S/MIME Encryption: Need Same CA for Both Parties?
Hello,
I created a root certificate authority (CA) using Keychain.app which I then used to issue a certificate to give to a friend. She can send me emails signed with the certificate; yet I, who have a certificate from a different CA (Thawte), cannot encrypt emails between her and me. Why? Must we both have certificates issued from the same CA to send encrypted emails to each other?
Thank you
I'm having the same issue. Some emails come in fine while others prompt me with an "unable to decrypt" despite having the valid certificates in my keychain.app.
Also, I no longer see the cert/encrypt button when composing a new email.
Thoughts? Suggestions?
Thank you.
Message was edited by: Matthew Kemph
Similar Messages
-
How to use the same keypair for both encrypt/decryprt-SunPKCS#11
Dear All,
Subject: To access iKey 2032 token, to retrieve public/private key from iKey 2032 token using pkcs#11 in sdk1.5, to encrypt/decrypt files.
When I separate the encrypt and decrypt part of java program, encryption program works well, whereas decryption program does not decrypt anything in the decrypt file (But there is no error). I printed out the public and private key in both encrypt and decrypt part of java program, its displayed differently::
Encrypt program:
SunPKCS11-rainbow_token RSA public key, 1024 bits (id 10, session object)
modulus: 114338469922835728259534620463489934081917342509275191892563243582065
74380495029336519036972702864998634664269499641616889325482699399559620370181624
72068116957594402738459932902481604823224406859575930392708524033619120886256353
58738237376491107769961041015109436347533548940674900728805627968145581222172729
public exponent: 65537
SunPKCS11-rainbow_token RSA private key, 1024 bits (id 11, session object, sensi
tive, unextractable)
Decrypt Program::
SunPKCS11-rainbow_token RSA public key, 1024 bits (id 12, session object)
modulus: 138556361758970660122782926386849783732271581948935425587968692317930
09262429353977097956605140384961825974398004270547046620971835394362397699233738
54481804748731546655197744692886754946373745924825650876065903334173666990347814
83727290962956934521650035029131176614982652900659797194703065074407857754883163
public exponent: 65537
SunPKCS11-rainbow_token RSA private key, 1024 bits (id 13, session object, sensi
tive, unextractable)
I suspect that every time program generates different set of key, therefore we need to store the generated key during encryption part (i believe it is to be in the keystore) and to use the same for decryption part. Could you please give me a tips how to do this?
Encrypt Program ::
import java.io.*;
import java.util.*;
import java.lang.*;
import java.sql.*;
import java.text.*;
import java.math.*;
import java.security.*;
import java.security.cert.*;
import java.security.interfaces.*;
import javax.crypto.interfaces.*;
import javax.net.ssl.*;
import javax.crypto.*;
import javax.crypto.spec.DESKeySpec;
import java.security.KeyStore.*;
* A class of Encrypt.
public class Encrypt
public Encrypt(){}
public void loginToken() {
Provider p = new sun.security.pkcs11.SunPKCS11(MQConfig.getvalue("SecurityPropertyPath"));
Security.addProvider(p);
KeyStore ks = null;
try{
String password = General.ReadFiles(MQConfig.getvalue("logFilePath"),"Simple");
password = password.trim();
char pin[] = password.toCharArray();
ks = KeyStore.getInstance("pkcs11");
ks.load(null,pin);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA",p);
KeyPair kp = kpg.genKeyPair();
kpg.initialize(1024, new java.security.SecureRandom());
FileInputStream in = new FileInputStream("C:\\ReportDBBE.properties");
FileOutputStream out = new FileOutputStream("C:\\ReportDBAE.properties");
Cipher cp=Cipher.getInstance("RSA/ECB/PKCS1Padding", p);
cp.init(cp.ENCRYPT_MODE,kp.getPublic());
CipherOutputStream cout=new CipherOutputStream(out,cp);
byte[] input=new byte[8];
int byteread=in.read(input);
while(byteread!=-1){
cout.write(input,0,byteread);
byteread=in.read(input);
cout.flush();
in.close();
cout.close();
catch(NoSuchAlgorithmException nsae)
System.out.println("No Such Algorithm Exception " + nsae.getMessage());
catch(NoSuchPaddingException nspe)
System.out.println("No Such Padding Exception " + nspe.getMessage());
catch(InvalidKeyException ike)
System.out.println("Invalid Key Exception " + ike.getMessage());
catch(IllegalStateException ise)
System.out.println("Illegal State Exception " + ise.getMessage());
catch(KeyStoreException kse)
System.out.println("Key Store Exception " + kse.getMessage());
catch(CertificateException ce)
System.out.println("Certificate Exception " + ce.getMessage());
catch(IOException ioe)
System.out.println("IO Exception " + ioe.getMessage());
public static void main (String args[]) throws Exception {
try{
Encrypt tl = new Encrypt();
tl.loginToken();
}catch(Exception e){
e.printStackTrace();
Decrypt Program ::
import java.io.*;
import java.util.*;
import java.lang.*;
import java.sql.*;
import java.text.*;
import java.math.*;
import java.security.*;
import java.security.cert.*;
import java.security.interfaces.*;
import javax.crypto.interfaces.*;
import javax.net.ssl.*;
import javax.crypto.*;
import javax.crypto.spec.DESKeySpec;
import java.security.KeyStore.*;
* A class of Decrypt.
