters
System.out.println
("Creating Diffie-Hellman parameters (takes VERY long) ...");
AlgorithmParameterGenerator paramGen
= AlgorithmParameterGenerator.getInstance("DH");
paramGen.init(512);
AlgorithmParameters params = paramGen.generateParameters();
dhSkipParamSpec = (DHParameterSpec)params.getParameterSpec
(DHParameterSpec.class);
} else {
// use some pre-generated, default DH parameters
System.out.println("Using SKIP Diffie-Hellman parameters");
dhSkipParamSpec = new DHParameterSpec(skip1024Modulus,
skip1024Base);
System.out.println("ALICE: Generate DH keypair ...");
KeyPairGenerator aliceKpairGen = KeyPairGenerator.getInstance("DH");
aliceKpairGen.initialize(dhSkipParamSpec);
KeyPair aliceKpair = aliceKpairGen.generateKeyPair();
System.out.println("ALICE: Initialization ...");
KeyAgreement aliceKeyAgree = KeyAgreement.getInstance("DH");
aliceKeyAgree.init(aliceKpair.getPrivate());
byte[] alicePubKeyEnc = aliceKpair.getPublic().getEncoded();
KeyFactory bobKeyFac = KeyFactory.getInstance("DH");
X509EncodedKeySpec x509KeySpec = new X509EncodedKeySpec
(alicePubKeyEnc);
PublicKey alicePubKey = bobKeyFac.generatePublic(x509KeySpec);
DHParameterSpec dhParamSpec = ((DHPublicKey)alicePubKey).getParams();
System.out.println("BOB: Generate DH keypair ...");
KeyPairGenerator bobKpairGen = KeyPairGenerator.getInstance("DH");
bobKpairGen.initialize(dhParamSpec);
KeyPair bobKpair = bobKpairGen.generateKeyPair();
System.out.println("BOB: Initialization ...");
KeyAgreement bobKeyAgree = KeyAgreement.getInstance("DH");
bobKeyAgree.init(bobKpair.getPrivate());
byte[] bobPubKeyEnc = bobKpair.getPublic().getEncoded();
KeyFactory aliceKeyFac = KeyFactory.getInstance("DH");
x509KeySpec = new X509EncodedKeySpec(bobPubKeyEnc);
PublicKey bobPubKey = aliceKeyFac.generatePublic(x509KeySpec);
System.out.println("ALICE: Execute PHASE1 ...");
aliceKeyAgree.doPhase(bobPubKey, true);
System.out.println("BOB: Execute PHASE1 ...");
bobKeyAgree.doPhase(alicePubKey, true);
byte[] aliceSharedSecret = aliceKeyAgree.generateSecret();
int aliceLen = aliceSharedSecret.length;
byte[] bobSharedSecret = new byte[aliceLen];
int bobLen;
try {
bobLen = bobKeyAgree.generateSecret(bobSharedSecret, 1);
} catch (ShortBufferException e) {
System.out.println(e.getMessage());
bobLen = bobKeyAgree.generateSecret(bobSharedSecret, 0);
System.out.println("Alice secret: " +
toHexString(aliceSharedSecret));
System.out.println("Bob secret: " +
toHexString(bobSharedSecret));
if (!java.util.Arrays.equals(aliceSharedSecret, bobSharedSecret))
throw new Exception("Shared secrets differ");
System.out.println("Shared secrets are the same");
System.out.println("Return shared secret as SecretKey object ...");
bobKeyAgree.doPhase(alicePubKey, true);
SecretKey bobDesKey = bobKeyAgree.generateSecret("DES");
aliceKeyAgree.doPhase(bobPubKey, true);
SecretKey aliceDesKey = aliceKeyAgree.generateSecret("DES");
Cipher bobCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
bobCipher.init(Cipher.ENCRYPT_MODE, bobDesKey);
byte[] cleartext = "This is just an example".getBytes();
// Signature signature = Signature.getInstance("SHA1withDSA");
// signature.initSign(bobKpair.getPrivate());
// signature.update(cleartext);
// byte[] data = signature.sign();
byte[] ciphertext = bobCipher.doFinal(cleartext);
Cipher aliceCipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
aliceCipher.init(Cipher.DECRYPT_MODE, aliceDesKey);
byte[] recovered = aliceCipher.doFinal(ciphertext);
if (!java.util.Arrays.equals(cleartext, recovered))
throw new Exception("DES in CBC mode recovered text is " +
"different from cleartext");
System.out.println("DES in ECB mode recovered text is " +
"same as cleartext");
bobCipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
