Signing code with Public Key
Hi guys,
I'm working on my thesis,and my prof. told me that I have to sign a
java object with a public key.
Looks to be impossible, but I asked him again and he confirmed what he
said.
How do I create a digital signature of a java object using a Publik
Key??
Thanks a Lot guys!!!
Bye!
How do I create a digital signature of a java object using a Public Key??Well as my fellow poster said it makes no sense siging (Encrypting) an Object using a Public Key as it would be available for access.
If it is about Siging an Object with a Single Key where there is concept having a public / private key i think most of the Symmentric Encryption Algorithms come into picture. where there would be a single key used for both encrypting & decrypting data.
However, you can very well have a look of the specified links below to recheck on things.
http://www.unix.org.ua/orelly/java-ent/security/ch12_01.htm
http://www.developer.com/java/other/article.php/630851
http://mindprod.com/jgloss/digitalsignatures.html
Hope these might be of some help...
REGARDS,
RaHuL
Similar Messages
-
Encrypt data with public key?
I am trying to find a class that support encryption with PublicKey.
In the class Signature there is a method "initSign" that takes a PrivateKey as argument, but that is used for signing certificates.
What I am looking for is to make A encrypt some data with B' public key that B can decrypt with its private key...is there any class for this scenario?You might want to check out these, if you haven't already:
http://java.sun.com/j2se/1.5.0/docs/guide/security/CryptoSpec.html
http://java.sun.com/j2se/1.5.0/docs/guide/security/jce/JCERefGuide.html
http://java.sun.com/j2se/1.5.0/docs/api/javax/crypto/package-summary.html
http://java.sun.com/j2se/1.5.0/docs/api/javax/crypto/interfaces/package-summary.html
http://java.sun.com/j2se/1.5.0/docs/api/javax/crypto/spec/package-summary.html -
Allow privilleged users to enter into EXEC mode on login not working with public keys
Hi,
I have recently updated one of my Cisco ASA to v9.2(1) and noticed a function to get the perform authorization for exec shell access can do a auto-enable when logging in from ssh.
The problem is that if I use a private/public key authentication with a user it won't do the auto-enable feature. If I login without keys and using my password, it jumps into privilleged exec mode as it should.
Anyone else had this issue?
Config:
aaa authentication ssh console LOCAL
aaa authorization exec LOCAL auto-enable
username user password xxxxxx encrypted privilege 15
username user attributes
ssh authentication publickey 22:af:xxxxxx hashed
Any answer will be highly appreciated.
P.S I'm totally new in this forum.Would you be able to open a TAC SR and once you do , Email me the SR no and i will look into this issue.
[email protected]
Thanks and Regards,
Vibhor Amrodia -
Problem with public key ssh login
Weird problem just appeared. Home computer has two accounts (A and B). I allow ssh login to both accounts via public key login (ssh-keygen). Two remote computers with accounts A' and B' on one, and A" and B" on the other.
I can ssh into the home computer account B from account B' on one computer. I can log into the home computer account B from account B" on the other computer. I cannot ssh into the home computer account A from either A' or A", but I could last week.
Here is what the .ssh directories look like:
Home computer, account A:
total 8
drwx------ 4 userA groupA 136 Jan 30 11:51:38 2006 .
drwxrwxr-x 25 userA groupA 850 Nov 8 20:05:58 2006 ..
-rw-r--r-- 1 userA groupA 1216 Jan 10 13:20:20 2006 authorized_keys2
-rw-r--r-- 1 userA groupA 447 Sep 25 15:28:42 2006 known_hosts
Home computer, account B:
total 16
drwx------ 5 userB groupB 170 Oct 2 09:52:02 2006 .
drwxr-xr-x 23 userB groupB 782 Nov 9 08:26:03 2006 ..
-rw------- 1 userB groupB 6148 May 19 17:54:58 2006 .DS_Store
-rw-r--r-- 1 userB groupB 1228 Jan 10 13:24:15 2006 authorized_keys2
-rw-r--r-- 1 userB groupB 242 Oct 2 09:52:02 2006 known_hosts
Remote computer 1, account A':
total 16
drwx------ 6 userA' groupA' 204 Nov 9 09:55:12 2006 .
drwxr-xr-x 29 userA' groupA' 986 Nov 9 09:41:21 2006 ..
-rw-r--r-- 1 userA' groupA' 41 Mar 13 12:13:17 2006 config
-rw------- 1 userA' groupA' 736 Nov 20 13:38:54 2005 id_dsa
-rw-r--r-- 1 userA' groupA' 607 Nov 20 13:38:54 2005 id_dsa.pub
-rw-r--r-- 1 userA' groupA' 246 Jan 10 09:41:27 2006 known_hosts
Remote computer 1, account B':
total 16
drwx------ 5 userB' groupB' 170 Nov 9 08:23:04 2006 .
drwxr-xr-x 18 userB' groupB' 612 Nov 9 09:52:11 2006 ..