public class Decrypt
public Decrypt(){}
public void loginToken() {
Provider p = new sun.security.pkcs11.SunPKCS11(MQConfig.getvalue("SecurityPropertyPath"));
Security.addProvider(p);
KeyStore ks = null;
try{
String password = General.ReadFiles(MQConfig.getvalue("logFilePath"),"Simple");
password = password.trim();
char pin[] = password.toCharArray();
ks = KeyStore.getInstance("pkcs11");
ks.load(null,pin);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA",p);
KeyPair kp = kpg.genKeyPair();
kpg.initialize(1024, new java.security.SecureRandom());
FileInputStream in1 = new FileInputStream("C:\\ReportDBAE.properties");
FileOutputStream out1 = new FileOutputStream("C:\\ReportDBAD.properties");
Cipher cipher=Cipher.getInstance("RSA/ECB/PKCS1Padding", p);
AlgorithmParameters algParams = cipher.getParameters();
cipher.init(Cipher.DECRYPT_MODE,kp.getPrivate(),algParams);
CipherInputStream cin1=new CipherInputStream(in1,cipher);
byte[] input1=new byte[8];
int byteread1=cin1.read(input1);
while(byteread1!=-1){
out1.write(input1,0,byteread1);
byteread1=cin1.read(input1);
out1.flush();
in1.close();
out1.close();
cin1.close();
catch(NoSuchAlgorithmException nsae)
System.out.println("No Such Algorithm Exception " + nsae.getMessage());
catch(NoSuchPaddingException nspe)
System.out.println("No Such Padding Exception " + nspe.getMessage());
catch(InvalidKeyException ike)
System.out.println("Invalid Key Exception " + ike.getMessage());
catch(IllegalStateException ise)
System.out.println("Illegal State Exception " + ise.getMessage());
catch(InvalidAlgorithmParameterException iape)
System.out.println("Invalid Algorithm ParameterException " + iape.getMessage());
catch(KeyStoreException kse)
System.out.println("Key Store Exception " + kse.getMessage());
catch(CertificateException ce)
System.out.println("Certificate Exception " + ce.getMessage());
catch(IOException ioe)
System.out.println("IO Exception " + ioe.getMessage());
public static void main (String args[]) throws Exception {
try{
Decrypt tl = new Decrypt();
tl.loginToken();
}catch(Exception e){
e.printStackTrace();
Configuration file::
name = rainbow_token
library = c:\winnt\system32\dkck201.dll
attributes(*,CKO_PRIVATE_KEY,*) = {
CKA_SIGN = true
attributes(*,CKO_PRIVATE_KEY,CKK_DH) = {
CKA_SIGN = null
attributes(*,CKO_PRIVATE_KEY,CKK_RSA) = {
CKA_DECRYPT = true
}Hi all,
Now i manage to use the same keypair for both encrypt/decryprt-SunPKCS#11. Below is my code woks well. In my code i hard coded alias name of certificate, did anyone knows how to read alias name of certificate from iKey token 2032??
