How to resolve error Salt must be 8 bytes long - itext

I am writing a program to sign a pdf using certificate (pfx file). For few of the certificates I am getting below exception.
java.security.InvalidAlgorithmParameterException: Salt must be at least 8 bytes long
This happens when I execute the below code.
Keystore ks = KeyStore.getInstance("pkcs12");
I am getting an exception in the below java file at line number 123.
http://grepcode.com/file/repository.grepcode.com/java/root/jdk/openjdk/8-b132/com/sun/crypto/provider/HmacPKCS12PBESHA1.java?av=h

Your keystore has one or more certificate(s) that has a salt length which is less than 8. The crypto program requires atleast 8 bytes.
I would recommend creating a new keystore with just the one certificate that you need and try signing with that.

I resolved the exception using pkcs12-DEF keystore. I have added my code lines below.
BouncyCastleProvider provider = new BouncyCastleProvider();
Security.addProvider(provider);
KeyStore ks = KeyStore.getInstance("pkcs12-DEF");
Earlier I had not added BountyCastleProvider to Security, because of which I was not able to get instance of pkcs12-DEF keystore.
Apart from this I have also downloaded jar files from http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html location and replaced it with jar files present in Java\Jdk1.7\jre\lib\security. These are JCE 7 Unlimited strength policy files.

Related

Unity 3D -- Failed to sign APK - while i have given correct keystore and password

i was building my sign apk, there was no issue. but suddenly its start giving me error of "Failed to sign APK Package."
my keystore is correct,
password is correct,
alias is correct....
** This is the error below **
Failed to sign APK package.
D:\Plugins\Android_SDK\build-tools\27.0.3\apksigner.bat sign --ks "G:/__KeyStore/ormeoo.keystore" --ks-pass stdin --ks-key-alias "ormeoo" --key-pass stdin "F:\Projects\Current Working_2\OR - 98% Impossible Monster Car\Temp/StagingArea/Package.apk"
Perhaps another work around;
Try changing the Build System to Gradle (New) instead of Internal (Default).
Hope it helps..

Digital signature with iText and beID (using 2048 RSA key) on JDK8

When used under JKD8, the signature of PDF files using iText and beID (with RSA key 2048 bits) will throws an exception: RSA key must be at most 1024 bits
26/09/2014 10:48:36 [exitApplication] [SEVERE] - exitApplication with status 1
java.security.InvalidKeyException: RSA key must be at most 1024 bits
at sun.security.pkcs11.P11Signature.checkKeySize(P11Signature.java:363) at sun...
at sun.security.pkcs11.P11Signature.engineInitSign(P11Signature.java::427)
at java.security.Signature$Delegate.engineInitSign (Signature.java:1129)
at java.security.Signature.initSign (Signature;java:512)
at com.itextpdf.pdf.security.PrivateKeySignature.sign(PrivateKeySignature.java:115)
at com.itextpdf.pdf.security.MakeSignature.signDetached(MakeSignature.java:152)
Use an updated version of the middleware that fixes this bug:
Reported Issue
This issue should be fixed in the future release build (v410), which you can find on http://eid.belgium.be/en/using_your_eid/installing_the_eid_software/windows/

BlackBerry10 application is not signing properly due to keystore issue

I am creating a sencha application and i want to run it on BB10 device. I have requested for signin Key files from BlackBerry and received two .csj registration files by mail . For signing my application i am using this command :
blackberry-signer –register –csjpin 01234567 –storepass mcube F:\BB10Key-28Feb\client-PBDT-1975809.csj F:\BB10Key-28Feb\client-RDK-1975809.csj
It gives error :
"Error: Keystore load: DerInputStream.getLength(): lengthTag=109, too big."
I don't have any idea about it that how it will be solve .
Welcome to StackOverflow.com
I think you are passing wrong files to the signer.
blackberry-signer -register -csjpin <csj pin>
-storepass <KeystorePassword> <client-RDK-xxxxxx.csj file>
<client-PBDT-xxxxx.csj file>
I see you are passing PBDT key first in place of RDK key.
Your code would be like this (please do not copy paste this command when signing yourself as this is for demo puposes only)
blackberry-signer –register –csjpin 01234567 –storepass mcube F:\BB10Key-28Feb\client-RDK-1975809.csj F:\BB10Key-28Feb\client-PBDT-1975809.csj
You should pass RDK key then PBDT key. Modify your bar signer tool command and run again with correct parameters. For more info visit Set up for signing BlackBerry 10 apps and Signing your BlackBerry 10 application.
If this solves your problem, check this as answer.

