I am using facebook login integration in my react-native app. Getting invalid hash key error with release key but debug key hash is working fine.
Environment :
"react": "16.0.0"
"react-native": "0.50.4"
"react-native-fbsdk": "^0.7.0"
You have to copy the Hash key of the error, than go to facebook for developer page, select your app, than go to Settings > General and enter the Hask key on the Hash key section. If you test it your Android emulator run this command: keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore | openssl sha1 -binary | openssl base64, copy the hash key and paste it also on your settings.
Have you tried add new key to FB app ? ( https://developers.facebook.com/apps/ )
Related
When i try to import certificate on server 2012 it say password incorrect.
I have check this post:
"The password you entered is incorrect" when importing .pfx files to Windows certificate store
And i exported:
openssl.exe pkcs12 -in 'C:\cert.p12' -out C:\key.pem And created the new cert: openssl.exe pkcs12 -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -export -in 'C:\key.pem' -out 'C:\newcert.pfx' -name "newcert"
But when i try to import in server 2012 keep saying password incorrect.
The top answer in that post adds -nomac, which you didn't. Instead of turning off the MAC entirely, you could also try -macalg sha1.
--Something witty here questioning the use of a 10 year old OS (that only has 13 months of security updates remaining)--
For those who need it, i finally got it. Before execute the command from the other post, you have to export .key and .crt from your .p12 or .pfx certificate.
I am trying to use the new SPM Collection signing utility found at https://github.com/apple/swift-package-collection-generator/tree/main/Sources/PackageCollectionSigner
But I honestly don't know how to get the necessary files.
Here is the definition:
USAGE: package-collection-sign <input-path> <output-path> <private-key-path> [<cert-chain-paths> ...] [--verbose]
ARGUMENTS:
<input-path> The path to the package collection file to be signed
<output-path> The path to write the signed package collection to
<private-key-path> The path to certificate's private key (PEM encoded)
<cert-chain-paths> Paths to all certificates (DER encoded) in the chain. The certificate used for signing must be first and the root
certificate last.
I understand the input-path and output-paths arguments but where do I get the PEM encoded private key and the DER encoded path chains?
Sorry if I am being naive, but this is just an area I have no experience with.
Any help about how I get/generate these files would be helpful.
thank you.
The private key you can generate yourself on the command line
openssl genrsa -out private.pem 2048
chmod 600 private.pem
Once you have the key, you will need to request a certificate that uses it. This can also be done on the command line:
openssl req -new -key private.pem -out signing.csr
Once you have that, you can go to developer.apple.com and click on the "Certificates, Identifiers and Profiles" section, then click on the "Certificates" tab. Click the blue plus button, choose the "Swift Package Collection Certificate" option and click Continue.
It will ask you to upload a CSR, so click Choose File and select the signing.csr file you just created. Download the generated certificate and rename it to signing.cer and you should be ready to go.
*Once you're done this, you can delete the signing.csr file.
I am using command line tool "keytool" to create a key pair in softhsm.
I have added security.provider in java.security.
# List of providers and their preference orders (see above):
security.provider.1=sun.security.provider.Sun
security.provider.2=sun.security.rsa.SunRsaSign
security.provider.3=sun.security.ec.SunEC
security.provider.4=com.sun.net.ssl.internal.ssl.Provider
security.provider.5=com.sun.crypto.provider.SunJCE
security.provider.6=sun.security.jgss.SunProvider
security.provider.7=com.sun.security.sasl.Provider
security.provider.8=org.jcp.xml.dsig.internal.dom.XMLDSigRI
security.provider.9=sun.security.smartcardio.SunPCSC
security.provider.10=sun.security.mscapi.SunMSCAPI
security.provider.11=sun.security.pkcs11.SunPKCS11
${java.home}/lib/security/pkcs11.cfg
and My pkcs11.cfg looks like
name = SoftHSM v2
library = C:/SoftHSM2/lib/softhsm2-x64.dll
slot = 0
While running
keytool.exe -keystore NONE -storetype PKCS11 -list
I am getting the error
keytool error: java.security.KeyStoreException: PKCS11 not found.
Can you please help?
I want to ask a thing about digital signing I am not very sure.
Instead of creating a self signed certificate to use to sign some (PDF) files, I wanted to take my SSL cert which have my data already verified.
