Is there any way to convert DSA private key as string or byte[] in java?
You call the getEncoded() method of the key.
Related:
Save the Signature and the Public Key in Files
http://docs.oracle.com/javase/7/docs/api/java/security/Key.html#getEncoded()
Related
i need to implement ecdh with 25519 using openssl.
using:
key = EC_KEY_new_by_curve_name(NID_X25519)
fails.
using this:
EVP_PKEY *pkey = NULL;
EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(NID_X25519, NULL);
EVP_PKEY_keygen_init(pctx);
EVP_PKEY_keygen(pctx, &pkey);
seems to work but i have no idea how to export the public key in uncompressed bin format. or how to import the other sides public key.
any help?
Importing the other side's public key from raw binary format can be done with the EVP_PKEY_new_raw_public_key() function. Man page here:
https://www.openssl.org/docs/man1.1.1/man3/EVP_PKEY_new_raw_public_key.html
Exporting the public key in raw binary format is a little more tricky since there is no function to do it. You can do it in SubjectPublicKeyInfo format using i2d_PUBKEY() described here:
https://www.openssl.org/docs/man1.1.1/man3/i2d_PUBKEY.html
Fortunately the SubjectPublicKeyInfo format has the raw public key as the last 32 bytes of its output. So you can use i2d_PUBKEY() and just use the last the 32 bytes.
I need to validate the incoming connection in my application. The incoming connection will be sending a public key and the finger print of the public key. I need to validate this public key by calculating the finger print for the public key and then compare the calculated finger print with the finger print sent by the client. I am not able to find a way to calculate this finger print for the public key. I am using open-ssl library in C platform.
Any help regarding the calculation of this finger print of the public key will be very much appreciated.
I computed SHA1 hash which can be used as fingerprint as following:
X509 * cert = ... /*Initialize certificate*/
unsigned char buffer[SHA1_DIGEST_LENGTH];
X509_check_purpose (cert, -1, 0);
/*Copy sha1_hash from the certificate.*/
memcpy(abuffer, rCert->sha1_hash, SHA1_DIGEST_LENGTH);
I hope this would help you.
I am new to GAE and Datastore
I am trying to insert different types of entities in GAE Datastore using JPA.
For example i have to insert Employee,EmployeePersonalInfo(Having a Employee Key),EmployeeAddressInfo(Having a EmployeePersonalInfo key). Here i am not creating any foreign key relationships between entities.My entities will looks like follows
public class Employee{
private String name;
private Key key;
}
public class EmployeePersonalInfo{
private String emailAddress;
private Key key;
private Key employeeKey;
}
public class EmployeeAddressInfo{
private String cityName;
private Key key;
private Key employeePersonalInfoKey;
}
i am trying to insert around 5 record on each table like
public class EmployeeController{
/*This method will be called for 5 times*/
public void insertEmployeeDetails(Employee emp,EmployeePersonalInfo perInfo,EmployeeAddressInfo addressInfo){
employeeDao.save(emp);
employeePersonalInfoDao.save(perInfo);
employeeAddressInfoDao.save(addressInfo);
}
}
Every time When a call goes to Save method of the DAO classes i will open the EntityManager object , and close after the operation.
public void save(Employee emp){
EntityManager em = EMFService.get().createEntityManager();
em.save(emp);
em.close();
}
Here sometimes i am getting an exception like
Caused by: java.lang.IllegalArgumentException: cross-group transaction need to be explicitly specified, see TransactionOptions.Builder.withXG
I have seen my so many solutions to this problem but i am not able to understand what is the real problem and solution. Please help me
If I wanted to store both a private and a public key in a single file, what would be the easiest format to use? Especially if I'm planning to use the BouncyCastle library for Java?
On a theoretical point of view, the public key can be recomputed from the private key (computational cost for that is slightly lower than the cost for producing a single ECDSA signature, or doing half of ECDH, so it is fast). Therefore, conceptually, you only have to store the private key, and the standard format for that is PKCS#8, which is supported by Java with java.security.spec.PKCS8EncodedKeySpec. Moreover, the PKCS#8 format includes provisions for optionally encoding the public key along the private key in the same blob, so this really looks like what you are looking for.