-rw------- 1 userB' groupB' 6148 Nov 9 08:23:04 2006 .DS_Store
-rw------- 1 userB' groupB' 668 May 25 08:51:51 2006 id_dsa
-rw-r--r-- 1 userB' groupB' 2481 Oct 30 09:00:57 2006 known_hosts
Remote computer 2, account A":
total 12
drwx------ 5 userA" groupA" 170 Jan 25 10:59:54 2006 .
drwxr-xr-x 20 userA" groupA" 680 Nov 9 08:19:30 2006 ..
-rw------- 1 userA" groupA" 736 Jan 10 13:14:16 2006 id_dsa
-rw-r--r-- 1 userA" groupA" 609 Jan 10 13:14:16 2006 id_dsa.pub
-rw-r--r-- 1 userA" groupA" 3376 Oct 31 19:48:25 2006 known_hosts
Remote computer 2, account B":
total 12
drwx------ 5 userB" groupB" 170 Jan 25 11:41:48 2006 .
drwx------ 22 userB" groupB" 748 Nov 9 10:33:00 2006 ..
-rw------- 1 userB" groupB" 736 Jan 10 13:11:50 2006 id_dsa
-rw-r--r-- 1 userB" groupB" 615 Jan 10 13:11:50 2006 id_dsa.pub
-rw-r--r-- 1 userB" groupB" 2947 Nov 7 10:18:27 2006 known_hosts
I had copied the A' id_dsa.pub from remote computer 1 to the home computer account A authorized_keys2, then I copied the A" id_dsa.pub from remote computer 2 and had appended it to the home computer account A authorized_keys2. I had done a similar thing with accounts B', B", and B on their respective computers.
All worked great for many months, until today, when ssh connections from A' or A" into A give me the dreaded
Permission denied,gssapi-keyex,gssapi-with-mic) error message. Pretty certain that it was as recent as earlier this week I made the A'-->A ssh connection and all was well. Meanwhile, ssh connections from B' or B" into B still work fine.
As near as I can tell, file ownerships and permissions look okay. While ssh'ed into B from B' I even did a
cat /Users/userA/.ssh/authorized_keys2
and then in another Terminal window, local to the remote computer, I did a
cat /Users/userA/.ssh/id_dsa.pub
In the terminal windows, each key wraps over about five-and-a-half lines, and I spotchecked like the last half-dozen characters, on each Terminal window line, of remote computer 1, account A' id_dsa.pub and the first pub key entry in authorized_keys2 in home computer account A. They all match.
I even keep a clone backup of my hard drive, and the date/timestamp of /etc/sshd_config hasn't changed (although, I'm a bit mystified why it is dated as recently as it is -- Sep 29 2006 -- don't remember doing anything to it)
So, I'm really confused, and not sure what to try or where to look next.
2001 Quicksilver G4 (M8360LL/A) Mac OS X (10.4.8)Hi j.v.,
Home computer, account A:
total 8
drwx------ 4 userA groupA 136 Jan 30 11:51:38 2006 .
drwxrwxr-x 25 userA groupA 850 Nov 8 20:05:58 2006 ..
The parent directory ".." of the directory ".ssh", i.e. home directory of account A, is group-writeble. SSH considers this as "insecure". You should make it writable only by the owner.
A@Home$ cd (cd to the home directory)
A@Home$ chmod g-w .
HTH
PowerMac G4 Mac OS X (10.4.7) -
How encrypt msg with Public Key ?
I want to encrypt my Session Key with the public key of the recipient but how can I do ?
I know how to encrypt with the Secret Key but not with the Public Key.
Thanks for response
NicolasIt depends on the cryptosystem of which the public key you are having.
If it is of RSA then you have to get the cipher of RSA and pass the session key bytes as input to it. -
How to setup an ikev2 VPN with public key authentica​tion with your BB10 device
This setup will allow you to run a VPN between your BB10.2 (and probably BB10.1) device and a debian linux computer (I am running the testing stream). You will need to tweak this config (and possibly install strongswan server on your LAN's gateway) to get access to network resources, or access the internet via the VPN. I have created this setup with the intention of accessing files/services on the debian computer only.