bobCipher.init(Cipher.ENCRYPT_MODE, bobDesKey);
cleartext = "This is just an example".getBytes();
ciphertext = bobCipher.doFinal(cleartext);
byte[] encodedParams = bobCipher.getParameters().getEncoded();
AlgorithmParameters params = AlgorithmParameters.getInstance("DES");
params.init(encodedParams);
aliceCipher = Cipher.getInstance("DES/CBC/PKCS5Padding");
aliceCipher.init(Cipher.DECRYPT_MODE, aliceDesKey, params);
recovered = aliceCipher.doFinal(ciphertext);
if (!java.util.Arrays.equals(cleartext, recovered))
throw new Exception("DES in CBC mode recovered text is " +
"different from cleartext");
System.out.println("DES in CBC mode recovered text is " +
"same as cleartext");
}I want to sign the data with Signature,So i add the following code to the sample.
byte[] cleartext = "This is just an example".getBytes();
Signature signature = Signature.getInstance("SHA1withDSA");
signature.initSign(bobKpair.getPrivate());
signature.update(cleartext);
byte[] data = signature.sign();
byte[] ciphertext = bobCipher.doFinal(cleartext);Run the code again, the output is
Error: java.security.InvalidKeyException: No installed provider supports this key: com.sun.crypto.provider.DHPrivateKey
What's wrong with the code, It seems that the bob's private key is not instance of DSAPrivateKey but DHPrivateKey.
what's your comment? thanks a lot.slamdunkming wrote:
thank sabre150 for your reply. But the key pair is generated when I use DH to exchange the secret key. Yes! It is a DH key pair and cannot be used for signing. The DH key pair can only be used for secret sharing.
If I can not use this private key to sign the data, what can i do?Do I have to generate another key pair for signature? In that way, I will have two key pair. Yep. You can generate a DSA or an RSA key pair to be used for signing.
Because I use http protocol to exchange the key to get the shared secret key, Yep.
If I generate another key pair, how can i send the public key to server? Since public keys are 'public' then you can send them in the open to anyone you like. In fact, if you don't publish your public keys then they are pretty much a waste of time. The biggest problem one has with public key is proving 'ownership' - if someone sends me a public key how do I know that the sender is actually who they say they are?.
I am confused.Some reading might help. A pretty good starting point is "Beginning Cryptography with Java" by David Hook published by Wrox. -
Can't run the Installation Software for the LiDe 210, need a signed/verified copy???
Can't run the Installation Software for the LiDe 210, need a signed/verified copy???
Hi lanepoor!
So that the Community can help you better, we will need to know the Computer Operating System you're using (Windows XP/Vista/7/8 or Mac 10.x). Any other details you'd like to give will only help the Community better understand your issue! Thanks and have a great day! -
How to programmatically sign test data?
Hello LV fans,
I’m looking for some ideas/methods to programmatically apply a digital signature to my test data. Currently I write to Excel, using ActiveX, then print and manually sign each data sheet. I’m open to new ideas to improve this process.
thanksHello Jared,
I'm not digitally signing my test reports now. I have to print them out, sign them, then have them scanned in for a permanent record. My VI pulls up the users' log in ID from the computer, and puts the users' name on the report. I'd like to take the process one step further and have each report digitally signed. Perhaps using MS Excel's digitial signature, or I could have the reports saved as pdf's and use Adobe Acrobat 8.0.
thanks.. -
I acquired data in DAQmx by PXI4472. For the high speed data logger, I used "DAQmx Read" to read unscaled 32-bit signed integer data.
