[SOLVED] razercfg, AUR and public keys.

Similar Messages

• How to get the private and public key?

  there is my code,i want to get the public key and the private key �Cbut i could not find the the approprite method to solve the problem.
  import java.security.Key;
  import javax.crypto.Cipher;
  import java.security.KeyPairGenerator;
  import java.security.KeyPair;
  import java.security.Security;
  public class PublicExample {
  public static void main(String[] args) throws Exception {
  if (args.length != 1) {
  System.err.println("Usage:java PublicExample <text>");
  System.exit(1);
  byte[] plainText = args[0].getBytes("UTF8");
  System.out.println("\nStart generating RSA key");
  KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
  keyGen.initialize(512);
  KeyPair key = keyGen.generateKeyPair();
  System.out.println("Finish generating RSA key");
  Security.addProvider(new org.bouncycastle.jce.provider.BouncyCastleProvider());
  Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", "BC");
  //System.out.println("\n" + cipher.getProvider().getInfo());
  System.out.println("\nStart encryption");
  cipher.init(Cipher.ENCRYPT_MODE, key.getPublic());
  byte[] cipherText = cipher.doFinal(plainText);
  System.out.println("Finish encryption:");
  System.out.println(new String(cipherText, "UTF8"));
  System.out.println("\nStart decryption");
  cipher.init(Cipher.DECRYPT_MODE, key.getPrivate());
  /*i want to get the private and public key in this method ,but i found the result was not
  the one i expected to get,how to solve the problem?
  thanks in advance!
  System.out.println("private key:" + key.getPrivate().toString());
  System.out.println("public key:" + key.getPublic().toString());
  byte[] newPlainText = cipher.doFinal(cipherText);
  System.out.println("Finish decryption:");
  System.out.println(new String(newPlainText, "UTF8"));
  thanks in advance!

  System.out.println("private key:" +
  " + key.getPrivate().toString());
  System.out.println("public key:" +
  + key.getPublic().toString());
  key.getPrivate() returns an instance of PrivateKey and key.getPublic() returns an instance of PublicKey. Since PublicKey and PrivateKey are interfaces then they will return one of the concrete implementations. Check out the Javadoc for PublicKey and PrivateKey.
  When you know which concreate implemenation you have then you can use the methods on that object (by appropriate casting) to find the information you want.

• How to get the private and public keys to use recaptcha?

  I have registered with google to get a recaptcha for my website. All I got was the site key and secret key! Though I need to get the public and private key for muse!

  Hello,
  Please use site Key as "Public Key"and Secret key as "Private Key".
  Regards
  Vivek

• How to find modulus(n) and public key exponent(e)Sor

  I did the following code:
  import java.security.*;
  class keypair
  public static void main(String args[])
  try {
          KeyPairGenerator keyGen = KeyPairGenerator.getInstance("RSA");
          keyGen.initialize(1024);
          KeyPair keypair = keyGen.genKeyPair();
          PrivateKey privateKey = keypair.getPrivate();
          PublicKey publicKey = keypair.getPublic();
          System.out.println(publicKey);
  catch (java.security.NoSuchAlgorithmException e) {
  }It produced the following output:
  E:\java>java keypair
  Sun RSA public key, 1024 bits
  modulus: 104598424699919432698042124865237006532583108525971624656815039032375
  *68185931249899603942873174007833898125332457427834491991685017307342129730049040*
  *85039266578793603162921901877391682504673766949037045217194339504369288262569809*
  *64618725280325930282787918761626276736975012559809247463223114702205350103039131*
  public exponent: 65537
  How to parse modulus(n) and public exponent(e) from this output?
  Similarly when i print private key, it produces the following output:
  E:\java>java keypair
  Sun RSA private CRT key, 1024 bits
  modulus:          124578817060208658480856678950235831207402457067036419284514
  *60119309486714863949162442643168408523979997168613499493638925829235693238993015*
  *36861462235708805467117179894466762970147852286192228334073408407380525883650965*
  *26200137024900438305422984852314541271126647102071346646999343089444655087519613*
  *147762713*
  public exponent:  65537
  private exponent: 938527844532658207604152892230342202756165450473898580852699
  *91069268853864683730106242370135012901790500054313488639918623825755509450966957*
  *25996151023641565209086629652161258725723528561744214714448113895688480371394495*
  *69970533766968335232379493089928062691491508442909468663624841001227918721233934*
  *90451285*
  prime p:          128112715803862066344339615342766575233634768887073748611821
  *70613165835421234259251719401979554816266892921739504796026180704477109334458578*
  *924582228715587*
  prime q:          972415706579323990162180646771186062588725555167352041581263
  *11833654947284058644791019214876691698044764118648637510099163830088827138987158*
  *06445271350899*
  prime exponent p: 102053075991522697645186596252261651077210381075096084960080
  *01572103324900452503753532555651687424478224695551102238145517644352533224205327*
  *850477437666141*
  prime exponent q: 668659136319899226645386130685620335239039277715133737489656
  *56694442226518700929665796129185316864860876985624927131126216000167126890435269*
  *81971346772483*
  crt coefficient:  337801534982286124613379128447816812903646302193598735486466
  *78634104811105616496519276355880320340688935923186965279527763125244878069735173*
  *60542121091569*
  E:\java>
  From this output how to parse n and d, where d is the secret exponent or decryption exponent? Thanks in advance. Apologies, for posting in this forum instead of cryptography forum.
  Edited by: sowndar on Nov 28, 2009 3:12 AM