1. Install strongswan on your debian machine(I have v4.6.4 installed, I think the current testing version is v5.1. If you install v5+, some lines in the config may be obsolete), and install any other extra packages you are prompted to install:
apt-get install strongswan strongswan-ikev1 strongswan-ikev2 strongswan-starter openssl ipsec-tools
2. Generate certificates on your debian server in any, starting with a certificate authority. Edit the C= O= CN= fields to whatever you want:
ipsec pki --gen --outform pem > caKey.pem
ipsec pki --self --in caKey.pem --dn "C=CA, O=none, CN=Certificate-Auth" --san="Certificate-Auth" --ca --outform pem > caCert.pem
Generate a server keypair (again, editing the same fields as I indicated above. The CN= field should be lan ip address of your strongswan server. I would also put this as the address in --san=, or you can specify your hostname(if you have one, i.e. mydomainname.com):
ipsec pki --gen --outform pem > serverKey.pem
ipsec pki --pub --in serverKey.pem | ipsec pki --issue --cacert caCert.pem --cakey caKey.pem --dn "C=CA, O=none, CN=192.168.1.100" --san="192.168.1.100" --flag serverAuth --outform pem > serverCert.pem
Generate a keypair for your BB10 device (choose a CN=, and use it in the --san field @your server lan ip or hostname:
ipsec pki --gen --outform pem > userKey.pem
ipsec pki --pub --in userKey.pem | ipsec pki --issue --cacert caCert.pem --cakey caKey.pem --dn "C=CA, O=none, CN=bb10" --san "[email protected]" --flag serverAuth --outform pem > userCert.pem
3. After generating your keys, package the client keys for your BB10 device(you will be asked to create a password): openssl pkcs12 -export -in userCert.pem -inkey userKey.pem -out bb10.pfx
Copy the bb10.pfx file, and serverCert.pem to your BB10 device and import the certificates into the certificate store(Open Settings --> Security and Privacy --> Certificates --> Import)
4. Move the certificates into the appropriate folders on your debian server:
mv caKey.pem /etc/ipsec.d/private
mv caCert.pem /etc/ipsec.d/cacerts
mv serverKey.pem /etc/ipsec.d/private
mv serverCert.pem /etc/ipsec.d/certs
5. Enable ip forwarding on your debian machine:
edit /etc/sysctl.conf - change the following value as follows:
net.ipv4.ip_forward=1
Close the file and save changes. To enable changes, type: sysctl -p /etc/sysctl.conf
6. Edit config files:
ipsec.secrets:
: RSA serverKey.pem
ipsec.conf:
config setup
strictcrlpolicy=no
uniqueids=yes
conn %default
ikelifetime=60m
keylife=20m
rekeymargin=3m
keyingtries=1
keyexchange=ikev2
leftfirewall=yes
dpddelay=30
dpdtimeout=120
dpdaction=clear
conn bb10
mobike=yes
ike=aes256-sha1-sha1-modp1024!
esp=aes256-sha1!
left=%defaultroute
leftid="C=CA, O=none, CN=192.168.1.100"
leftcert=serverCert.pem
right=%any
rightsourceip=10.10.0.1
rightid="C=CA, O=none, CN=bb10"
rightauth=pubkey
leftauth=pubkey
pfs=yes
auto=add
7. Start the ipsec service on your debian machine: service ipsec stop; service ipsec start
8. Set up the VPN connection on your blackberry: Settings -->Network Connections --> VPN --> Add.
a) Profile Name: Give your VPN a name
b) Server Address: Enter your server's address
c) Gateway Type: Generic IKEv2 VPN Server
d) Authentication Type: PKI
e) Authentication ID Type: Identity Certificate Distinguished Name
f) Client Certificate: The client certificate you imported should show up in the dropdown
g) Gateway Auth Type: PKI
h) Gateway Auth ID Type: Identity Certificate Distinguished Name
i) Gateway CA Certificate: Find the certificate authority you imported. If you used the same name as I did above when creating the certificate, if will be called "Certificate-Auth".
j) Perfect forward secrecy : ON
k) Change IKE Lifetime to 3600
l) Change IPSEC lifetime to 1200
You can leave everything else on default settings. Save your VPN profile.
9. Connect to your VPN. You should now be able to ping both ways between your blackberry and debian host. Using the above configuration, your blackberry device will have the ip address of 10.10.0.1.There have been numerous bb10 updates (now 10.2.1.2977) since I first posted this mini how-to-I am not sure if it was the bb10 updates, or updates to strongswan (now v5.2.0) or my linux kernel (v3.15.3), though I am now able to use stronger hash and elliptic curve key exchange. I am using sha384 in my example, though have also got it working with sha512. Give it a try:
Simply use the same process I detailed before, though change the following lines in ipsec.conf:
ike=aes256-sha1-sha1-modp1024!
esp=aes256-sha1!
to
ike=aes256-sha384-ecp521
esp=aes256-sha384-ecp521
Be sure to restart strongswan after you change these lines in the config.
After this is done, change 'Automatically determine algorithm' to off in the VPN profile settings of your VPN connection profile on your blackberry. I'm not sure why it doesn't work automatically. State the following in this section:
IKE DH Group: 21
IKE CIpher: AES (256-bit key)
IKE Hash: SHA384
IKE PRF: HMAC-SHA384
IPSec DH Group: 21
IPSec Cipher: AES (256-bit key)
IPSec Hash: SHA384 -
Encrypting a vote with a servers public key...HELP!
Hey, I really need some help( online voting application)....what I want to do it allow a voter to be able to submit a ballot(vote) via servlets, they encrypt the ballot with the servers public key and then the ballot is stored in a database, where at another time the administrator may decrypt the ballot(s) using the servers private key. I have already sorted the voters authentication(MD5), and at the moment the servlet submits the ballot in an unencrypted form....so I just need a little help from here. I enclose my code and I would be truly grateful of someone could give me a hand.
