I have been attempting to encrypt a text file with the PGP encryptor in my Mule flow and have so far been unsuccessful. I am executing against the CloudHub Mule Runtime (Dec 2013) as I intend to deploy to CloudHub.
I have used GnuPG to generate the binary public key from the .asc file provided to me by my client and put the resulting .gpg file in my src/main/resources directory. Even though it doesn't seem like I should have to I generated my own secret gpg keyring and provided that in my application as well.
When I attempt to run my flow it keeps giving me an NPE:
Root Exception stack trace:
java.lang.NullPointerException
at org.mule.module.pgp.KeyBasedEncryptionStrategy.checkKeyExpirity(KeyBasedEncryptionStrategy.java:100)
at org.mule.module.pgp.KeyBasedEncryptionStrategy.safeGetCryptInfo(KeyBasedEncryptionStrategy.java:87)
at org.mule.module.pgp.KeyBasedEncryptionStrategy.encrypt(KeyBasedEncryptionStrategy.java:54)
I'm not sure what is causing this. Any ideas?
UPDATE:
I've updated to use the latest version of AnyPoint Studio with the 3.5.1 runtime and get the same error, on line 98 this time which is the same line of code.
UPDATE AND MY SOLUTION:
I got it to work. It was an error on my part. I had a principal in the Encryption element that was overriding the principal from the Global element. I had placed this principal in the configuration to overcome an initial error telling me it was required. Removing this principal seems to have resolved all of my problems.
ANOTHER UPDATE
I can successfully encrypt using the pub and sec keys provided in a Mule blog post, however, attempting to use the gpg file that I exported from the public key (.asc file) that my client provided but I again get the NPE mentioned above. I have followed all the steps I can find for importing their key into my keyring and exporting it as a binary. I'm stumped.
FINAL UPDATE
So it turns out the success with the keys from the Mule blog were giving me a success that I didn't completely understand. Turns out that I was not properly setting the Principal value. I was setting the principal according to what I thought it should be for the secret keyring, when, as I found out, it is actually for the public key ring. All seems to be working now.
Related
I'm trying to integrate Paytm in my android application,
When I try to Initiate Transaction API as per documnetation in https://developer.paytm.com/docs/initiate-transaction-api/ I get this error:
Type com.paytm.pg.AppTest is defined multiple times: /home/gowthamn/.gradle/caches/transforms-2/files-2.1/80727521e63bd8147327c9aae576f6b7/jetified-PaytmChecksum.jar:com/paytm/pg/AppTest.class, /home/gowthamn/.gradle/caches/transforms-2/files-2.1/80727521e63bd8147327c9aae576f6b7/jetified-PaytmChecksum.jar:target/test-classes/com/paytm/pg/AppTest.class.
Changes I did in Code are mentioned below:
I added implementation 'com.paytm.appinvokesdk:appinvokesdk:1.2' in app level build.gradle.
I added maven {
url "https://artifactory.paytm.in/libs-release-local"
} in project level build.gradle
Also paytmchecksum.jar file from https://github.com/Paytm-Payments/Paytm_Web_Sample_Kit_Java/tree/master/Java%20Kit%201.8
I have searched in google about this error. Some suggested to remove the paytmchecksum.jar file.
But if I remove the jar file, I don't find CheckSumServiceHelper.java in code which is used to genrate checksum.
After long research I found that CHECKSUM cannot be generated from android locally.
Don't know the reason but when I used xampp to generate CHECKSUM, it worked.
We do not recommend to generate checksum at App side, Checksum should be generate at server side.
As per paytm official document, init_transaction token must be generate on your server only.
Second thing you don't need to add checksum.jar file because the checksum and transaction token both are different. In paytm All-in-one SDK you need to get transaction token not checksum.
So please use your server to generate transaction token.
You can get generate transaction token php code and android code from here
I'm trying to write a program in Java that will digitally sign database entries prior to insertion. I would like for the program to be algorithm-independent - ideally, the user would specify the JCE provider and algorithm as arguments at runtime.
Is there a way to do this? I've been testing with the BouncyCastle provider, and the code runs fine when I dynamically register it:
Security.addProvider(new BouncyCastleProvider());
However, when I try to statically register the provider by adding the following lines to the end of my security/java.policy file, I get the error: java.security.NoSuchProviderException: no such provider: BC when I try to get an instance of a Security object using the provider.
security.provider.1=sun.security.provider.Sun
security.provider.2=org.bouncycastle.jce.provider.BouncyCastleProvider
Specifically, I added those lines to /etc/java-7-openjdk/security/java.policy (which is linked to $JAVA_HOME/jre/lib/security/java.policy). This is on Ubuntu 12.04. I also tried just adding the BouncyCastleProvider as the first entry and got the same error.