Now, my question is how to scale 32-bit signed integer data to floating-point voltage?
I think that it's (20/(2**24))*I32 because the voltage range of PXI4472 is -10 to +10 and its resolution is 24 bits. But I cann't get correct voltage by that formula.While you could hard code the scaling factor, it will be more flexible if you retrieve the scaling coefficients from the driver. To do this, you need to use the Analog Input>>General Properties>>Advanced>>Device Scaling Coefficients>>Device Scaling Coefficients properties under the DAQmx Channel Property Node. Look at the documentation for this property to see how it can be used to create a polynomial equation for scaling to volts.
Since you are creating a data logging solution, you may want to consider using a compressed data stream from the driver instead of the I32 data type. This will allow you to read the data back as a stream of u8's instead. Since the PXI-4472 is 24 bits, you will only have to write 3 bytes to disk for each sample instead of 4. You can check out the following examples for how to create an application using this compressed data stream. It also shows how to use the scaling coefficients to transform the unscaled data back to voltage values. -
Architectural Difference Effect on Signing/Verifying XML Document
Hi all,
I am using Apache Santuario for signing XML.
1. I have a Windows Server 2008 64 Bit, which is using JAVA 7 32 bit JVM. Let's say my signed document is Signed_A. On Windows Server 2008 I am signing the document but the verification fails for Signed_A.
2. Same application is being run on Windows 7 32 bit with the same JVM version. And the document is Signed_B on this machine. I am signing the document and verifying it without a problem.
3. If I move the document Signed_B (which I could sign & verify on Windows 7) to Windows 2008 Server, using the same application I can verify the document. So, my spider senses tell me that, there is a problem with signing.
4. Again if I move the document Signed_A to Windows 7 machine, I could not verify the signature.
I don't know whether the situation is occur because of the difference of processors on machines. But if you have anything that can help me please let me know. Anything could be helpful for now because I'm stuck in here.
Please feel free to ask if you need further explanations. I am not providing any code, because I am suspecting a configuration issue here.
Thanks in advance.Hi,
Can you tell me about your project on short notes. For information.
Regards
R.Rajendran -
Verifying Data Integrity Outlook 2010
Hi,
We are using Microsoft SBS2011 including Exchange 2010
one of users could not start his Outlook 2010. the screen shows "Verifying Data Integrity" which takes hours.
I check his .ost file at his computer, which is about 50GB.
Does Outlook 2010 have the capacity limiit?
MTHello,
Yes, there are limitations by default. Please see:
How to configure the size limit for both (.pst) and (.ost) files in Outlook 2010, Outlook 2007, and in Outlook 2003
http://support.microsoft.com/kb/832925
Thanks,
Simon -
Outlook 2013 is showing verifying Data Integrity
Hi,
When i try to open the outlook 2013,it is not opening and it is showing verifying Data Integrity.
Please let us know how to resolve the issue.
Looking forward for your reply at the earliest
Regards
Pradeep.RHi Pradeep,
What type of email account do you use (POP, IMAP, MAPI or Exchange)?
Based on my research, this issue can be caused by the following factors:
Outlook data file (.OST/.PST) corruption issues
Third party add-ins
To troubleshoot this issue, I suggest we first try the following steps:
Try to run Scanpst.exe to repair your Outlook data file and see if it helps. If this is an Exchange account, then you can simply rename the
.ost file to .ost.old or delete it, this will force Outlook to regenerate a new
.ost file and download all the messages from the server again.
Launch Outlook in safe mode and see if issue persists. This will help to determine whether this was caused by any third party add-ins:
Press Win + R and type "outlook.exe /safe" in the blank box, then press
Enter.
Hope this helps.
Regards,
Ethan Hua
TechNet Community Support
It's recommended to download and install
Configuration Analyzer Tool (OffCAT), which is developed by Microsoft Support teams. Once the tool is installed, you can run it at any time to scan for hundreds of known issues in Office
programs. -
Is there anyway by whicch I can test my RSA signed applet by using self issued certificates??