import java.io.*;
import javax.servlet.*;
import javax.servlet.http.*;
import java.sql.* ;
public class CastVote extends HttpServlet{
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException,IOException{
try {
String jmulligan= request.getParameter("jmulligan");
String pkelly=request.getParameter("pkelly");
String mjones=request.getParameter("mjones");
response.setContentType("text/html");
PrintWriter out=response.getWriter();
Class.forName("sun.jdbc.odbc.JdbcOdbcDriver");
Connection con = DriverManager.getConnection ("jdbc:odbc:evoting");
Statement stmt = con.createStatement();
stmt.executeUpdate(
"INSERT INTO Ballot (JMulligan, PKelly, MJones)"
+ "VALUES ('"+jmulligan+"','"+pkelly+"','"+mjones+"') ");
stmt.close();
out.println("<HTML>\n"+
"<HEAD><TITLE>EVoting</TITLE></HEAD>\n"+
"<BODY BGCOLOR=\"127734\">\n"+
"<H1>Your Ballot has been entered as follows</H1>\n"+
"<H1>J Mulligan got "+ jmulligan +"</H1>\n"+
"<H1> M Jones got "+ mjones +"</H1>\n"+
"<H1> P Kelly got "+ pkelly +"</H1>\n"+
"</BODY></HTML>");
catch( Exception e ) {
System.out.println(e.getMessage());
e.printStackTrace();
thanks
Jacinta
PS I have ssl configured, with a self signed cert.Hey!
I am also in the middle of doing an en=voting application as part of my thesis! Its interesting to see the way other people do the voting. Well, my experience so far is that I cannot get public/private key encryption to work. I have posted many topics on this forum regarding it and the reason it wont work is that the ballot that I am trying to enctypt is too large for the ballot object . I used the RSA algoithm and it wasn't able to handle my large object. So instead I have just used a symmetric algorithm and that works fine. I think its the DES algorithm. The only problem with this is that you are using the same key to encrypt and decrypt the ballot. I dont think this is secure. It has been reccomended to me that I use this symmetric algorithm as it is, but that I then use public/private key to encrypt the symmetric key! I still have a problem with this because if the key is still encrypted with public key, the user must have acces to the private key to decrypt the symmetric key to decryt the ballot. See where I'm going?
I would love to know of an asymmetric algorithm that can encrypt large objects. That would solve the whole security issue. I will post a replyhere if I find out the answer.
By the way, how is your project going?
All the best,
Chris Moltisanti -
Message Digest with symmetric key
Hi,
I am new to Java Cryptography.
My requirement is i want to digest a message using RSA generated 128 bit key and i am not able to find any functions to generate Symmetric key and also to digest a message with key. Can any one please tell me how to do. Any help would be appreciated. This is very urgent requirement.
Thanks in advance.
Cheers,
Sreedhar GuptaRSA use a key pair :
you can sign with the private key
and you verify signature with public key.
for this use class : java.security.Signature
To have a "message digest" with a symmetric key
use the class : javax.crypto.MAC -
Identifying Public keys??
How to identify the public keys if there are many public keys at the client side???
plz do let me know how to find the wanted public keys...
asap
thnx in advnce
SubhashNo a person A (other than yourself) creates a key pair. Person A submits
his/her public key to get a certificate through a certificate request
protocol. Once that certificate is returned to person A he/she can
distribute his/her public key to anyone he/she wishes through whatever
mechanisms he/she wishes. (aka email, floppy, whatever..)
If you trust the CA who provided the certificate then it is likely you
will trust the public key associated with it as being from person A. If
so you can then encrypt messages to person A using his/her publickey/certificate.
You can use keytool to take an X509 encoded public key/certificate and add
it to your keystore locally. Once it is in your keystore you can access
it at will for whatever operations you chose to do including encryption
or signature verification.
This all assumes you start out with the public certificate of the CA for
which signed your friends public key (otherwise known as certifying) already
on your machine. Java comes with a set of CA certificates of the most common
CAs including verisign etc..
If you are the CA then keep a copy of the certificate in your keystore
and then send it to person A. Now you can get the cert from your local
keystore anytime you need to encrypt data to be sent to person A.
Person A should NEVER provide anyone access to his/her private key. That
defeats the whole process. In fact person A should encrypt his/her private
key so that should it somehow wind up exposed it is difficult for the key
itself to be retrieved. This is typically done with PBE... -
Remote login via ssh and public keys
I'm not exactly a UNIX expert, but I need to be able to remote login to my PowerBook. The problem with enabling ssh is that as soon as I'm on campus, all kinds of nefarious hosts try brute force attempts to crack my password. I've heard that public/private key logins are the answer, and I've managed to get the public key in the right place on my PowerBook (the private key resides on my iPhone, from which I'll be logging in). But I have two questions:
1) How do I disable logins via user/password?
2) When I use my private key, I'm asked to enter the password for the key -- ssh isn't properly storing that password. I've checked permissions, but how can I get ssh to store that password, as it should?1) In Sharing > Remote Login, do I still need an account listed to be able to use ssh logins with a public key? I ask because currently (i.e. password authentication enabled), when no accounts are listed, login via public key doesn't work. In other words, an account has to be listed for public key logins to work.
Yes you still need an account name to login to that computer. However you don't need to specify an account in the sharing preferences. You can lock down the security further by limiting which user accounts can login via ssh.
by default if you don't specify a username when you login it will use the username of the device your logging in from. So to use an alternative login name you would use
ssh [email protected]
whereas john can be anyname or your choosing.
Put another way: if turn off password authentication for ssh in sshd_config, how should Sharing > Remote Login be configured?
If you turn off password authentication you still need to allow your user account to login via ssh in the sharing preferences or you can allow all.