  sowndar wrote:
  From this output how to parse n and d, where d is the secret exponent or decryption exponent? Why do you think you need to parse anything? Why do you need the modulus and exponents?
  P.S. Extract the public and private keys from the key pair, cast them to RSAPublicKey and RSAPrivateKey as appropriate then look at the methods of classes RSAPublicKey and RSAPrivateKey to see how to get modulus and exponents.

• Remote login via ssh and public keys

  I'm not exactly a UNIX expert, but I need to be able to remote login to my PowerBook. The problem with enabling ssh is that as soon as I'm on campus, all kinds of nefarious hosts try brute force attempts to crack my password. I've heard that public/private key logins are the answer, and I've managed to get the public key in the right place on my PowerBook (the private key resides on my iPhone, from which I'll be logging in). But I have two questions:
  1) How do I disable logins via user/password?
  2) When I use my private key, I'm asked to enter the password for the key -- ssh isn't properly storing that password. I've checked permissions, but how can I get ssh to store that password, as it should?

  1) In Sharing > Remote Login, do I still need an account listed to be able to use ssh logins with a public key? I ask because currently (i.e. password authentication enabled), when no accounts are listed, login via public key doesn't work. In other words, an account has to be listed for public key logins to work.
  Yes you still need an account name to login to that computer. However you don't need to specify an account in the sharing preferences. You can lock down the security further by limiting which user accounts can login via ssh.
  by default if you don't specify a username when you login it will use the username of the device your logging in from. So to use an alternative login name you would use
  ssh [email protected]
  whereas john can be anyname or your choosing.
  Put another way: if turn off password authentication for ssh in sshd_config, how should Sharing > Remote Login be configured?
  If you turn off password authentication you still need to allow your user account to login via ssh in the sharing preferences or you can allow all.
  2) According to that MacOS X Hints article:
  "Leopard has now a built-in support for SSH authentication with public keys.
  OSX has been able to use ssh public key authentication since day 1 of the beta release of osx. It is not new to leopared it has been around for years.
  Just open Terminal and ssh to your public-key-enabled server. A Keychain window appears, proposing you to enter the pass phrase, and then remembering it in your keychain. "
  I have not used this functionality as I don't use any passwords for ssh logins.
  They're talking about the password associated with the key. But on second thought, that password is being saved on the client, not the server, right?
  I am sure this is the case.

• Solved: ADF BC and primary keys - how to implement without using triggers

  Using the following OBE as an example:
  http://www.oracle.com/technology/obe/obe9051jdev/ADFWorkshop/BuildingADFApplicationsWorkshop.htm
  There is just one view that has CustomerId defined as a primary key, where the value for the primary key comes from the customer_seq sequence.
  How do you create the model using ADF BC entity to create an entity object that has a primary key that needs to be populated by a sequence table when inserted WITHOUT using a trigger?
  Basically I want to just use ADF BC instead of toplink in the OBE. We do not use triggers to insert primary keys, so this example is a good match for what I need.
  Can someone help me out. How do I adjust the model to use just ADF BC - how do I define the entity object to use a sequence. Do I just override the create method in the impl? Is it that simple? Or is there a way to do this point and click in the entity tool.
  Thanks!