I created a RSA signed applet using the documentation available on
http://java.sun.com/products/plugin/1.3/docs/rsa_signing.html
I used a self-signed certificate but it doesn't work. It gives me a security exception.Found a way :)
Details at http://forum.java.sun.com/thread.jsp?forum=63&thread=152882
Cheers
Abraham Khalil -
5A-FixMajorUpgrade-4.1.tar.gz.aes.rsa.signed eve...
Hi,
The file to solve the recent problems with the homehub 5A "5A-FixMajorUpgrade-4.1.tar.gz.aes.rsa.signed" has been sent to my 5A hub every day at 10.37am for the last week.
This is from the TR069 today;
10:37:44, 28 Feb.
(1123244.000000) CWMP: session completed successfully
10:37:44, 28 Feb.
(1123243.800000) CWMP: Download file, FileType=4, FileName=5A-FixMajorUpgrade-4.1.tar.gz.aes.rsa.signed, Username=, CommandKey=1958065273
10:37:44, 28 Feb.
(1123243.600000) CWMP: HTTP authentication success from https://pbthdm.bt.mo
10:37:42, 28 Feb.
(1123242.040000) CWMP: Server URL: https://pbthdm.bt.mo; Connecting as user: ACS username
10:37:42, 28 Feb.
(1123242.030000) CWMP: Session start now. Event code(s): '6 CONNECTION REQUEST,4 VALUE CHANGE'
10:37:42, 28 Feb.
(1123241.630000) CWMP: Initializing transaction for event code 6 CONNECTION REQUEST
10:37:39, 28 Feb.
(1123239.450000) CWMP: session completed successfully
10:37:39, 28 Feb.
(1123239.260000) CWMP: HTTP authentication success from https://pbthdm.bt.mo
Is this normal behaviour for the update?
Should something else be happening, e.g. should I also be seeing some parameters being set ?
Does the file need to be sent every day? Seems a bit OTT.That doesn't sound right.
I suggest you try a factory reset of the hub
http://bt.custhelp.com/app/answers/detail/a_id/11386/~/how-do-i-reset-my-bt-home-hub-to-its-factory-...
If you found this post helpful, please click on the star on the left
If not, I'll try again -
Reconciliation to verify data in R/3 and BW
Hi Experts,
Can any one explain me how we will maintain reconciliation to verify the data in SAP R/3 and SAP BW are same or not after the data loads. Please explain all the sources that we have.
Thanks in advance
MallikFor Unit Test, you don't need to reconcile all the records. So, I take a couple of selections. Using these, go to RSA3 in R/3 and extract the data and take sub-totals in Excel.
Now, go to Info Provider in BW, and using same selections, download the data in BW or BEx and take sub-totals again and compare both.
If the extractor is generic extractor based on View/Tables, you can go one additional step and get data from SE16 in R/3 to make sure RSA3 and Tables also match.
For Business Content extractor, its a little difficult is do this step because most of them are Function Modules.
This should be enough as long as your selections are good.
You can compare the data from RSA3. Run RSA3 and save the data in a file and then compare with BW.
You can compare the PSA data with R/3 to check whether your data transport is correct.But its very much important the end result (with data in Data Targets ex.Infocube...) should be reconciled with the R/3 data to check your update and transfer rules are working fine.
The second part is too tricky since you cannot directly compare the reports while the formats and grouping are different.
You can execute the reports in R/3 and apply the Update and transfer conversions (at least for random records) then reconcile with the BW data.
Take a look on the note: 543188
"How to Reconcile Data Between SAP Source Systems and SAP NetWeaver BI"
The Data Reconciliation procedure is still in the SAP action item for the future release.
But we can reconcile the data by extracting the reports and compare with the query output in Excel sheet.
Please check for a tool "Excel Compare" in google which is really useful in comparing excel files.