2) According to that MacOS X Hints article:
"Leopard has now a built-in support for SSH authentication with public keys.
OSX has been able to use ssh public key authentication since day 1 of the beta release of osx. It is not new to leopared it has been around for years.
Just open Terminal and ssh to your public-key-enabled server. A Keychain window appears, proposing you to enter the pass phrase, and then remembering it in your keychain. "
I have not used this functionality as I don't use any passwords for ssh logins.
They're talking about the password associated with the key. But on second thought, that password is being saved on the client, not the server, right?
I am sure this is the case. -
How Sign Message with Certificate (public key)?
Hi, I need to to send Sign xml message by Certificate file (public key) and read sign message
so how can i do it ??
and i should have 2 public key ?? or what ??
please help :)
Thanksejp has answered your question, but it seems you did not understand. This forum is not a good place to learn about public key cryptography and message encryption. You should already understand these fundamentals before asking questions here. This forum is about how to implement these crypto operations in the Java programming language. If you are cheap or poor, you can try googling for the more information; wikipedia is good starting point also. If you can afford it, I recommend you buy Practical Cryptography_ by Schneier.
-
Import a signed public key into a keystore
Hai all,
When I followed the steps listed at the end of the email, to create a cert request using keytool (from jdk 1.3.0), make it signed by a CA and import the signed public key into a keystore,
I got the following error when I did step 9: keytool error: java.security.cert.CertificateException: IOException: data is not sufficient
Could you please give me a help? Thanks in advance. ---
1.Generate the CA key
$ openssl genrsa -rand -des -out ca.key 1024
2.Create a self signed certificate
$ openssl req -new -x509 -days 365 -key ca.key -out ca.crt
3.Setup the OpenSSL CA tools
$ mkdir demoCA $ mkdir demoCA/newcerts $ touch demoCA/index.txt
$ cp ca.crt demoCA/ $ echo "01" > demoCA/serial
4.Create a new key store for the client application
$ keytool -keystore testkeys -genkey - alias client
5.Export the client's public key
$ keytool -keystore testkeys -certreq -alias client -file client.crs
6.Sign the client's key with our CA key
$ openssl ca -config /etc/openssl.cnf -in client.crs -out client.crs.pem -keyfile ca.key
7.Convert to DER format
$ openssl x509 -in client.crs.pem -out client.crs.der -outform DER
8.Import CA certificate into client's key store
$ keytool -keystore testkeys -alias jsse_article_ca -import -file ca.crt
9.Import signed key into client's key store
$ keytool -keystore testkeys -alias client -import -file client.crs.der
(The above steps are available at <http://www.ddj.com/articles/2001/0102/0102a/0102a.htm>)
I have created CA and Server certificates using openssl and client certificate request using keytool and it is signed by our CA.
I am using openssl server (C++) and JSSE client (JAVA)...
to communicate these two what certificates i need to put in the client keystore (created using keytool).
I have imported CA into keytool ,but i am unable to import client cert into keystore.
Please tell me some way to sort out this problem...
Prasad.The following script using openssl and keytool (JDK1.3)
works. Be sure to have the following in
your extension directory (/opt/java1.3/jre/lib/ext):
jcert.jar
jnet.jar
jsse.jar
sunrsasign.jar
Pierre
#!/bin/ksh
rm -f Keystore Config
rm -rf certs
mkdir certs
touch certs/index
echo "01" > certs/serial
chmod 600 certs/*
netstat > /tmp/.rnd
echo "Creating config file for openssl"
cat > Config <<EOCNF
[ ca ]
default_ca = CA_default
[ CA_default ]
dir = certs
database = \$dir/index
serial = \$dir/serial
default_days = 365 # Duration to certify for
default_crl_days= 30 # Time before next CRL
default_md = SHA1 # Message digest to use.
preserve = no # Keep passed DN ordering?