  I'm not the dba (or one of several) - so don't shoot the messenger... the dba's do not like to use triggers in the code. I have been told that this has caused too many problems in application development.
  I don't ask why, just deal with the fallout.
  I did try using the following code in a create method:
  protected void create(AttributeList attributeList)
  super.create(attributeList);
  SequenceImpl s = new SequenceImpl("customers_seq", getDBTransaction());
  // this.setCustId(s.getSequenceNumber());
  this.createPrimaryKey(s.getSequenceNumber());
  When I run the test program for the module, I get a new entry with the id empty and greyed out. I was hoping that this would be filled in on the actual insert, but no joy. As soon as I try to commit, I get an error:
  (oracle.jbo.AttrValException) JBO-27014: Attribute CustId in CustomersWSView is required)
  So what needs to be done?
  Message was edited by:
  klee

• [Solved] BEPO keyboard and dead keys

  Hello!
  So, I'm using a French BEPO keyboard, and it works pretty well, till today.
  Indeed, today, I wanted to write a greek letter, µ, but I couldn't. This letter is mapped to Alt-Gr+g.
  However, when loading the bepo in the console, it's working well (in a TTY). This only affects QT or GTK applications so far (X).
  This is the only one not working: my other dead keys just works like a charm (-> ´+i=í…)
  My final purpose is to be able to type any simple greek letter as explained here (http://bepo.fr/wiki/Lettre_grecque_sous_Linux). But I need the mu lettre to work first…
  I've tried GTK_IM_MODULE=xim, but then my normal deadkeys don't work anymore nor this alt-gr+g.
  By default, I use:
  export GTK_IM_MODULE=ibus
  export XMODIFIERS=@im=ibus
  export QT_IM_MODULE=ibus
  I also found out that alt-gr+/(L) is not working as a dead key (in order to type ø for example). (http://bepo.fr/wiki/Barre_inscrite)
  I should, lastly, say that I use a typematrix keyboard which is build with BEPO on it.
  Last edited by jiehong (2012-06-13 12:53:18)

  Hi,
  I aslo use the BÉPO layout.
  The Alt-Gr + G key changed in xorg with the last update of the xkeyboard-config package (happened on June 02 for me): this combination was the 'μ' greek letter, now it is the 'dead_greek' dead character. It is now what it should be so that is fine.
  To type the 'μ' letter, you now type Alt-Gr+G, followed by M.
  Note that this dead key works for me only if I use the xim input method. With other input method, some dead keys work, some others don't.
  I don't use some variables to set the input method, I use dconf-editor (package dconf),
  I set the key org/gnome/desktop/interface/gtk-im-module to xim (you don't have to restart for this change to take effect).
  When I was trying to configure greek letters before the xkeyboard-config update, I also found out that when I have a ~/.Xcompose file, it kills all the dead keys of my layout, I don't know if this is a bug or if I'm doing something wrong. Try to remove yours.

• (solved) are aur and community the same?

  are they the same thing?
  Last edited by TechDragon (2008-03-15 12:14:33)

  No.  The community repository provides binary versions of the most popular packages in the AUR.  Community is maintained by trusted users.  Anybody can submit a package build to AUR in the unsupported section.
  See: http://wiki.archlinux.org/index.php/AUR
  Last edited by Allan (2008-03-15 06:27:48)

• Cisco Security Manager 3.2.1 Sp1 and Public Key Infrastructure

  Hi, all!
  Recently I created configuration on PIX (FOS 7.2.4) with Cisco Security Manager 3.2.1 Sp1 to allow to work with certificate-based authentication of VPN connections. CSM created necessary commands (and unfortunately many necessary commands left unsupported too). But every time I upload new configuration (even with untouched PKI configuration) CSM adds following command - "crypto ca enroll CA-NAME noconfirm".
  Right now I created FlexConfig which just do "no crypto ca....". And it works. But is there more clean solution? Why do I need to enroll every deployment?
  Wait for answers.
  With best regards
  Maxim

  Hello,
  I'm having the same problem for one of our customers! but flexconfig didn't work!
  Can you please be more specific what exactly you did! Flex config doens't remove generated command it's adding the no crypto ca enroll 'trustpoint name' after the generated crypto ca enroll 'trustpoint name'
  I've been also looking for related bugs but didn't find any!
  Regards

• [Solved] gpg --list-public-keys (removed duplicate - see my last post)