Am I configuring the static registration wrong or is what I am attempting impossible?
I think you are adding the static registration into the wrong file.
Use security.policy instead of java.policy within the same folder.
See: https://www.bouncycastle.org/wiki/display/JA1/Provider+Installation
We are using the HSM(Hardware Security Module) for the signing and encryption from our java application.
We have plugged the HSM to our JVM using the java.security property file using the following entry
security.provider.11=sun.security.pkcs11.SunPKCS11 D:/security/safenet.cfg
It was working fine all these days and suddenly we encountered a error as follows.
java.security.SignatureException: RSASignature::engineSign sun.security.pkcs11.P11Key$P11PrivateKey cannot be cast to java.security.interfaces.RSAPrivateKey
We did the enough searching on google but not able to identify the root cause.
Appreciate any help
Thanks
We also encountered the same issue. Specify the provider name when getting the Signing instance. When code to sign using HSM is called, there may some other piece of code in your application adding another provider [Security.insertProvider] which implements the same signing algorithm.
When your sign, you pass a parameter of Private Key handler for PKCS11 but the provider is expecting different Key handler of RSA.
Resolution:
When you get the HSM signing instance, specify the Security provider along with the signing algorithm.
I am trying to setup a payment gateway. For which I have setup a java bridge as the portal is a java machine. My setup is following :
Apache server
Tomcat 7
Java-6-open jdk
following is error from catalina.out
PospostSSL><Exception in encrypting data. algorithm DES/ECB is
not available from provider Cryptix>
<PostLib><postSSL><SFAApplicationException. Error while encrypting
data. Transaction cannot be processed.>
I have placed the cryptix32.jar in shared folder of tomcat. Also adding or removing line from java.security for cryptix provider is also not having any effect.
Please can any one tell me what needs to be done to get this error out.
So you are trying to set up a payment portal using DES and Cryptix? Then you are proposing to use Apache - probably with OpenSSL - as proxy. A proxy to a Java version that is basically end of life. And you are using one without commercial support.
"DES/ECB" is part of the standard SunJCE provider as well. No need for Cryptix there.
Please stop resurrecting the dead and go do something else.
I have been able to run decryption and encryption locally using the bouncycastle jars. I have generated keys that I want to put the public key a client (Java and Android) and the private key in a web service. I have been able to encrypt and encoded a message and send the encrypted message to the webservice (on a hosted service by Lunarpages), but the webservice decryption fails with a FileNotFoundException on the line
BouncyCastleProvider bc = new BouncyCastleProvider();
or
Security.addProvider(new BouncyCastleProvider());
The bcprov-ext-jdk14-146.jar and the bcprov-jdk14-146.jar is included in the web-inf lib directory.
Is there something I can do programmatic to enable this or does Lunarpages have to do something?
I couldnt even get a stacktrace to print for me and so I thought I might attempt a different provider to see if I get a better response - the SunJCE.
access denied (java.security.SecurityPermission insertProvider.SunJCE)
java.security.AccessControlContext.checkPermission(AccessControlContext.java:269)
java.security.AccessController.checkPermission(AccessController.java:401)
java.lang.SecurityManager.checkPermission(SecurityManager.java:524)
java.lang.SecurityManager.checkSecurityAccess(SecurityManager.java:1673)
java.security.Security.check(Security.java:1307)
java.security.Security.insertProviderAt(Security.java:697)
java.security.Security.addProvider(Security.java:757)
net.wpstudios.tcws.pgp.RSAEncrypt.generateKeys(RSAEncrypt.java:81)
javax.servlet.http.HttpServlet.service(HttpServlet.java:165)
javax.servlet.http.HttpServlet.service(HttpServlet.java:103)
com.caucho.server.http.FilterChainServlet.doFilter(FilterChainServlet.java:96)
com.caucho.server.http.Invocation.service(Invocation.java:315)
com.caucho.server.http.CacheInvocation.service(CacheInvocation.java:135)
com.caucho.server.http.RunnerRequest.handleRequest(RunnerRequest.java:346)
com.caucho.server.http.RunnerRequest.handleConnection(RunnerRequest.java:274)
com.caucho.server.TcpConnection.run(TcpConnection.java:139)
java.lang.Thread.run(Thread.java:534)
Does the FileNotFound exception matter? Obviously the caucho server setup is using access restrictions on adding providers. Never mind that, if you want to develop some application level encryption/decryption you can simply use the bouncy castle crypto API directly. It's not as friendly as the JCE but it is useable enough. This might not work if you want to use a library that in its turn uses the JCA/JCE framework though.
Lunarpages is to change the permissions or add providers manually (using resin.conf, it seems), but it might be hard to change them just for you, unless you are the only one using the Java application server. It never hurts to ask I suppose.