The tricky thing, however, is to convince the cryptographic provider (e.g. BouncyCastle) to extract the public key as such and/or recompute it. Apparently, if you create a PKCS8EncodedKeySpec from a PKCS#8-encoded EC private key which also contains the public key, BouncyCastle will be kind enough to internally keep a copy of the encoded public key and write it back if you decide to reencode the private key in PKCS#8 format. However, it does nothing else with it; it handles it as an opaque blob.
Hence you must recompute the public key. Wading through the JCE and BouncyCastle API and unimplemented bits, I found the following, which appears to work (JDK 1.6.0_24, BouncyCastle 1.46):
import java.security.KeyFactory;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Provider;
import java.security.spec.PKCS8EncodedKeySpec;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.jce.provider.JCEECPrivateKey;
import org.bouncycastle.jce.provider.JCEECPublicKey;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.jce.spec.ECPublicKeySpec;
// Create the provider and an appropriate key factory.
Provider pp = new BouncyCastleProvider();
KeyFactory kf = KeyFactory.getInstance("EC", pp);
// Decode the private key (read as a byte[] called 'buf').
PKCS8EncodedKeySpec ks = new PKCS8EncodedKeySpec(buf);
PrivateKey sk = kf.generatePrivate(ks);
// Recompute public key.
JCEECPrivateKey priv = (JCEECPrivateKey)sk;
ECParameterSpec params = priv.getParameters();
ECPublicKeySpec pubKS = new ECPublicKeySpec(
params.getG().multiply(priv.getD()), params);
PublicKey pk = kf.generatePublic(pubKS);
// To reencode the private key.
buf = kf.getKeySpec(sk, PKCS8EncodedKeySpec.class).getEncoded();
Conceptually, I should use kf.getkeySpec() with org.bouncycastle.jce.spec.ECPrivateKeySpec instead of ruthlessly casting the private key to the JCEECPrivateKey class, but the clean method appears not to be implemented yet in BouncyCastle.
Try this (BouncyCastle v1.47, using JDK 1.7.* but I assume JDK 1.6.* will be fine too):
// Recreate the private key.
final KeyFactory kf = KeyFactory.getInstance("EC", "BC");
final PKCS8EncodedKeySpec encPrivKeySpec = new PKCS8EncodedKeySpec(rawPrivKey);
final PrivateKey privKey = kf.generatePrivate(encPrivKeySpec);
final byte[] rawPrivKey = privKey.getEncoded();
// Recreate the public key.
final X509EncodedKeySpec pubKeySpec = new X509EncodedKeySpec(rawPubKey);
final PublicKey pubKey = kf.generatePublic(pubKeySpec);
final byte[] rawPubKey = pubKey.getEncoded();
where rawPrivKey and rawPubKey are arrays of byte type.
I suggest you encrypt the encoded private key with a block cipher (i.e. AES) otherwise the file is subject to be stolen and then you are indefinitely exposed.
How do we create a parent key which is an encoded string? Example:
class Parent {
#PrimaryKey
#Persistent(valueStrategy = IdGeneratorStrategy.IDENTITY)
#Extension(vendorName="datanucleus", key="gae.encoded-pk", value="true")
private String mEncKey;
}
class Child {
#PrimaryKey
#Persistent(valueStrategy = IdGeneratorStrategy.IDENTITY)
#Extension(vendorName="datanucleus", key="gae.encoded-pk", value="true")
private String mEncKey;
// In the doc examples, they have Key as the type here.
#Persistent
#Extension(vendorName="datanucleus", key="gae.parent-pk", value="true")
private String mParentEncKey;
}
yeah I'm not sure how to make mParentEncKey an encoded string type, because the 'key' label is already being used? I would need something like?:
key="gae.parent-pk.encoded-pk"
not sure - is that possible?
Thanks
I have found a solution for this, you can now map owned relations in a portable manner, check out blog.
This discussion says to just use gae.parent-pk - GAE will automatically use an encoded string value for a parent key field in Child.
https://groups.google.com/group/google-appengine-java/browse_thread/thread/43e38d0bc8a41bbd/0f0f86693330c1b2