  I followed https://wiki.archlinux.org/index.php/GnuPG#Create_key and https://wiki.archlinux.org/index.php/Talk:Pacman-key, but I have ended up with my public key being listed twice. It's both first and last in the full list of public keys. Here is just mine:
  /home/colin% gpg --list-public-keys colin
  pub   4096R/0940E3F9 2014-11-18 [expires: 2015-11-18]
  uid       [ultimate] Colin Keenan <[email protected]>
  uid       [ultimate] [jpeg image of size 6283]
  sub   4096R/EDA19F9C 2014-11-18 [expires: 2015-11-18]
  pub   4096R/0940E3F9 2014-11-18 [expires: 2015-11-18]
  uid       [ultimate] Colin Keenan <[email protected]>
  uid       [ultimate] [jpeg image of size 6283]
  sub   4096R/EDA19F9C 2014-11-18 [expires: 2015-11-18]
  How do I remove just the 2nd entry so that my public key is only listed one time?
  I am afraid to start signing my packages (https://wiki.archlinux.org/index.php/De … ge_signing) before I fix this issue.
  Edit to add what I've tried so far:
  gpg -o colin.gpg --export colin            # to create a backup of my public key in a file called colin.gpg
  cp pubring.gpg pubring-backup.gpg   # in case I screw up pubring.gpg
  gpg --import colin.gpg                          # hoping it will magically merge the duplicate, but it left both unchanged
  gpg --delete-key colin                           # hoping it would delete both copies of the public key so I could import it again
  It refused to delete the public key until I delete the private key which I don't want to do.
  I also realized the export may have the duplicate as well. I tested that with:
  gpg colin.gpg
  And, sure enough, it listed my key twice.
  Another edit: I have tried a lot and exposed a bug that I will try to submit upstream. Here is what I have done:
  gpg --edit-key colin                              # this selected the first of the duplicate keys to be edited
  gpg> adduid
  Real name: Colin N Keenan
  Email address: [email protected]
  Comment:
  You selected this USER-ID:
      "Colin N Keenan <[email protected]>"
  Change (N)ame, (C)omment, (E)mail or (O)kay/(Q)uit? O
  You need a passphrase to unlock the secret key for
  user: "Colin Keenan <[email protected]>"
  4096-bit RSA key, ID 0940E3F9, created 2014-11-18
  pub  4096R/0940E3F9  created: 2014-11-18  expires: 2015-11-18  usage: SC 
                       trust: ultimate      validity: ultimate
  sub  4096R/EDA19F9C  created: 2014-11-18  expires: 2015-11-18  usage: E   
  [ultimate] (1)  Colin Keenan <[email protected]>
  [ultimate] (2)  [jpeg image of size 6283]
  [ unknown] (3). Colin N Keenan <[email protected]>
  gpg> save
  gpg --edit-key "Colin N Keenan"
  Secret key is available.
  pub  4096R/0940E3F9  created: 2014-11-18  expires: 2015-11-18  usage: SC 
                       trust: ultimate      validity: ultimate
  sub  4096R/EDA19F9C  created: 2014-11-18  expires: 2015-11-18  usage: E   
  [ultimate] (1). Colin N Keenan <[email protected]>
  [ultimate] (2)  Colin Keenan <[email protected]>
  [ultimate] (3)  [jpeg image of size 6283]
  gpg> 2
  pub  4096R/0940E3F9  created: 2014-11-18  expires: 2015-11-18  usage: SC 
                       trust: ultimate      validity: ultimate
  sub  4096R/EDA19F9C  created: 2014-11-18  expires: 2015-11-18  usage: E   
  [ultimate] (1). Colin N Keenan <[email protected]>
  [ultimate] (2)* Colin Keenan <[email protected]>
  [ultimate] (3)  [jpeg image of size 6283]
  gpg> deluid
  Really remove this user ID? (y/N) y
  pub  4096R/0940E3F9  created: 2014-11-18  expires: 2015-11-18  usage: SC 
                       trust: ultimate      validity: ultimate
  sub  4096R/EDA19F9C  created: 2014-11-18  expires: 2015-11-18  usage: E   
  [ultimate] (1). Colin N Keenan <[email protected]>
  [ultimate] (2)  [jpeg image of size 6283]
  gpg> quit
  Save changes? (y/N) y
  And now the bug:
  /home/colin% gpg --delete-key "Colin Keenan"
  gpg (GnuPG) 2.0.26; Copyright (C) 2013 Free Software Foundation, Inc.
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.
  gpg: there is a secret key for public key "Colin Keenan"!
  gpg: use option "--delete-secret-keys" to delete it first.
  /home/colin% gpg --delete-secret-key "Colin Keenan"
  gpg (GnuPG) 2.0.26; Copyright (C) 2013 Free Software Foundation, Inc.
  This is free software: you are free to change and redistribute it.
  There is NO WARRANTY, to the extent permitted by law.
  gpg: key "Colin Keenan" not found: Unknown system error
  gpg: Colin Keenan: delete key failed: Unknown system error
  So, --delete-key fails because there is a secret key, and --delete-secret-key fails because it can't find the secret key!
  Last edited by colinkeenan (2014-11-19 16:26:31)