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/7a5ee147-0501-0010-0a9d-f7abcba36b14
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/biw/how%20to%20validate%20infocube%20data%20by%20comparing%20it%20with%20psa%20data
By this method you can compare your infocube data with PSA ones...clearly, every changes in R/3 (due to user exit or, above all, BW-specific standard logic) is not taken into account...if you want to consider also this part (back-end), there is no std method and it depends from every specific flow!
also check in service.sap.com/bi
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/7a5ee147-0501-0010-0a9d-f7abcba36b14
One way is to define Remote Cube on the R3 data source and create multiprovider on BW with the Remote Cube and the BW target. Subtract the KF on R3 from the KF in BW - anything not 0 becomes an exception.
Sometimes the source on R3 is not as straight forward and we have had ABAP developers create summary table on R3 to compare to BW.
Actually one to one Data comparison between R/3 and BW is done during Integration Test phase. During this time we need to sit with R/3 team and work closely because they know exactly the numbers in R/3 side and which tables Data resides and all. After loading Data same data in to BW we compare the numbers between R/3 BW. If both the teams feel there is some data missing then we start the analysis. As a first stem we will see in the extractors then BW side during transformation like transfer and update rules.
Pleases see this document for more help
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/968dab90-0201-0010-c093-9d2a326969f1
https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/com.sap.km.cm.docs/library/biw/how%20to%20validate%20infocube%20data%20by%20comparing%20it%20with%20psa%20data
verifying the data which is coming from R/3 to BW system. That is called as Reconciliation.
That process is done with v lookup functionality.
Hope this helps and assihn points, if so
Regards
Raja -
Removing a quote sign from data transfer
Is it possible to remove specific characters while transferring data from the PSA table to subsequent data targets?
Maybe there a BW formula that enables this to happen?
In my case, we have created a generic extractor to load statistical data from a BW table into a DSO. We need to remove the quote signs from the transfer of data because the data is failing to activate in the DSO.
We want to avoid resorting to ABAP if possible. Nor do I want to modify the list of approved symbols.Hi,
If you know the target field where you want to remove quote then you can write routine in the transformation .
You can use field level routine to achive this.
Hope this will help you..
Thanks,
Jitendra -
RSA decryption Error: Data must start with zero
Because of some reasons, I tried to use RSA as a block cipher to encrypt/decrypt a large file. When I debug my program, there some errors are shown as below:
javax.crypto.BadPaddingException: Data must start with zero
at sun.security.rsa.RSAPadding.unpadV15(Unknown Source)
at sun.security.rsa.RSAPadding.unpad(Unknown Source)
at com.sun.crypto.provider.RSACipher.doFinal(RSACipher.java:356)
at com.sun.crypto.provider.RSACipher.engineDoFinal(RSACipher.java:394)
at javax.crypto.Cipher.doFinal(Cipher.java:2299)
at RSA.RRSSA.main(RRSSA.java:114)
From breakpoint, I think the problem is the decrypt operation, and Cipher.doFinal() can not be operated correctly.
I searched this problem from google, many people met the same problem with me, but most of them didn't got an answer.