Exception while creating sp.xml using ssoadmin

I am facing this exception when I trying to create the sp.xml using the ssoadmin :
com.sun.identity.cli.CLIException: AdminTokenAction: FATAL ERROR: Cannot obtain Application SSO token.
Check AMConfig.properties for the following properties
com.sun.identity.agents.app.username
com.iplanet.am.service.password
at com.sun.identity.cli.LogWriter.log(LogWriter.java:109)
at com.sun.identity.cli.Authenticator.ldapLogin(Authenticator.java:170)
at com.sun.identity.cli.AuthenticatedCommand.ldapLogin(AuthenticatedCommand.java:144)
at com.sun.identity.federation.cli.CreateMetaDataTemplate.handleRequest(CreateMetaDataTemplate.java:113)
at com.sun.identity.cli.SubCommand.execute(SubCommand.java:291)
at com.sun.identity.cli.CLIRequest.process(CLIRequest.java:212)
at com.sun.identity.cli.CLIRequest.process(CLIRequest.java:134)
at com.sun.identity.cli.CommandManager.serviceRequestQueue(CommandManager.java:573)
at com.sun.identity.cli.CommandManager.(CommandManager.java:171)
at com.sun.identity.cli.CommandManager.main(CommandManager.java:148)
And I also tried adding something like this in the ssoamdin.bat :
-D"com.iplanet.am.naming.map.site.to.server=https://lb.example.com:443/openam=http://server1.example.com:8080/openam"
But the same exception...
How to fix it?
Thanks in advance,
The 'map-to-site' property is only needed if you have a site configured an the host where you run ssoadm is not able to talk to the siteURL.
You may set -Dcom.iplanet.services.debug.level=message -Dcom.iplanet.services.debug.directory=WRITABLE_EXISTING_DIRECTORY' as JVM options within ssoadm.bat.
You may then look into the debug directory you should find a pointer what's wrong.
The above got sorted in my case when i went to the ssoadmin folder openam/bin and found the ssoadm.bat file and opened it in the edit mode and added the following two lines in the java comaand :
-D"javax.net.ssl.trustStore=F:\tomcatsslkeystore" (tomcat keystore path)
-D"javax.net.ssl.trustStorePassword=tomcatsslkeystore" (tomcat keystore password)

Bouncycastle: CertificateFactory.generateCertificate gives "sequence wrong size for a certificate" on one machine but not on another

I’m trying to open a p7b file and read the CA certificates out of it. Below is my code. It works fine in one machine but in another machine the call to certFactory.generateCertificate throws exception
Error Message:java.lang.IllegalArgumentException: sequence wrong size for a certificate
On both machines I have the same p7b file, and the same bouncycastle jars. The machine where is works is a Windows Xp and the one where it doesn’t work is a Windows 2007 server machine. It is a 64 bit machine but I’m using the 32 bit jvm only.
CertificateFactory certFactory = CertificateFactory.getInstance("X.509",
new BouncyCastleProvider());
java.security.cert.Certificate cert = null;
FileInputStream inStream = new FileInputStream("");
ArrayList<java.security.cert.Certificate> certificates = new ArrayList<java.security.cert.Certificate>();
CAService caService = null;
caService.getCertificateAuthority().setCaCerts(new ArrayList<String>());
while ((cert = certFactory.generateCertificate(inStream)) != null)
{
certificates.add(cert);
StringWriter swrtr = new StringWriter();
PEMWriter writer = new PEMWriter(swrtr);
writer.writeObject(cert);
writer.flush();
caService.getCertificateAuthority().getCaCerts().add(swrtr.toString());
}
I even wrote a standalone program and I’m running even explicitly specifying the java.exe to use but I’m facing the same exception on that machine alone.
c:\jdk1.5.0_14\jre\bin\java.exe -classpath .;bcprov-jdk15-143.jar MSCAConfigurator
Exception in thread "main" java.security.cert.CertificateException: java.lang.IllegalArgumentException: sequence wrong size for a certificate
at org.bouncycastle.jce.provider.JDKX509CertificateFactory.engineGenerateCertificate(Unknown Source)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:271)
at MSCAConfigurator.main(MSCAConfigurator.java:31)
Caused by: java.lang.IllegalArgumentException: sequence wrong size for a certificate
at org.bouncycastle.asn1.x509.X509CertificateStructure.<init>(Unknown Source)
at org.bouncycastle.asn1.x509.X509CertificateStructure.getInstance(Unknown Source)
at org.bouncycastle.jce.provider.JDKX509CertificateFactory.readPEMCertificate(Unknown Source)
I have the unlimited strength policy jars present.
C:\jdk1.5.0_14\jre\lib\security>dir *.jar
Volume in drive C has no label.
Volume Serial Number is D214-CB94
Directory of C:\jdk1.5.0_14\jre\lib\security
09/13/2004 04:12 PM 2,486 local_policy.jar
09/13/2004 04:12 PM 2,472 US_export_policy.jar
What’s wrong with this machine? Someone please help before I shoot myself.
Cross-posted and apparently resolved the issue here http://www.coderanch.com/t/528193/Security/CertificateFactory-generateCertificate-gives-sequence-wrong
According to the javadocs, CertificateFactory.generateCertificates() support the PKCS#7 format but CertificateFactory.generateCertificate() does not.