  I have solved the issue. Since I had made a backup of .gnupg while there was a duplicate of the public key for "Colin Keenan", I realized the secret key in the backup was also for "Colin Keenan", so I didn't want to delete that one. I should delete "Colin N Keenan" by deleting the secret and public key matching it, then copy the resulting public key file to the backup, then restore the backup. That solved the issue, as follows:
  gpg --delete-secret-key "Colin N Keenan"
  gpg --delete-key "Colin N Keenan"
  cp .gnupg/pubring.gpg .gnupg-backup
  rm -r .gnupg
  cp -r .gnupg-backup .gnupg
  Here is a full outline of the commands I ran to eliminate the duplicate public key, in case anyone else runs into this very unusual problem:
  cd                                     # just making sure I'm in home directory so don't have to type dreaded ~
  cp -r .gnupg .gnupg-backup
  gpg --edit-key colin
  gpg> adduid (added Colin N Keenan, original was Colin Keenan)
  gpg> save
  gpg --edit-key "Colin N Keenan"
  gpg> 2 (because "Colin Keenan" was the 2nd uid)
  gpg> deluid
  gpg> save
  gpg --delete-secret-key "Colin N Keenan"
  gpg --delete-key "Colin N Keenan"
  cp .gnupg/pubring.gpg .gnupg-backup
  rm -r .gnupg
  cp -r .gnupg-backup .gnupg
  Last edited by colinkeenan (2014-11-19 16:41:03)

• Unable to retrieve public key and signature.

  Hi,
  I'am trying to send public key and signature from one client to another via server.
  Both pub_key and signature are encrypted into base64. But i cant retrieve them correctly in server side.
  I'am using ECDSA to sign message key_length 224bit. Sending and retrieving data via sockets.
  SEND DATA FUNCTION Client.java
  private static PrintWriter      output_stream = null;
  private static Scanner      input_stream           = null;
  private static void send_message(String message)
       if(user_name != null
            && message_text_area.getText().equals(SERVER_CLOSED) == false
            && message_text_area.getText().equals(SERVER_CONNECTED) == false
            && message_text_area.getText().equals(MAX_USERS_ONLINE) == false
            && message_text_area.getText().equals(CONNECTION_CLOSED) == false
            && message_text_area.getText().equals(GET_USER) == false
            && message_text_area.getText().equals(REMOVE_USER) == false
            && message_text_area.getText().equals(USER_EXISTS) == false
            && message_text_area.getText().equals(USER_NICK) == false){   
           String signature = new BASE64Encoder().encode(ecdsa_parameters.sign_message(SESSION_KEY_PAIR.getPrivate(), message_text_area.getText().trim()));
           String public_key = new BASE64Encoder().encode(SESSION_KEY_PAIR.getPublic().getEncoded());
           if (signature != null && SESSION_KEY_PAIR != null){
            synchronized(output_stream)
                output_stream.println(USER_NICK);
                output_stream.println(user_name);
                output_stream.println(user_nick);
                output_stream.println(message_text_area.getText().trim());
                      //PUblic key and signature in base64
                      output_stream.println(public_key);     
                output_stream.println(signature);
                  //length and data of them
            System.out.println(public_key.length());
            System.out.println(signature.length());          
            System.out.println(public_key);
            System.out.println(signature);
            append_message(user_nick+": "+message_text_area.getText().trim());
            message_text_area.setText(null);
           }else{
            append_message("E_C_002: Unable to generate keys or signature.");
       }else{
           append_message("User is not selected or incorrect message");
      }HANDLER.JAVA (SERVER SIDE RETRIEVE)
  private Scanner           input_data           = null;
  private PrintStream      output_data           = null;
  if(recieved_data.equals(USER_NICK)){
                 String user_name = input_data.nextLine();
                 String user_nick = input_data.nextLine();
                 String message = input_data.nextLine();
                 String public_key = "";
                 for (int i=0; i<5; i++){
                     if(i == 0){
                      public_key = public_key+""+input_data.next();
                     }else{
                      public_key = public_key+"\n"+input_data.next();
                 String signature = "";
                 for (int i=0; i<2; i++){
                     if(i == 0){
                      signature = signature+""+input_data.next();
                     }else{
                      signature = signature+"\n"+input_data.next();
                          //output length and data of key and signature
                 System.out.println(public_key.length());
                 System.out.println(signature.length());
                 System.out.println(public_key);
                 System.out.println(signature);
                 Server.users_messages.addElement(user_name+""+SEPARATOR+""+user_nick+""+SEPARATOR+""+message+""+SEPARATOR+""+public_key+""+SEPARATOR+""+signature);               
            }It seems that length of key and signature in server side are different form client.
  Maybe I'am missing something that correspond sending data in base64????
  All project is here http://fmf.vtu.lt/~knugmanov/Elliptic%20curve%20cryptography%20instant%20messenger.rar
  (import into eclypse).
  For ECC I use iaik classes.
  Thanks in adv.
  Kiril