import java.io.*;
import java.util.*;
import java.lang.*;
import java.sql.*;
import java.text.*;
import java.math.*;
import java.security.*;
import java.security.cert.*;
import java.security.interfaces.*;
import javax.crypto.interfaces.*;
import javax.net.ssl.*;
import javax.crypto.*;
import javax.crypto.spec.DESKeySpec;
import java.security.KeyStore.*;
* A class of Encrypt.
public class Encrypt
public Encrypt(){}
public void loginToken() {
Provider p = new sun.security.pkcs11.SunPKCS11(MQConfig.getvalue("SecurityPropertyPath"));
String myAlias = "349eefd1-845b-4ba4-9f88-06e9f5cb82f6";
/** to view alias name
keytool -list -v -keystore NONE -storetype PKCS11 -storepass PASSWORD
Security.addProvider(p);
KeyStore ks = null;
PrivateKey privKey = null;
PublicKey pubKey = null;
try{
String password = General.ReadFiles(MQConfig.getvalue("logFilePath"),"Simple");
password = password.trim();
char pin[] = password.toCharArray();
ks = KeyStore.getInstance("pkcs11");
ks.load(null,pin);
java.security.cert.Certificate cert = ks.getCertificate(myAlias);
Key key = ks.getKey(myAlias, pin);
if(key != null) {
System.out.println("key class: " + key.getClass().getName()); // -> sun.security.pkcs11.P11Key$P11PrivateKey
System.out.println("key bytes: " + key.getEncoded()); // -> null!!!!!!!
if(PrivateKey.class.isInstance(key)) {
privKey = (PrivateKey)key;
System.out.println("algo: " + privKey.getAlgorithm()); // -> RSA
//Signature rsasig = Signature.getInstance("SHA1withRSA");
//rsasig.initSign(privKey);
//rsasig.update(data.getBytes());
//byte[] sigBytes = rsasig.sign();
pubKey = cert.getPublicKey();
//System.out.println("signed bytes: " +sigBytes);
//return sigBytes;
//KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA",p);
//KeyPair kp = kpg.genKeyPair();
//KeyPair kp = kpg.generateKeyPair();
//kpg.initialize(1024, new java.security.SecureRandom());
FileInputStream in = new FileInputStream("C:\\ReportDBBE.properties");
FileOutputStream out = new FileOutputStream("C:\\ReportDBAE.properties");
Cipher cp=Cipher.getInstance("RSA/ECB/PKCS1Padding", p);
//cp.init(cp.ENCRYPT_MODE,kp.getPublic());
cp.init(cp.ENCRYPT_MODE,pubKey);
CipherOutputStream cout=new CipherOutputStream(out,cp);
byte[] input=new byte[8];
int byteread=in.read(input);
while(byteread!=-1){
cout.write(input,0,byteread);
byteread=in.read(input);
cout.flush();
in.close();
cout.close();
catch(NoSuchAlgorithmException nsae)
System.out.println("No Such Algorithm Exception " + nsae.getMessage());
catch(NoSuchPaddingException nspe)
System.out.println("No Such Padding Exception " + nspe.getMessage());
catch(InvalidKeyException ike)
System.out.println("Invalid Key Exception " + ike.getMessage());
ike.printStackTrace();
catch(IllegalStateException ise)
System.out.println("Illegal State Exception " + ise.getMessage());
catch(KeyStoreException kse)
System.out.println("Key Store Exception " + kse.getMessage());
catch(CertificateException ce)
System.out.println("Certificate Exception " + ce.getMessage());
catch(IOException ioe)
System.out.println("IO Exception " + ioe.getMessage());
catch(UnrecoverableKeyException unrke)
System.out.println("Unrecoverable Key Exception " + unrke.getMessage());
public static void main (String args[]) throws Exception {
try{
Encrypt tl = new Encrypt();
tl.loginToken();
}catch(Exception e){
e.printStackTrace();
Your help is very much appreciated!!!! -
How to Use the same iview for both KM End User and the KM Administrator
Hi friends,
*This is my scenario :* How to Use the same iview for both KM End User and the KM Administrator but with different Context
Menu Options.
i followed these steps but im getting same context menu for both KM End User and the KM Administrator .
Assign the role Content Administrator to the user km_admin. This is needed so that km_admin can change
the presentation settings for the KM Folder u201EReports_kmFolder‟.
Now, login with user km_admin. Navigate to the Km Folder reports_kmFolder through Content Administration
-> Km Content. Click on Details link of the folder reports_kmFolder.