The source code is :
Key generation:
package RSA;
import java.io.FileOutputStream;
import java.io.ObjectOutputStream;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.logging.Level;
import java.util.logging.Logger;
public class GenKey {
* @param args
* @author tang
public static void main(String[] args) {
// TODO Auto-generated method stub
try {
KeyPairGenerator KPG = KeyPairGenerator.getInstance("RSA");
KPG.initialize(1024);
KeyPair KP=KPG.genKeyPair();
PublicKey pbKey=KP.getPublic();
PrivateKey prKey=KP.getPrivate();
//byte[] publickey = decryptBASE64(pbKey);
//save public key
FileOutputStream out=new FileOutputStream("RSAPublic.dat");
ObjectOutputStream fileOut=new ObjectOutputStream(out);
fileOut.writeObject(pbKey);
//save private key
FileOutputStream outPrivate=new FileOutputStream("RSAPrivate.dat");
ObjectOutputStream privateOut=new ObjectOutputStream(outPrivate);
privateOut.writeObject(prKey)
}Encrypte / Decrypt
package RSA;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.ObjectInputStream;
import java.security.Key;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.crypto.Cipher;
//import sun.misc.BASE64Decoder;
//import sun.misc.BASE64Encoder;
public class RRSSA {
* @param args
public static void main(String[] argv) {
// TODO Auto-generated method stub
//File used to encrypt/decrypt
String dataFileName = argv[0];
//encrypt/decrypt: operation mode
String opMode = argv[1];
String keyFileName = null;
//Key file
if (opMode.equalsIgnoreCase("encrypt")) {
keyFileName = "RSAPublic.dat";
} else {
keyFileName = "RSAPrivate.dat";
try {
FileInputStream keyFIS = new FileInputStream(keyFileName);
ObjectInputStream OIS = new ObjectInputStream(keyFIS);
Key key = (Key) OIS.readObject();
Cipher cp = Cipher.getInstance("RSA/ECB/PKCS1Padding");//
if (opMode.equalsIgnoreCase("encrypt")) {
cp.init(Cipher.ENCRYPT_MODE, key);
} else if (opMode.equalsIgnoreCase("decrypt")) {
cp.init(Cipher.DECRYPT_MODE, key);
} else {
return;
FileInputStream dataFIS = new FileInputStream(dataFileName);
int size = dataFIS.available();
byte[] encryptByte = new byte[size];
dataFIS.read(encryptByte);
if (opMode.equalsIgnoreCase("encrypt")) {
FileOutputStream FOS = new FileOutputStream("cipher.txt");
//RSA Block size
//int blockSize = cp.getBlockSize();
int blockSize = 64 ;
int outputBlockSize = cp.getOutputSize(encryptByte.length);
/*if (blockSize == 0)
System.out.println("BLOCK SIZE ERROR!");
}else
int leavedSize = encryptByte.length % blockSize;
int blocksNum = leavedSize == 0 ? encryptByte.length / blockSize
: encryptByte.length / blockSize + 1;
byte[] cipherData = new byte[outputBlockSize*blocksNum];
//encrypt each block
for (int i = 0; i < blocksNum; i++) {
if ((encryptByte.length - i * blockSize) > blockSize) {
cp.doFinal(encryptByte, i * blockSize, blockSize, cipherData, i * outputBlockSize);
} else {
cp.doFinal(encryptByte, i * blockSize, encryptByte.length - i * blockSize, cipherData, i * outputBlockSize);
//byte[] cipherData = cp.doFinal(encryptByte);
//BASE64Encoder encoder = new BASE64Encoder();
//String encryptedData = encoder.encode(cipherData);
//cipherData = encryptedData.getBytes();
FOS.write(cipherData);
FOS.close();
} else {
FileOutputStream FOS = new FileOutputStream("plaintext.txt");
//int blockSize = cp.getBlockSize();
int blockSize = 64;
//int j = 0;
//BASE64Decoder decoder = new BASE64Decoder();
//String encryptedData = convert(encryptByte);
//encryptByte = decoder.decodeBuffer(encryptedData);
int outputBlockSize = cp.getOutputSize(encryptByte.length);
int leavedSize = encryptByte.length % blockSize;
int blocksNum = leavedSize == 0 ? encryptByte.length / blockSize
: encryptByte.length / blockSize + 1;
byte[] plaintextData = new byte[outputBlockSize*blocksNum];
for (int j = 0; j < blocksNum; j++) {
if ((encryptByte.length - j * blockSize) > blockSize) {
cp.doFinal(encryptByte, j * blockSize, blockSize, plaintextData, j * outputBlockSize);
} else {
cp.doFinal(encryptByte, j * blockSize, encryptByte.length - j * blockSize, plaintextData, j * outputBlockSize);
FOS.write(plaintextData);
//FOS.write(cp.doFinal(encryptByte));
FOS.close();
}Edited by: sabre150 on Aug 3, 2012 6:43 AM
Moderator action : added [ code] tags so as to make the code readable. Please do this yourself in the future.