  here is a code from
  http://www.exampledepot.com/egs/java.security/GetKeyFromKs.html
  This example retrieves from a keystore, the private and public key associated with an alias.
  private and public key are having the same alias ?
  i know a alias for my key but i believe thats for private key not for public key ......is it true that both private and public key have the same alias ?
  and KeyPair is an interface and so its difficult to get a key out of it
  public KeyPair getPrivateKey(KeyStore keystore, String alias, char[] password) {
          try {
              // Get private key
              Key key = keystore.getKey(alias, password);
              if (key instanceof PrivateKey) {
                  // Get certificate of public key
                  java.security.cert.Certificate cert = keystore.getCertificate(alias);
                  // Get public key
                  PublicKey publicKey = cert.getPublicKey();
                  // Return a key pair
                  return new KeyPair(publicKey, (PrivateKey)key);
          } catch (UnrecoverableKeyException e) {
          } catch (NoSuchAlgorithmException e) {
          } catch (KeyStoreException e) {
          return null;
      }Message was edited by:
  Unknown_Citizen
  Message was edited by:
  Unknown_Citizen
  Message was edited by:
  Unknown_Citizen

• Creating a single public key and multiple private keys

  Hello,
  I am new to java cryptography. The problem statement is :-
  We have an accounting application, with flexibility of number of users and companies. The number of users and companies for this application has to be restricted based on the license the user has. That is the user will download our application via web while the user downloads he has to be given the key according to the license he has requested (i.e. single or multiple users/companies), I am unable to get the logic of private and public keys as such, y because which ever alogorithm i saw will generate a public and private key in pairs hence i am bit confused. Clearly, For ever additional user (or company) we r charging additional amount hence different license (keys) have to be generated dynamically for different users. I think this can be achived by creating one single public key and multiple private keys, but i am not sure . Please help me out.

  Hi kazim
  would u pls elaborate this , since i am working on same kind of scenario and finding solutions is difficult . Since encryption is done at our end and wen some user downloads an application he is unable to track where it was encrypted . What i have undestand about public /private is that they work in agreement between client and server and both has to come to agreement to share the data. Pls correct me if i am wrong.
  Ours is different senario we will send some key in download application and will want him to decrypt it . What would u suggest for this kind of scenario?
  Thanks in advance
  Janesh

• Server 2008R2 - SSL Certificate Weak Public Key Strength

  Hello -
  I'm using a Windows 2008R2 server and am working on locking the system down. We use the BeyondTrust Retina Network Security Scanner, the scanner returns two results that I'm having trouble solving.
  The first is finding is:
  'SSL Certificate Weak Public Key Strength'
  "Retina has detected that the certificate on the target supports a  cryptographically weak public key strength. An attacker may be able to leverage weaknesses in the public key strength to gain access to sensitive information."
  "Replace the current certificate with one using a high-grade public key strength of 2048 bits of higher"
  **Does anyone have any ideas how to find all the certificates loaded on the machine that aren't at 2048 bits or higher, the system is a standalone machine without internet access**
  The second finding is:
  'SSL Certificate Self-Signed'
  "Retina has detected that the certificate on target is self-signed. Self-signed certificates can provide underlying cryptographic functionality, but cannot guarantee the origin of the certificate is trusted."
  "Verify the certificate is trusted to ensure the confidentiality and integrity of prior encrypted communications. Replace the current self-signed certificate with one signed by a trusted root certificate authority."
  **Anyone have any ideas how to find 'self-signed' certificates? I've tried searching through the certificates store on the local computer, but I can't seem to find a self-issued certificate, but Retina sure found some.**
  Any help would be greatly appreciated!!
  Thanks,
  Ryan

