i am not familiar with cryptography,there is requirement in my project that i have to send json data in encrypted form that is using s/mime or x509 certificate.i am using resteasy
Please help me
thank you
You basically have to use SSL - HTTPS. It shouldn't matter for your Java App what transmission is used but your JBoss admins must set up connectors/listeners - usually 8443 and install SSLs.
Related
So what i would like is a secure connection between my phone (java) and my raspberry pi.
I already made a custom server with the help of autobahn wich is on my github (i can't post more link...).
And i don't understand why the client doesn't need any keys or anything to connect to the server.
I followed the readme here in order to create my key there (i know that i should not share them, but i will recreate my own keys when the project will be finished).
And i've found that for the Java-websocket module it needs some keystore to run. And i think that having a storepass and keypass like this in a .java is not secure at all, isn't it ?
what java need is the certificate to confirm the validity of the autosigned key.
the python client trust automatically all certificate.
Here is the server : https://github.com/flyingrub/SSWOD
And here the server : https://github.com/flyingrub/SecureKey
I have a question about how to send password over the wire from the GWT web app to the server.
My client talks to server using HTTPS. My understanding is that GWT RPC uses HTTP POST to communicate. So I assume it is OK to send plain-text password using GWT RPC.
Am I wrong? Is there any other options for sending password securely between GWT client and server?
Many thanks
There will be no problem because you are laready using HTTPS.
If still you have a narrow edge in mind then you can send the strings like passwords..account numbers in a secured way by using a thirdparty light weight library called GWT-Crypto.
It uses TripleDesCipher to encrypt your strings with an byte array key(known by you only).
Here is an example ,and not exactly but some related question here.
GWT is not different to any other browser app. Almost authentication systems use the same approach: send password using POST over HTTPS.
You are right that it is OK to send plain-text password using GWT RPC
This might help
1) GWT/Javascript client side password encryption
2) GWT with SSL security
I'm interested if Google App Engine provides a way to use a X.509 Certificate to create a HTTPS connection (the server where I have to connect provides the public certificate - to encrypt data that I send and the private key to decrypt the data received from that server).
According to this post https://groups.google.com/forum/?fromgroups#!topic/google-appengine-python/C9RSDGeIraE it's not possible but 3 years passed since this answer was posted.
SSL client certificates are not currently supported. The feature request is here.
AppEngine has the ability to work with SSL certificate on your custom domain, that means the you can assign a certificate to a domain that is running on the AppEngine.
You cannot AFAIK make a request and provide a custom certificate per request.
Documentation on AppEngine SSL.
I need to call a webservice from a Java stand-alone application. The webservice requires client-auth access and it has a https:// url.
The user of the application should provide a p12 certificate and a pin code in order to gain access to the webservice.
The customer provided me an example certificate to test the webservice, but I actually have no idea how to implement it.
In the real application the certificate is stored in a smartcard (pkcs#11).
Where should I have to see to find a howto or some examples? Thanks...
i have an existing java client code which calls an asmx webservice. However the asmx webservice is being deprovisioned and is migrating to a secure webservice(svc).
As far i can understand i have to change the endpoint url and https from http in the url.
and then recreate the client code using the new WSDL.
However i also have to send a certificate along with every request, can anyone help me on how to do that using java?
Let me know if you need more information.
Many Thanks
You have to import the public key of the server you want to communicate in the client trust store. JDK provided Keytool can be used to import certificate into the truststore.
You have to specify the trust store details in the client VM. The following parameters have to bet set on the client VM to specify the trust store:
javax.net.ssl.trustStore - The location of the trust store file which has the public keys of the servers it wants to communicate.
javax.net.ssl.trustStorePassword - The passowrd of the trust store.
References:
Java SSL
Key Store Vs Trust Store