Edited by: 949003 on 2012-8-3 上午5:311) Why are you not closing the streams when writing the keys to the file?
2) Each block of RSA encrypted data has size equal to the key modulus (in bytes). This means that for a key size of 1024 bits you need to read 128 bytes and not 64 bytes at a time when decrypting ( this is probably the cause of your 'Data must start with zero exception'). Since the input block size depends on the key modulus you cannot hard code this. Note - PKCS1 padding has at least 11 bytes of padding so on encrypting one can process a maximum of the key modulus in bytes less 11. Currently you have hard coded the encryption block at 64 bytes which is OK for your 1024 bits keys but will fail for keys of modulus less than about 936 bits.
3) int size = dataFIS.available(); is not a reliable way to get the size of an input stream. If you check the Javadoc for InputStream.available() you will see that it returns the number of bytes that can be read without blocking and not the stream size.
4) InputStream.read(byte[]) does not guarantee to read all the bytes and returns the number of bytes actually read. This means that your code to read the content of the file into an array may fail. Again check the Javadoc. To be safe you should used DataInputStream.readFully() to read a block of bytes.
5) Reading the whole of the cleartext or ciphertext file into memory does not scale and with very large files you will run out of memory. There is no need to do this since you can use a "read a block, write the transformed block" approach.
RSA is a very very very slow algorithm and it is not normal to encrypt the whole of a file using it. The standard approach is to perform the encryption of the file content using a symmetric algorithm such as AES using a random session key and use RSA to encrypt the session key. One then writes to the ciphertext file the RSA encrypted session key followed by the symmetric encrypted data. To make it more secure one should actually follow the extended procedure outlined in section 13.6 of Practical Cryptography by Ferguson and Schneier. -
Use of % sign in data declaration
can any one explain me the use and the purpose of using % sign in declaring data and subroutines and internal tables.what does % means?
eg.
DATA %count-lfa1(4) TYPE x.
DATA %linr-lfa1(2).
DATA: BEGIN OF %joinwa,
lfa1 LIKE lfa1,
adr6 LIKE adr6,
adr3 LIKE adr3,
adr2 LIKE adr2,
END OF %joinwa.
PERFORM %download
Thanks
Phyrose.I don't belive there is anything special with the % being used in the name. It does look strange and is unusual but is just another character in the name.
Just checked the help and it discourages this practice:
<i>A type name can be up to 30 characters long. The name may only consist of alphanumeric characters and the underscore character. It may not consist entirely of digits. Special characters such as German umlauts are not allowed. As well as these characters, certain special characters are used internall. However, these should not be used in application programs. SPACE is a reserved name, and cannot therefore be used. Furthermore, you should not use a field in a statement if it has the same name as one of the additions of the keyword (for example: PERFORM SUB USING CHANGING.).
Recommendations for Type Names:
Always start the name with a letter.
Use the underscore to separate compound names (for example, NEW_PRODUCT. </i>
Maybe you are looking for
-
I'm trying to create a icloud account but I can't go on from the first step. The sistem ask me to check my e.mail and when I go to my inbox there is nothing. And it keep saying that I dind't verify my e,mail. What is happening please.
-
Would be cool if we could make our own EQ settings and save as presets.... like in iTunes. And, be able to assign them to individual songs..... like in iTunes maybe this could be an upgrade we can download? hehe any other suggestions? BTW, i'm not co
-
Cannot open CS5.1, says to reinstall because of missing elements
can not open my CS5.1 , widow pops up telling me to reinstall it because I am missing some elements
-
Installation fails Photoshop CS6 Public beta 64bit windows 7
I tried to install the windows version of Photoshop CS6 Public Beta, the 64bit version failed to install said that it failed to locate folder tokens. I uninstalled it and restart my computer. I tried to reinstall but I still get the same error. What
-
Delete Button on Messagecenter-Email
Hello, since Montain-Lion i get the Infobox on the right side, when a new Mail arrived. The Notification Center.... Thats great, but i get a lot of Spam and other Stuff that i want directly delete. Is there a possibility to add a Delete button to the