  A self signed certificate is a certificate which Subject attribute equals Issuer attribute. You can use below script to find selfsigned certificates which is selfsigned and public key is less than 2048 bits.
  Be aware that if you search in all possible certificate stores (including Trusted Root CA store) you will find a lot of self signed certificates. Please see my notes in powershell code.
  #Find self-signed certificate which keysize less than 2048. Uncomment one of the lines below
  #$myCerts = Get-Item Cert:\CurrentUser\My #search in Current User Store - Personal - this is the place to look in
  #$myCerts = Get-Item Cert:\LocalMachine\My #search in Local Machine Store - Personal - this is the place to look in
  #$myCerts = Get-Item Cert:\CurrentUser\* #search in Current User Store - this will bring a lot of cert list
  #$myCerts = Get-Item Cert:\LocalMachine\* #search in Local Machine Store - this will bring a lot of cert list
  $myCerts.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
  $myCertsList = Get-ChildItem $myCerts.PSPath
  $myCertsList | where {$_.Subject -like $_.Issuer -and $_.PublicKey.Key.KeySize -lt 2048} | select * #self-signed and less then 2048
  $myCerts.Close()
  Did my post help you or make you laugh? Don't forget to click the Helpful vote :) If I answered your question please mark my post as an Answer.

• Configuration of Public Key Authentication Policy for SFTP on OAG 11.1.2.2

  Hi
  I'm working on the configuration of an SFTP server over OAG, using both password and public key authentication.
  This particular listener need 3 policies:
  - Password Authentication
  - Public Key Authentication
  - File upload
  Both File upload and password auth are working OK, but I've been having a hard time with the PK policy. This policy uses the attribute ${authentication.subject.public.key} to store the PK info, which I confirmed is being sent to the gateway (as modulus + public exponent), however I can not find a way to verify the key received with the ones on the Key Pairs store.
  OAG Version is 11.1.2.2
  Any comments?

  Hi a82383ca-36ac-49d5-aa6e-c3307f7e56e1,
  It would probably help if you place this question under the community for product you have questions about. I will see if I can help you move it to the proper one by asking around.
  Best regards,
  VictorI

• Public Key Server

  Does Oracle have a Public Key Server platform?  If not, what would you suggest to use to make one?
  I have looked into the follow platforms and I have some concerns about each:
  http://pks.sourceforge.net/
  https://bitbucket.org/skskeyserver/sks-keyserver/overview
  Any thoughts or suggestions would be helpful.
  Thanks!

  A self signed certificate is a certificate which Subject attribute equals Issuer attribute. You can use below script to find selfsigned certificates which is selfsigned and public key is less than 2048 bits.
  Be aware that if you search in all possible certificate stores (including Trusted Root CA store) you will find a lot of self signed certificates. Please see my notes in powershell code.
  #Find self-signed certificate which keysize less than 2048. Uncomment one of the lines below
  #$myCerts = Get-Item Cert:\CurrentUser\My #search in Current User Store - Personal - this is the place to look in
  #$myCerts = Get-Item Cert:\LocalMachine\My #search in Local Machine Store - Personal - this is the place to look in
  #$myCerts = Get-Item Cert:\CurrentUser\* #search in Current User Store - this will bring a lot of cert list
  #$myCerts = Get-Item Cert:\LocalMachine\* #search in Local Machine Store - this will bring a lot of cert list
  $myCerts.Open([System.Security.Cryptography.X509Certificates.OpenFlags]::ReadWrite)
  $myCertsList = Get-ChildItem $myCerts.PSPath
  $myCertsList | where {$_.Subject -like $_.Issuer -and $_.PublicKey.Key.KeySize -lt 2048} | select * #self-signed and less then 2048
  $myCerts.Close()
  Did my post help you or make you laugh? Don't forget to click the Helpful vote :) If I answered your question please mark my post as an Answer.