Go To Settings -> Presentation. Click on the tab u201ESettings for You‟-> Click on button u201ESelect Profile‟.
Select the radio button corresponding to u201Elayout Set‟, and choose u201EConsumerExplorer‟ from the dropdown.
Click u201EOK‟.
Select both the check boxes corresponding to Items Affected as shown above, and click u201ESave‟
Now, remove the u201ESuper Administrator‟ role from the user km_admin and login with this user.
How rto resolve this????
Regards,
Prasad.Hello Prasad,
Most likely the user km_admin still has system principal roles assigned, even though you removed the Super Admin role, you should check that this user doesn't have any other admin roles, otherwise it will be considered a System Principal user and will therefore still have access to all content. For more information see http://help.sap.com/saphelp_nw70/helpdata/en/19/56f28fbd4e11d5993b00508b6b8b11/frameset.htm
Try creating a new user with just read access to the content and you should see that it will not be able to make any changes etc.
Regards,
Lorcan. -
Has the ODI same installable for both Client & Server?
Has the ODI same installable for both Client & Server?
i.e. Team with multiple developers is concurrently working on ODI project. Repository is very much same. They just need the Designer Module in their desktop.
Is there separate installable for development IDE for ODI (Designer Module) instead of complete ODI which may include the server also?
Thanks In Advance
priyadarshi.Hi ,
You can install only the client in multiple machine if multiple user are going use/share the same repository ... and you should be having the same
snps_login_work.xml
snps_login_security.xml
in all your client installations....so that you can have multiple users created and share the same repositroy ...
hope this helps
Thanks
Ananda -
I have a iPad and iPhone with the same Apple ID, but on Game Center I have used the same id for both devices and they are two different profiles and I was wondering how to have one of the accounts on both devices.
Hi Jamesdwills,
Welcome to the Support Communities!
If you are using the same Apple ID on both devices, the Game Center profile should be the same.
Check out this information from the iPad User Guide. Try signing out of the Game Center on both devices and then sign back in with the correct Apple ID:
Using Game Center
http://support.apple.com/kb/ht4314
Game Center settings - iPad User Guide
http://help.apple.com/ipad/7/#/iPad9a13d039
Game Center settings
Go to Settings > Game Center, where you can:
Sign out (tap your Apple ID)
Allow invites
Let nearby players find you
Edit your Game Center profile (tap your nickname)
Get friend recommendations from Contacts or Facebook
Specify which notifications you want for Game Center. Go to Settings > Notifications > Game Center. If Game Center doesn’t appear, turn on Notifications.
Change restrictions for Game Center. Go to Settings > General > Restrictions.
Cheers,
- Judy -
i have two iphone one is iphone 5 and othere is iphone 4 . can i use same id for both ? And do i have to purchase the application again for iphone 4 which i have buyed for iphone 5.??
You can use the same Apple ID for both phones, you would then be able to use the purchased Apps/Content on both phones without having to pay again.
-
I have 2 accounts in my family and would like to purchase some of the same songs for both accounts, however when I try to purchase a duplicate song from the second account the song says play instead of purchase. How can I get some of the same songs?
Drrhythm2 wrote:
What's the best solution for this? I
Copy the entire /Music/iTunes/ folder from her old compouter to /Music/ in her account on this new computer. -
If I use the same iCloud account for my ipad and iPhone, will changes I make on one change on the other as well? I'm not sure of the advantage of using teh same iCloud for both devices.
No, it only mirrors changes to synced data. This includes mail, contacts, calendars, reminders, safari bookmarks, notes, iWork documents and data, and photo stream photos (assuming you choose to sync all this data). Changes to iTunes data such as music, apps, podcasts, etc., are not synced using iCloud. In your example, if you delete an app from one device it will remain on the other until deleted there too.
-
My Itouch 3rd gen can't be recognize by my computer but when I put my iphone4 its can be recognize I use the same cable for both of them.
Does it charge?
- Reset the iOS device. Nothing will be lost
Reset iOS device: Hold down the On/Off button and the Home button at the same time for at
least ten seconds, until the Apple logo appears.
- Inspect the dock connector on the iPod for bent or missing contacts, foreign material, corroded contacts, broken, missing or cracked plastic.
- Make an appointment at the Genius Bar of an Apple store.