policy = policy_anything
[ policy_anything ]
countryName = optional
stateOrProvinceName = optional
localityName = optional
organizationName = optional
organizationalUnitName = optional
commonName = supplied
emailAddress = optional
[ req ]
default_bits = 1024
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
attributes = req_attributes
[ req_distinguished_name ]
countryName = Country Name (2 letter code)
countryName_default = US
countryName_value = US
countryName_min = 2
countryName_max = 2
stateOrProvinceName = State or Province Name (full name)
stateOrProvinceName_default = CA
stateOrProvinceName_value = CA
localityName = Locality Name (eg, city)
localityName_default = Loc
localityName_value = Loc
0.organizationName = Organization Name (eg, company)
0.organizationName_default = Org
0.organizationName_value = Org
organizationalUnitName = Organizational Unit Name (eg, section)
organizationalUnitName_default = OrgUnit
organizationalUnitName_value = OrgUni
commonName = Common Name (eg, YOUR name)
commonName_default = CN
commonName_value = CN
commonName_max = 64
emailAddress = Email Address
emailAddress_default = [email protected]
emailAddress_value = [email protected]
emailAddress_max = 40
[ req_attributes ]
EOCNF
echo "Creating DSA params"
openssl dsaparam -outform PEM -out DSAPARAM -rand /tmp/.rnd 1024
echo "Creating CA key pair and cert request"
openssl req -config Config -nodes -newkey DSA:DSAPARAM -keyout certs/caprivkey.pem -out certs/req.pem
echo "Signing own CA cert"
openssl x509 -req -in certs/req.pem -signkey certs/caprivkey.pem -out certs/cacert.pem
echo "Generating client key pair and cert in keystore"
keytool -genkey -alias myalias -keyalg DSA -keysize 1024 -keypass password -storepass password -keystore Keystore -dname "CN=Common Name, OU=Org Unit, O=Org, L=Locality, S=State, C=Country" -validity 365
echo "Generating cert request"
keytool -certreq -alias myalias -keypass password -storepass password -keystore Keystore -file certs/CertReq.csr
echo "Signing client cert"
openssl ca -config Config -policy policy_anything -batch -in certs/CertReq.csr -keyfile certs/caprivkey.pem -days 365 -cert certs/cacert.pem -outdir certs -out certs/public.pem -md SHA1
echo "Importing CA cert into keystore"
keytool -import -alias CA -keystore Keystore -storepass password -noprompt -file certs/cacert.pem
# Clean the certificate file, contains extra stuff from openssl
sed "/^-----BEGIN CERTIFICATE-----/,/^-----END CERTIFICATE-----/!d" \
certs/public.pem > certs/tmp-public.pem
cp certs/tmp-public.pem certs/public.pem
rm certs/tmp-public.pem
echo "Importing client cert into keystore"
keytool -import -alias myalias -keystore Keystore -storepass password -noprompt -file certs/public.pem -
Problem with Copied Code finding Public Method
Hi Guys,
I'm an old R/2 programmer trying to get my head around OO coding.
I have copied, in it's entirety, the SAP example program SAPTLIST_TREE_CONTROL_DEMO, as I'm trying to create a Tree based access to reports (don't ask, the user just wants it!).
I've copied and activate all the standard include programs as follows:
*& Modulpool ZMM_COCKPIT_DISPLAY *
INCLUDE ZMMC_COCKPIT_DISPLAY_TOP.
INCLUDE ZMMC_COCKPIT_DISPLAY_CL1.
INCLUDE ZMMC_COCKPIT_DISPLAY_O01.
INCLUDE ZMMC_COCKPIT_DISPLAY_I01.
INCLUDE ZMMC_COCKPIT_DISPLAY_F01.
All the programs syntax check successfully, except ZMMC_COCKPIT_DISPLAY_F01 which displays the error message <i>'Method "HANDLE_NODE_DOUBLE_CLICK" is unknown or PROTECTED or PRIVATE'</i>, yet this does not prevent the include program from activating.
The Section of code that is failing is:
assign event handlers in the application class to each desired event
SET HANDLER G_APPLICATION->HANDLE_NODE_DOUBLE_CLICK FOR G_TREE.
SET HANDLER G_APPLICATION->HANDLE_ITEM_DOUBLE_CLICK FOR G_TREE.
SET HANDLER G_APPLICATION->HANDLE_EXPAND_NO_CHILDREN FOR G_TREE.
SET HANDLER G_APPLICATION->HANDLE_LINK_CLICK FOR G_TREE.
SET HANDLER G_APPLICATION->HANDLE_BUTTON_CLICK FOR G_TREE.
SET HANDLER G_APPLICATION->HANDLE_CHECKBOX_CHANGE FOR G_TREE.,
When double clicking on the HANDLE_NODE_DOUBLE_CLICK, the SAP then goes to the following code in the ZMMC_COCKPIT_DISPLAY_CL1 program:
CLASS LCL_APPLICATION DEFINITION.
PUBLIC SECTION.
METHODS:
HANDLE_NODE_DOUBLE_CLICK
FOR EVENT NODE_DOUBLE_CLICK
OF CL_GUI_LIST_TREE
IMPORTING NODE_KEY,
HANDLE_EXPAND_NO_CHILDREN
FOR EVENT EXPAND_NO_CHILDREN
OF CL_GUI_LIST_TREE
IMPORTING NODE_KEY,
HANDLE_ITEM_DOUBLE_CLICK
FOR EVENT ITEM_DOUBLE_CLICK
OF CL_GUI_LIST_TREE
IMPORTING NODE_KEY ITEM_NAME,
HANDLE_BUTTON_CLICK
FOR EVENT BUTTON_CLICK
OF CL_GUI_LIST_TREE
IMPORTING NODE_KEY ITEM_NAME,
HANDLE_LINK_CLICK
FOR EVENT LINK_CLICK
OF CL_GUI_LIST_TREE
IMPORTING NODE_KEY ITEM_NAME,
HANDLE_CHECKBOX_CHANGE
FOR EVENT CHECKBOX_CHANGE
OF CL_GUI_LIST_TREE
IMPORTING NODE_KEY ITEM_NAME CHECKED.
ENDCLASS.
CLASS LCL_APPLICATION IMPLEMENTATION.
METHOD HANDLE_NODE_DOUBLE_CLICK.
" this method handles the node double click event of the tree
" control instance
" show the key of the double clicked node in a dynpro field
G_EVENT = 'NODE_DOUBLE_CLICK'.
G_NODE_KEY = NODE_KEY.
ENDMETHOD.
