I have to run a quite old programcode which uses ABA-provider for JCE.
All classes are available in the source folder. However, a NoSuchProviderException occures: "JCE cannot authenticate the provider ABA".
I found some related topics in the forums but they coulnd't help me out.
This is what I did:
ABAProvider prov = new ABAProvider();
Security.addProvider(prov);
In debug-mode prov is initialized but this throws the exception:
keyFactory = SecretKeyFactory.getInstance( "DES", "ABA" );
I hope this information might help you to help me :)
Thanks in advance!
ABA seems to be a cleanroom implementation of Java JCE. Just remove the dependency and use the providers supplied in your favorite runtime
Signing certificates for Java have to be renewed. You cannot use an old certificate on a new version of Java. So the signature on the provider has likely expired.
More information here:
The next step is to request a code-signing certificate so that you can use it to sign your provider prior to testing. The certificate will be good for both testing and production. It will be valid for 5 years.
The usefulness of DES for most cryptographic operations (possibly except creating 3 key TDES) has "expired" as well.
Related
I'm using the new free SSL certificate https://www.sslforfree.com I registered my domain and everything good and I got the certificate files which are three files
( ca_bundle.crt , certificate.crt and private.key )
Three days following the problem I have read tens of examples in this site and in others but none of it works for me
First the examples I read there are four files ( COMODO for example ) not like in my case which there are two crt fiels and privatekey file
My question is is there something wrong with the website which didn't give me the complete certificate files ? and If not how can I deploy this certificate into my glassfish 4.x I'm using now 4.1.2
any help appreciated
In java you need to store your certificate in a *.jks file. Then point your server Tomcat/Glassfish to this *.jks.
How to configure Glassfish with certificate you can find here: https://ssl.comodo.com/support/certificate-installation-glassfish-4x.php
If that's not enough you should look at the resources below.
I think Let's Encrypt (https://letsencrypt.org/getting-started/) should answer your questions.
Start by looking at their docs: https://letsencrypt.org/docs/
and if that's not enough then move on to the forum: https://community.letsencrypt.org/
I have an intermediate certificate chain, a root certificate and a client certificate. I have to verify that they form a valid certificate chain together. This is working great when I have one intermediate certificate with a valid CRLDistributionPoint entry. The Java CertPathValidator API handles the validation beautifully.
My question was about the scenario when there will be multiple intermediate certificates and each of them might have a CRLDistributionPoint entry. Do I need to write additional code to handle this case? Or will Java simply validate against all CRLs? Or is it that the root certificate can delegate CRL Signing to just one certificate?
I tried searching online and could not find any clues. In addition to the answer to my question, it'd be great if someone could point me to a resource about PKI and certificates in general. Thank you!
No, you do not have to add code, the JDK implementation can smoothly handle the validation of a certificate path containing more than one intermediate CA certificates.
Note that the validation code is also tested against the PKI Test Suite from the NIST. That test suite tries to provide a comprehensive list of certificate and certificate path validation test cases.
If you want to look at the implementation code, you can look at the OpenJDK implementation : http://www.docjar.com/docs/api/sun/security/provider/certpath/package-index.html
I installed JBOSS AS 7 and I need to configure it to work with https connections. My Authority can sign only pkcs format requests, so I need to generate a request in that format (I assume with openssl). On jboss documentation there are steps only for keytool (which does not generate in my desired format) so I need step by step guideline for pkcs. I'm a beginner in this area so, if someone could help me with steps on how to generate and configure my jboss for https, I would be so thankful. I know google exists, but I couldn't find anywhere all the steps for configuration and for the csr part I find so many options to do it and I don't know which one is the one that will work for me. I know I'll have to change some things in standalone.xml, but I don't know exactly what....
I finally did this by converting my key and my certificate (with it's chain), which were in PKCS format into a jks keystore (my key and my certificate chain).
We are using the HSM(Hardware Security Module) for the signing and encryption from our java application.
We have plugged the HSM to our JVM using the java.security property file using the following entry
security.provider.11=sun.security.pkcs11.SunPKCS11 D:/security/safenet.cfg
It was working fine all these days and suddenly we encountered a error as follows.
java.security.SignatureException: RSASignature::engineSign sun.security.pkcs11.P11Key$P11PrivateKey cannot be cast to java.security.interfaces.RSAPrivateKey
We did the enough searching on google but not able to identify the root cause.
Appreciate any help
Thanks
We also encountered the same issue. Specify the provider name when getting the Signing instance. When code to sign using HSM is called, there may some other piece of code in your application adding another provider [Security.insertProvider] which implements the same signing algorithm.
When your sign, you pass a parameter of Private Key handler for PKCS11 but the provider is expecting different Key handler of RSA.
Resolution:
When you get the HSM signing instance, specify the Security provider along with the signing algorithm.
Hi
I am trying to user RSA on J9. The algorithm is offered by the 'J9JCE' provider which is an installed extension(i listed all the existing providers and algorithms and found them) but the exception i get is:
Exception in thread "main" java.security.NoSuchAlgorithmException: JCE provider signer certificates not found/read
at javax.crypto.Cipher.getInstance(Cipher.java:191)
at Test.encript(Test.java:26)
at Test.main(Test.java:42)
I still don't know the answer to the problem but a workaround is to use the provider from Bouncy Castle which works fine.