Apple Retail Store - Genius Bar -
Why is my user id/pw not accepted by ICloud on my iPad but it is accepted by iCloud on my computer? I am using the same password for both.
Rebooting your iDevice
Hold down the Sleep (On-Off) and Home buttons together for about 10-15 seconds or until the Apple Logo appears - ignore the red slider if it appears - then let go of the buttons. The device should begin to start up.
Now try entering the information again. See if it works now. -
I have two Apple TV's one in my living room and one in our bedroom. I purchased a movie series on the tv in the living room but was not able to open on the tv in the bedroom. I am using the same account for both Apple TV's. Can anyone assist?
Wecome to the Apple Community.
For the avoidance of doubt, are you able to play the TV show on the Apple TV on which you bought it and it is a TV show and not a movie is it.
What do you mean can't open it, what exactly happens. -
When I down load books, can I read them on my iPad and iPhone? I went to open a book on my phone but I got a message that aid something about the bill already associated with an appleid. I use the same id for both devices.
All I can suggest is that you open that file on the MBA and save it as a new file, then see if you can open the new one on the iMac.
-
Can 2 matrix windows be open at the same time, for different parts?
I played a midi part freely, and then overdubbed a second part on a different audio instrument "in unison" (there is a joke here, I know), but some of the note attacks were slightly off.
I wanted to open the matrix windows for both parts to align the notes. But I could open only one window at a time. Is there a way to open both matrix windows at the same time so you can look at the two parts side by side?
Thanks for any advice,
Jimyes - but in order for it to work u should not enable the link button - the pink one in the upper left corder of the matrix...
-
Same Query for both Main and Sub Report
I have a report whichs works but I don't think i'm getting the data to both the Main Report and Sub Report in the most effcient manner... I have a report that totals users call subject counts. But then end user wishes to see all users total counts and the grand totals of call counts on the first page then then the breakdown of types of calls on subsuquent pages... so I created a report with a subreport in the report header.... I use the same query in both the sub and main report... however it asks the user to enter the parameters once for the main report and once for the sub report... Parameters are both the same for each; month and year... so it currently runs the query twice I want to run it once and use the data for both reports... I group by name and then sum the call subject counts for the user totals... and in the sub report I hide the detail section and I'm just left with the sub total line for each user, then in the main report use the same grouping and suming again and I start a new page for every user...
Using CR 9
Thanks for any advice
Vincenti think you need to link the main report parameter with the subreport parameters inorder to pass the parameter values from main report to subreport. So right click on subreport and go to change subreport links and add parameter fields and select parameter fields from your subreport and un check the databse fields in subreport.
Regards,
Raghavendra.G -
How do I use the same Itunes for both my IPOD and IPAD?
How do i use itunes for both my ipod and ipad? and have everything on both of them.
You can connect one of them to your computer's iTunes, select it on the left-hand side of iTunes, and then on the right-hand side select the Music tab and choose what to sync to that device - you can then connect, select and sync the same content to your other device.
Maybe you are looking for
-
How do I get the app store to use my debit card?
Okay so when I first got my Mac Book it was linked to my Dad's account so therefore everything comes out of his account whenever I purchase an App from the App Store. I did try linking my own debit card to my apple ID by going to where it says you ca
-
Some reports are not displayed in Windows Vista and IE9
Hi, as the title says, I had a problem with Windows Vista. I'm using CR2008, VS2008, and .NET 3.5 to develop web form. So, in every computer (WXP, W7) with IE9 works fine, but in Win Vista, some reports are displaying in a wrong way. You can see a sc
-
Photos app on iPhone contains photos under Events which aren't in iPhoto on Mac
Hi, When I open the Photos app on my iPhone 4S there are a series of "Events" which contain photos. None of these events are listed within iPhoto on my Mac and I can't find where it is taking the photos from. All the events are just labelled with a d
-
Hello all I am trying to include a header file in my jsp page, and then include a servlet on another server. Question is, is this possible? In my code below, the header file is shown but the results of the servlet, which resides on a different server
-
Dear MAC-Friends. PLEASE HELP ME. I am extremely afraid to do something wrong - what will be a failure so I loose all the photos I had in my iphoto library before installing the Mountain Lion. I have just installed the MOUNTAIN-LION and now I can´t