Lastly, the class definition, implementation and other required objects are defined in the ZMMC_COCKPIT_DISPLAY_TOP program as:
*& Include ZMMC_COCKPIT_DISPLAY_TOP *
REPORT SAPTLIST_TREE_CONTROL_DEMO MESSAGE-ID TREE_CONTROL_MSG.
Screen Element Components *********************
CLASS LCL_APPLICATION DEFINITION DEFERRED.
CLASS CL_GUI_CFW DEFINITION LOAD.
CAUTION: MTREEITM is the name of the item structure which must
be defined by the programmer. DO NOT USE MTREEITM!
TYPES: ITEM_TABLE_TYPE LIKE STANDARD TABLE OF ZMMC_TREEITM
WITH DEFAULT KEY.
DATA: G_APPLICATION TYPE REF TO LCL_APPLICATION,
G_CUSTOM_CONTAINER TYPE REF TO CL_GUI_CUSTOM_CONTAINER,
G_TREE TYPE REF TO CL_GUI_LIST_TREE,
G_OK_CODE TYPE SY-UCOMM.
(NB: ZMMC_TREEITM is a copy of the structure MTREEITM).
All the programs are active, and have no syntax errors.
Any ideas on how to make the error message vanish? I don't know, but it must be resolved because it is causing the program to abend at runtime, claiming that the HANDLE_NODE_DOUBLE_CLICK cannot pass value 'NULL' to G_TREE.
Thanks in advance.
StephenHello Stephen
I have made the following changes in the module pool (double-clicking on node executes a report (PFCG_MASS_TRANSPORT):
<b>Include TLIST_TREE_CONTROL_DEMOTOP:</b>
* Fields on Dynpro 100
DATA: G_EVENT(30),
G_NODE_KEY TYPE TV_NODEKEY,
G_ITEM_NAME TYPE TV_ITMNAME.
* Collect nodes and items in globally accessible itabs
DATA:
gt_nodes TYPE TREEV_NTAB, " added
gt_items type ITEM_TABLE_TYPE. " added
*** INCLUDE TLIST_TREE_CONTROL_DEMOTOP
<b>
METHOD handle_expand_no_children.:</b>
* Items of node with key 'New3'
CLEAR item.
item-node_key = 'New3'.
item-item_name = '1'.
item-class = cl_gui_list_tree=>item_class_text.
item-length = 11.
item-usebgcolor = 'X'. "
* ITEM-TEXT = 'SAPTROX1'. " deleted
item-text = 'PFCG_MASS_TRANSPORT'. " added
CALL METHOD g_tree->add_nodes_and_items
EXPORTING
node_table = node_table
item_table = item_table
item_table_structure_name = 'MTREEITM'
EXCEPTIONS
failed = 1
cntl_system_error = 3
error_in_tables = 4
dp_error = 5
table_structure_name_not_found = 6.
IF sy-subrc <> 0.
MESSAGE a000.
ENDIF.
APPEND LINES OF node_table TO gt_nodes. " added
APPEND LINES OF item_table TO gt_items. " added
ENDMETHOD. "HANDLE_EXPAND_NO_CHILDREN
<b>Form CREATE_AND_INIT_TREE:</b>
* add some nodes to the tree control
* NOTE: the tree control does not store data at the backend. If an
* application wants to access tree data later, it must store the
* tree data itself.
PERFORM build_node_and_item_table USING node_table item_table.
CALL METHOD g_tree->add_nodes_and_items
EXPORTING
node_table = node_table
item_table = item_table
item_table_structure_name = 'MTREEITM'
EXCEPTIONS
failed = 1
cntl_system_error = 3
error_in_tables = 4
dp_error = 5
table_structure_name_not_found = 6.
IF sy-subrc <> 0.
MESSAGE a000.
ENDIF.
APPEND LINES OF node_table TO gt_nodes. " added
APPEND LINES OF item_table TO gt_items. " added
ENDFORM. " CREATE_AND_INIT_TREE
<b>METHOD handle_node_double_click.:</b>
METHOD handle_node_double_click.
" this method handles the node double click event of the tree
" control instance
BREAK-POINT.
" show the key of the double clicked node in a dynpro field
g_event = 'NODE_DOUBLE_CLICK'.
g_node_key = node_key.
DATA:
ls_node TYPE treev_node,
ls_item TYPE mtreeitm.
READ TABLE gt_items INTO ls_item
WITH KEY node_key = node_key
item_name = '1'.
IF ( syst-subrc = 0 AND
ls_item-text IS NOT INITIAL ).
SUBMIT (ls_item-text) VIA SELECTION-SCREEN
AND RETURN. " report !!!
ENDIF.
ENDMETHOD. "HANDLE_NODE_DOUBLE_CLICK
I am not sure if I am correct but it appears that class CL_GUI_LIST_TREE does not provide any method to get hold of the node or item details. Thus, I collect them in my global itabs.
Regards
Uwe -
Can't read load RSA public key with JDK 1.4.2_08?
We have been using Bouncy Castle's provider to provide RSA encryption and decryption of a login name and password for several years ... with JDKs in the 1.4.2 series up through 1.4.2_07.