But the question is: Can a SSL cert be used to digital sign files or is it incompatible in some manner?
EDIT: To clarify, this question is not about how to sign PDFs, is only about if a SSL cert can be used (or converted in any way) to sign files.
To support digital signing certificate must have digitalSignature option in it's keyUsage field (and codeSigning option in it's extendedKeyUsage field if your want to sign programs with it).
Signing may be done with existing tools or manually (java example, you are not asking for it, but this code snippet might be useful anyway):
byte[] bytesToSign = loadMyData();
KeyStore ks = KeyStore.getInstance("pkcs12", "SunJSSE");
ks.load(new FileInputStream("cert.p12"), "passwd1".toCharArray());
PrivateKey privateKey = (PrivateKey) ks.getKey("myalias", "passwd2".toCharArray());
Signature sig = Signature.getInstance("SHA1withRSA", ks.getProvider());
sig.initSign(privateKey);
sig.update(bytesToSign);
byte[] signature = sig.sign();
To make your own not self-signed certificate with openssl see this SO answer.
Also curious about signing PDF's - aren't separate hash sums of these files enough in your case?
edit: if you want any sign, not exactly X.509 sign by existing tools, you can extract RSA key from your cert and do signing without bothering about keyUsage field.
At the core, the certificate is just a normal RSA public key that's been signed by several authorities.
So yes, definitely possible.
Though I don't know of any easy-to-use widespread tools for the end-user for this.
Yes, you can sign and verify the signature of files using SSL certificates
Here is an example:
SSLCERT='/XXXX/ssl/certs/fqdn.pem'
SSLKEY='/XXXX/ssl/private_keys/fqdn.pem'
# You might not need to specify a CA
CACERTFILE='/XXXX/ssl/certs/ca.pem'
# File to sign
FILE='YYYYYYY'
# Signs, needs ${SSLKEY} and ${FILE}
openssl dgst -sha512 -sign ${SSLKEY} -out ${FILE}.sha512 ${FILE}
# Then transfer the following files to another server:
# - ${CACERTFILE}
# - ${SSLCERT}
# - ${FILE}
# - ${FILE}.sha512
# Check the certificate is valid
openssl verify -verbose -CAfile ${CACERTFILE} ${SSLCERT}
# Extract the pub key from the cert
openssl x509 -in ${SSLCERT} -pubkey -noout > ${SSLCERT}.pub
# Check the signature
openssl dgst -sha512 -verify ${SSLCERT}.pub -signature ${FILE}.sha512 ${FILE}
I have an issue with SSO using the Facebook SDK for Android. The problem occurs only when the native Facebook application is installed. When it's not installed, everything works fine, specifically:
Facebook facebook = new Facebook(APP_ID);
facebook.authorize(mActivity, , new DialogListener() {
...
});
facebook.isSessionValid(); // returns true
But when the native application is installed, facebook.isSessionValid() still returns false despite the fact that I called the authorize method.
I should add that I created an native Android based Facebook application with the hashkey generated from my debug certificate using keytool.
keytool -exportcert -alias androiddebugkey -keystore ~/.android/debug.keystore | openssl sha1 -binary | openssl base64
What is going on?
SOLVED! :)
I sure hope this will work for you as well.
The problem is that Windows generates an invalid key.
Run this with your app:
try {
PackageInfo info = getPackageManager().getPackageInfo("**YOURPACKAGENAME**", PackageManager.GET_SIGNATURES);
for (Signature signature : info.signatures) {
MessageDigest md = MessageDigest.getInstance("SHA");
md.update(signature.toByteArray());
Log.i("PXR", Base64.encodeBytes(md.digest()));
}
}
catch (NameNotFoundException e) {}
catch (NoSuchAlgorithmException e) {}
Don't forget to get Base64 (http://iharder.sourceforge.net/current/java/base64/).
The generated key is on your logcat, replace the old one with this.
Solution thanks to:
http://p-xr.com/implementing-facebook-into-your-app-invalid-key-with-keytool/
In addition to what Lior wrote
you can do the log like this:
Log.d("KeyHash:", Base64.encodeToString(md.digest(), Base64.DEFAULT));
so you can use Andorid Base64
ref: Invalid Key Hash Troubleshooting