Recently, however, Sun released JDK 1.4.2_08, and suddenly any of our Java Web Start client applications are unable to successfully load the public key that we use to encrypt their login name and password before shipping it to the server for authentication with the 1.4.2_08 JRE. But, if we revert back to 1.4.2_07, everything works again.
This public key itself has been in use for several years and the same code to read the public key has been in use for a long time ... including multiple versions of the BouncyCastle provider and all versions of the JDK up through 1.4.2_07. But suddenly things appear to break with JDK 1.4.2_08.
This smells like a problem with JDK 1.4.2_08 so I thought that I'd check on this forum to see if any other Bouncy Castle users have experienced this problem. Is there anything further that I can do to check this out? Has any Bouncy Castle user successfully loaded a RSA public key from a byte stream with JDK 1.4.2_08? Or have people using other providers seen any problems reading similar public keys with JDK 1.4.2_08?
The code that is failing on the client side is:
try {
encKey = new byte[this.publicKeyInputStream.available()];
this.publicKeyInputStream.read(encKey);
spec = new X509EncodedKeySpec(encKey);
keyFactory = KeyFactory.getInstance("RSA", "org.bouncycastle.jce.provide.BouncyCastleProvider");
myPublicKey = keyFactory.generatePublic(spec);
return myPublicKey;
catch (Exception e) {
e.printStackTrace();
}The stack trace that I'm getting includes ...
java.security.spec.InvalidKeySpecException: java.lang.IllegalArgumentException: invalid info structure in RSA public key
at org.bouncycastle.jce.provider.JDKKeyFactory$RSA.engineGeneratePublic(JDKKeyFactory.java:330)
at java.security.KeyFactory.generatePublic(Unknown Source)
at org.opencoral.util.Encryption.loadPublicKey(SourceFile:450)
at org.opencoral.util.Encryption.<init>(SourceFile:119)
at org.opencoral.main.Coral.<init>(SourceFile:338)
at org.opencoral.main.Coral.main(SourceFile:1919)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.sun.javaws.Launcher.executeApplication(Unknown Source)
at com.sun.javaws.Launcher.executeMainClass(Unknown Source)
at com.sun.javaws.Launcher.continueLaunch(Unknown Source)
at com.sun.javaws.Launcher.handleApplicationDesc(Unknown Source)
at com.sun.javaws.Launcher.handleLaunchFile(Unknown Source)
at com.sun.javaws.Launcher.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)While it clearly indicates that it thinks that there is an "invalid info structure in RSA public key", I believe that nothing has changed in the structure of our key ... and this same key still works properly if I revert to JDK 1.4.2_07.
Any thoughts or insights?
Thanks,
John ShottI'm facing the same Exception here,
With JDK 1.5 (SUNJce) i'm getting --
Exception in thread "main" java.security.spec.InvalidKeySpecException: java.secu
rity.InvalidKeyException: Invalid RSA public key
at sun.security.rsa.RSAKeyFactory.engineGeneratePublic(Unknown Source)
With BouncyCastle i'm getting --
Exception in thread "main" java.security.spec.InvalidKeySpecException: java.lang
.IllegalArgumentException: invalid info structure in RSA public key
at org.bouncycastle.jce.provider.JDKKeyFactory$RSA.engineGeneratePublic(
JDKKeyFactory.java:345)
Any Solution? -
Acrobat 9 Pro / Files with public+private key security
Hi,
I'm working at a Software Company. We want to create the Help Documents for our Software in PDF.
We want to take care, that those PDF documents cannot be opened without our Software.
My idea is to certificate the PDFs with a public key and the private key is hidden in our program.
I tested a lot and read the manual, but it doesn't work.
Thanx for some hints.
Greetings,
Sven
Sorry for the lousy English, I'm from Germany.You might be able to write some JavaScript to solve the problem, but even in that case you need to be aware that the security of PDFs are not all that secure, particularly if one uses a 3rd party reader. Apparently several of them ignore the PDF security settings and open the PDF anyway. I do not know if that would occur if the PDF were encrypted in some way.
So much for giving a spin on the topic. Good luck.
Maybe you are looking for
-
Can't Connect to Router Using Airport Through Mac Mini
Hey guys. I got a new 13" White MacBook in Jan. of this year (2009) and it hasn't given me any trouble, until now. I've been able to connect to any wireless network before, both through modems and computer-to-computer. However, my new router is givin
-
How can I repair the file bthusb from the recovery partition (Windows 7)?
-
Unable to access Internet using a Mobile Network
Hello friends I recently updated my SE Xperia mini pro 17i (2011 model) to ICS, initially there were some issues and I had to re-update it to finally get authentic interface of ICS. Even after the successful update I am unable to use the mobile netwo
-
Xcelsius exporting capabilities to Powerpoint and Word with Windows vista
I have recently bought a license for Xcelsius Present 2008 Full Product. I have Windows Vista in my computer with the version of MS Office is 2003. My problem is that the features of exporting Xcelsius visualizations to powerpoint and Word don't work
-
I have a Macbook Pro late 2012, model 9,2 i7 - I upgraded to Mavericks and now my Sleep command off the apple start menu doesnt work anymore. I have my macbook pro hooked up to an external monitor. This worked fabulously in Mountain Lion. Has anyone